Chapter 2 Independence, Objectivity, Proficiency, Care, and Quality Flashcards
Interpretation Standard 1100 stats that independence is defined as.
The freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner.
Attribute Standard 1100 states that the internal audit activity must poses which two qualities when performing their work.
Internal audit activity must be independent and objective in performing their work.
To achieve organizational independence in order to carryout out the responsibilities of the internal audit activity to who must the CAE have direct and unrestricted access to and how is this achieved?
direct and unrestricted access to senior management and the board.
This can be achieved through dual reporting relationships.
To whom must the CAE confirm the organizational independence and how often?
To the board of directors on an annual basis.
Organizational independence is achieved when the CAE reports to?
How can the CAE ensure that the internal audit activity to fulfills it’s responsibilities?
Functionally to the BOD
The CAE must report to a level within the organization that allow the internal audit activity to fulfill its responsibilities.
Examples of functional reporting by the CAE to the the board involve
- Approving the IA Charter, risk based IA plan, approving IA budget,
- Receiving communications from the CAE on IA performance relative to its plan
- Approving decisions regarding the appointment and removal of the CAE
- Approving remuneration of CAE
- Making appropriate inquiries of management and the CAE to determine if there inappropriate scope and resource limitations
A _____ line to the _____ provides the CAE with direct board access for sensitive matters and enables sufficient organizational status.
Functional
Board
The CAE also has a __________ line to senior management, which further enables ________.
administrative reporting
the required stature and authority of internal audit to fulfill responsibilities.
The IIA recommends that the CAE report administratively to the ____ so that the CAE is in ____.
Chief Executive Officer CEO
a senior position, with authority to perform duties unimpeded.
Where can you find the audit committees oversight duties?
In the internal audit charter and the audit committee charter
How is it demonstrated that the internal audit activity it independent of the organization and objective in performing work,
- The IA and Audit committe charter describe the AC’s oversight duties
- CAE’s job description and performance evaluation, noting reporting relationships and supervisory oversight
- Internal audit policy addresses independence and board communication requirements or organization chart with reporting responsibilities.
For internal audit activity to be independent, what type of interference must the IAA be free from…
1) in determining the scope of internal audit
2) performing work
3) communicating results.
Such interference must be disclosed to the board and discuss implications.
True or false - The CAE must have limited access to the board.
False - The CAE must communicate and interact directly with the board and must not be limited.
True or False - It is not recommended that the CAE report to controller, accounting manager, or mid-level functional manager
True - Typically would NOT report to a controller, accounting manager, or mid level manager.
True or False
Objectivity is an attribute of the internal auditor, while independence is an attribute of the internal audit activity
True
Objectivity is an attribute of the internal auditor, while independence is an attribute of the internal audit activity
What is objectivity?
An unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work product and that no quality compromises are made.
Objectivity refers to an internal auditor’s___________, which is facilitated by avoiding conflicts of interest.
Impartial and unbiased mindset
Typical situations that undermine objectivity include:
- Auditing an area where an internal auditor recently worked (less than 1 year)
- auditing a family or close friend
- assuming without evidence that an area under audit is acceptable based on prior positive experience.
How does the CAE establish objectivity of individual auditors?
The CAE must establish policies and procedures such as
1) Periodic reviews of conflict of interest or as needed assessments during staffing requirements phase of the engagement
Who is responsible for maintaining objectivity
Responsibility rests on the CAE as well as the Internal auditors themselves
What must one do if independence or objectivity is impaired?
The details must be disclosed to the appropriate party and the nature of the disclosure will depend upon the impairement
Examples of impairment to independence and objectivity include:
- Personal conflict of interest
- scope limitations
- restrictions on access to records, personnel, and properties
- resource limitations such as funding.
Examples of organizational independence impairment include
1) CAE has broader functional responsibility and:
a) Executes audit of functional area also under the CAE
b) Executes an audit within his/her supervisor’s functional responsibility
2) CAE does not have direct communication or interaction with the board
3) Budget for internal audit activity is reduced to the point where internal audit cannot fulfill it’s responsibilities as outline in the charter
Examples of objectivity impairment include:
1) Internal auditor audits area in which he/she use to work
2) Internal auditor audits an area where a relative or close friend is employed
3) Internal auditor assumes, without evidence, that an area being audited ha s effectively mitigated risks based solely on prior positive audit or personal experience.
4) Modifies the planned approach or results based on the undue influence or of another person, without appropriate justification.
Who should you notify if an impairment is”
1) not real
2) is real
3) comes to light after audit has been executed
1) CAE may discuss in engagement planning meetings with the operating management, document the discussion, and explain why concern is without merit.
2) Discuss with board and senior management and seek their support to resolve situation
3) discuss with operating and senior management, as well as the board.
What is a scope limitation
A restriction placed on the internal audit activity that precludes the activity from accomplishing its objectives and plans.
Examples of scope limitations include restrictions to
1) Scope defined in the internal audit charter
2) access to records, personnel and physical properties
3) approved engagement work schedule
4) performance of necessary engagement procedures
5) approved plan and financial l budget
scope limitations should be communicated to and how:
the board and in writing
True/False
Internal auditor’s objectivity can be impaired if they provide recommendation standards.
False. Internal auditors may provide recommendations
The appearance of objectivity cannot be maintained when the auditor is has responsibility for any of the following as well as auditing or reviewing
Design, installs, implementation or drafting procedures.
True/False
An auditor may audit a department they used to work for.
No Objectivity is presumed to be impaired if the auditor provides assurance services for an activity for which the auditor had responsibility within the previous year
If the CAE has or is expected to have roles and or responsibilities that fall outside of internal auditing…
Safeguards must be in place to limit impairment to independence or objectivity
What are examples of safeguards to organizational independence or individual objectivity of the internal auditor
Safeguard are those oversight activities, often undertaken by the board, to address these potential impairments, and may include such activities as periodically evaluating reporting lines and responsibilities and developing alternative processes to obtain assurance related to the areas of additional responsibility.
Assurance engagements for functions over which the CAE has responsibility must be overseen…
by a party outside the internal audit activity.
Under which circumstances may the Internal Audit Activity provide assurance services where it had previously performed consulting services
When the nature of the consulting did not impair objectivity and provided individual objectivity is managed when assigning resources to the engagement
True/False
Internal auditor may not provide consulting services related to operations for which thy had previous responsibilities
False
Internal auditor MAY provide consulting services related to operations for which thy had previous responsibilities
What must the internal auditor do if he has potential impairments to independence or objectivity relating to proposed consulting services?
Disclosure must be made to the engagement client prior to accepting the engagement.
Engagements to not need to be performed with proficiency and due care
False, of course they do, its one of the ethical standards
Who is responsible for conformance to proficiency and due professional care standard
The CAE is responsible for ensuring conformance for the Internal Audit Activity, however, the individual internal auditor is responsible at each engagement
Internal auditor and the Internal Audit Activity must possess the following to be proficient.
Knowledge, skills and other competencies needed to perform their individual responsibilities. Individually (Internal Auditor) and collectively (Internal Audit Activity)
What two specific areas must internal audit possess sufficient knowledge to evaluate
1) Risk of fraud and manner in which the organization manages it
2) key information technology risk and controls and available technology based audit techniques to perform assigned work
However the internal auditor is not expected to have the level of expertise of an internal auditor whose primary responsibility is fraud or information technology.
True/False
The CAE may accept a consulting engagement and does not need to obtain competent assistance if the internal auditors lack the knowledge skill and other competencies needed to perform all or part of the engagement.
False.
The CAE must decline the engagement or obtain advice and assistance if the internal auditors lack the knowledge, skills or competencies needed.
Competency is defined as…
The ability to perform a task or job properly. Defined set of knowledge, skills and behavior.
How does the CAE build proficiency of the internal audit activity.
By developing competency assessment tolls or skills assessments based on the Competency Framework or another benchmark. (e.g. mature internal audit activity)
The 10 interdependent core competencies of the Competency Framework include.
1) Professional Ethics
2) Internal Audit Management
3) IPPF
4) Governance, Risk, and control
5) Business Acumen
6) Communications
7) Persuasion and Collaboration
8) Critical Thinking
9) Internal Audit Delivery
10) Improvement and Innovation
Business Acumen is
An understanding of the organizational culture, the economy in which it operates, and the global and local conditions that affect its operations.
If the internal audit staff is not able to fulfill the audit responsibilities
the use of external service providers must be considered
True or False
An organization may outsource none, all or some of it’s internal audit activities
True
True or False
Oversight of and responsibility for the internal audit activity may be outsourced.
False.
Oversight of and responsibility for the internal audit activity may NOT be outsourced.
