CIA Par 2 - CH 1 Flashcards
Internal Audit Policies and Procedures
The Standards state the the CAE MUST establish policies and procedures to guide the internal audit activity. Therefore, the CAE or head of internal audit is responsible to formulate policies and procedures for the planning, organizing, directing, and monitoring of internal audit operations.
- Form and content is dependent on the size and structure of the IA Activity and the complexity of its work.
- Large may have formal IA operations manual that includes the policies and procedures
- Small (or less mature) may have not have a manual and instead have policies and procedures published in separate documents.
Budgeting and Resources Management
The CAE must ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan.
(a) Appropriate - refers to a mix of knowledge, skills, and other competencies needed to perform the plan
(b) Sufficient - refers to the quantity of resources needed to accomplish the plan
(c) Effectively Deploying Resources - means that the resources are used in a way that optimizes the achievement of the approved plan.
Three Levels of Planning
- Internal Audit Plan - for each period, an internal audit plan is developed that covers the planned audits of the internal audit activity during the period. This plan would be the result of the risk assessment of the entire organization. The plan would detail what engagements are planned to be during the period.
- Engagement Plan - for each engagement, the IA develops an audit plan which is based on detailed risk assessment of the engagement area and identifies the engagement objectives.
- Engagement Work Program - lists detailed procedures that should be conducted by the auditor to achieve specific audit objectives that will achieve the engagement objectives.
Effective Regulatory Compliance Program (CH2)
Org should be documenting employee discipline. The org should be able to provide that it made its best efforts to collect info with regards to any incident & took appropriate action based upon the info available.
Financial Statements & Corporate Governance (CH3)
Internal audit activity must evaluate the effectiveness and continue to the improvement of risk management process.
IA provides assurance regarding financial reporting to management and the board.
Internal Audit Role (CH3)
Determining whether risk management processes are effective is a judgement resulting from IA’s assessment.
IA function may gather info to support assessment during multiple engagements. The risk management process es are monitored through ongoing management activities and/or separate evaluations.
Financial Statement & Corporate Governance (CH3)
Activity must evaluate risk exposures relating to organization’s governance, operations, and info systems.
Management’s Assertions (CH3)
Management implicitly or explicitly makes assertions about the measurement, presentation, disclosure of info in financial statements.
An audit of financial information follow the cycle approach to the internal accounting control cycle is a functional grouping of transactions ex: sales, AR, cash receipts, production, payroll, and etc.
Accounting Cycles (CH3)
Any action taken by management, board, other parties to manage risk, increases the likelihood that established objectives and goals will be achieved.
Control (CH3)
As IA must not assume that controls are adequate and effective. Non-discovery is most likely to suggest a violation of the IPFF.
Internal Auditors (CH3)
Sr. Management - Oversees the establishment, administration, and assessment of the system controls
Managers - Assess controls within their responsible areas
IA - Provide assurance about the effectiveness of existing controls
Roles & Responsibilities (CH3)
IA consider whether management monitors the costs and benefits if control and whether:
- resources used exceed the benefits
- controls create significant issues
The level of control should be appropriate to the relevant risk.
Evaluating the Efficiency of Controls (CH3)
