Exam Flashcards
by a governing body to stake-
holders for organizational oversight through
integrity, leadership, and transparency.
Accountability
(including managing risk) by manage-
ment to achieve the objectives of the organization through risk-based decision-making and application of resources.
Actions
by an independent internal audit function to provide clarity and confidence and to promote and facilitate continuous improvement through rigorous inquiry and insightful communication.
Assurance and advice
A considered process that includes
analysis, planning, action, monitoring,
and review, and takes account of
potential impacts of uncertainty on objectives.
Risk-based decision-making
Independent confirmation and confidence.
Assurance
Delegates responsibility and provides resources to management to achieve the objectives of the organization while ensuring legal, regulatory, and ethical expectations are met.
Governing body
Establishes and oversees an independent, objective, and competent internal audit function to provide
clarity and confidence on progress toward the achievement of objectives.
Governing body
Its responsibility is to achieve organizational objectives comprises both first and second line roles.
Management
An organized group of
activities, resources, and people
working toward shared goals.
Organization
Those groups and
individuals whose interests are served
or impacted by the organization.
Stakeholders
Those individuals
who are accountable to stakeholders for the success of the organization.
Governing body
Those individuals, teams,
and support functions assigned to
provide products and/or services to the
organization’s clients.
Management
Those individuals operating independently from manage-
ment to provide assurance and insight
on the adequacy and effectiveness of
governance and the management of risk (including internal control).
Internal audit
helps organizations identify
structures and processes that best assist the achievement
of objectives and facilitate strong governance and risk management
Three Lines Model
The model previously known as the Three Lines
of Defense.
Three Lines Model
Processes designed to provide reasonable confidence over the achievement of objectives.
Internal control
are human undertakings, operating in an increasingly uncertain, complex, interconnected, and volatile
world.
Organization
are most directly aligned with the delivery of products and/or services to clients of the organization, and include the roles of support functions
First line roles
provide assistance with managing risk.
Second line roles
Internal audit provides independent and objective assurance and advice on the adequacy and effectiveness of governance and risk management
Third line roles
It achieves this through the competent application of systematic and
disciplined processes, expertise, and insight. It reports its findings to management and the governing body to promote and facilitate continuous improvement. In doing so, it may consider assurance from other internal
and external providers
Third line roles
Internal audit’s independence from the responsibilities of management is critical to its objectivity, authority,
and credibility.
Third line independence
It is established through: accountability to the governing body; unfettered access to people, resources, and data needed to complete its work; and freedom from bias or interference in the planning and delivery of audit services.
Third line independence
All roles working together collectively contribute to the creation and protection of value when they are aligned with each other and with the prioritized interests of stakeholders.
Creating and protecting value
Alignment of activities is achieved through communication, cooperation, and collaboration. This ensures the reliability, coherence, and transparency of information needed for risk-based decision making.
Creating and protecting value
Accepts accountability to stakeholders for oversight of the organization.
Governing body
Engages with stakeholders to monitor their interests and communicate transparently on the achievement of objectives.
Governing body
Leads and directs actions (including managing risk) and application of resources to achieve the objectives of the organization.
First line roles
Maintains a continuous dialogue with the governing body and reports on: planned, actual, and expected outcomes linked to the objectives of the organization; and risk.
First line roles
Provides complementary expertise, support, monitoring, and challenge related to the management of risk
Second line roles
Provides analysis and reports on the adequacy and effectiveness of risk management (including internal control).
Second line roles
Maintains primary accountability to the governing body and independence from the responsibilities of management.
Internal audit
Communicates independent and objective assurance and advice to management and the governing body on the adequacy and effectiveness of governance and risk management (including internal control) to support the achievement of organizational objectives and to promote and facilitate continuous improvement.
Internal audit
Satisfy legislative and regulatory expectations that serve to protect the interests of stakeholders.
External assurance provider
Satisfy requests by management and the governing body to complement internal sources of assurance.
External assurance provider
Nurtures a culture promoting ethical behavior and accountability.
Governing body
Establishes structures and processes for governance, including auxiliary committees as required.
Governing body
Delegates responsibility and provides resources to management for achieving the objectives of the organization.
Governing body
Determines organizational appetite for risk and exercises oversight of risk management (including internal control).
Governing body
Establishes and oversees an independent, objective, and competent internal audit function.
Governing body
Maintains oversight of compliance with legal, regulatory, and ethical expectations.
Governing body
Establishes and maintains appropriate structures and processes for the management of operations and risk (including internal control).
First line roles
Ensures compliance with legal, regulatory, and ethical expectations.
First line roles
Reports impairments to independence and objectivity to the governing body and implements safeguards as required.
Internal audit
typically sets the direction of the
organization by defining the vision, mission, values, and organizational appetite for risk.
Governing body
The most senior individual in the organization with responsibility over operations.
Chief Executive Officer (CEO)
is accountable to, and sometimes described as being the “eyes and ears” of the governing body.
Internal audit
responsible for oversight of internal
audit, which requires: ensuring an independent internal audit function is established, including the hiring and firing of the Chief Audit Executive (CAE); serving as the primary reporting line for the CAE4; approving and resourcing the audit plan; receiving and considering reports from the CAE; and enabling free access by the CAE to the governing body, including private sessions without the presence of management.
Governing body
The most senior individual in the organization with responsibility for internal audit services, often known as the Head of Internal Audit or similar title.
Chief Audit Executive (CAE)
is most effective when it is adapted to align with the objectives and circumstances of the organization. How an organization is structured and how roles are assigned are matters for management and the governing body to determine.
Three lines model
