Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Essentials of Internal Auditing > Governance > Flashcards

Governance Flashcards

1
Q

Standard 2100 - Nature of work, states that the internal audit activity must what in relational to the organisations governance, risk management and controls processes?

A

The internal activity must evaluate and contribute to the improvement of the organisations governance, risk management, and control processes using a systematic, disciplined, and risk based approach.

Internal audit credibility and value are enhanced when auditors are proactive and their evaluations offer new insights and consider future impact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The IPPF defines governance as

A

The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The IPPF defines risk management as

A

A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The IPPF defines control as

A

Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved.

Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the role of the Board in the context of GRC

A
  • To take the lead role in governance
  • providing strategic direction
  • Governance oversight
  • Sets the risk appetite
  • interacts directly with internal and external audit
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the role of senior management in the context of GRC

A
  • executing the strategy and governance on a day to day basis
  • accountable for risk management and control processes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What should the CAE do to devise an appropriate strategy for assessing GRC processes

A
  • Consider the level of maturity of the GRC processes.
  • The organization’s culture and the seniority of the individuals who maintain responsibility for the processes.
  • Assess the risks associated with the three processes.
  • Use established frameworks adopted by senior management (e.g COSO or ISO 31000) to guide the assessment.
  • Discuss relevant observations and conclusions with senior management.
  • Make recommendations to strengthen the processes and escalate significant observations to the board.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What documents may demonstrate conformance with standard 2100 - Nature of Work

A

Documents that may demonstrate conformance:

  • The internal audit charter
  • Internal audit plan
  • Minutes of meetings showing that GRC was discussed with the Board
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the 6 principles of the three lines model

A
  1. Governance
  2. Governing body roles
  3. Management and first and second line roles
  4. Third line roles
  5. Third line independence
  6. Creating and protecting value
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

According to standard 2110 Governance, the internal audit activity must assess and make appropriate recommendations to do what?

A

The internal audit activity must assess and make appropriate recommendations to improve the organisation’s governance processes for:

  • making strategic and operational decisions
  • overseeing risk management and control
  • promoting ethics and values within the organisation
  • ensuring effective organisational performance management
  • communicating risk and control information
  • coordinating and communicating information among the Board, external and internal auditors, other assurance providers, and management.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are stakeholders

A

Persons or entities affected by the activities of the entity.
For example - employees, shareholders, suppliers, neighbours…

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Examples of effective governance include

A
  • tone at the top
  • risk appetite and tolerance
  • culture
  • oversight of risk management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does standard 2110.A1 state the internal audit activity must evaluate in respect of ethics?

A

The internal audit activity must evaluate the design, implementation, and effectiveness of the organization’s ethics-related objectives, programs, and activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Standard 2110.A2 states the internal audit activity must assess whether the IT governance of the organisation supports what?

A

supports the organization’s strategies and objectives

The internal audit activity must assess whether the information technology governance of the organization supports the organization’s strategies and objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The IPPF states that IT governance consists of what?

A

Consists of the leadership, organizational structures, and processes that ensure that the enterprise’s information technology supports the organization’s strategies and objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Who has overall responsibility for IT governance?

A

IT governance is a shared responsibility of the board and senior management. That is, the board and senior management “own” IT governance. The board is responsible for overall strategic IT guidance. Senior management carries out the day-to-day direction of IT strategy execution.

17
Q

What does effective IT governance look like

A

IT strategies are aligned with organizational objectives.

The board and senior management understand the potential and limitations of IT.

IT senior management understands organizational objectives and needs.

An IT governance structure is used to apply and monitor this understanding.

Risks are identified and managed properly.

IT investments are optimized to deliver value.

IT performance is defined, measured, and reported using meaningful metrics.

IT resources are managed effectively.

18
Q

A typical IT governance framework consists of what 5 key areas

A 
Strategic alignment
Risk Management
Value Delivery
Performance Measurement
Resource Management
19
Q

IT audits should include what types of engagements

A

Assurance and consulting

20
Q

Audits of IT governance should focus on the organisation’s implementation of what

A

Internal audits of IT governance should focus on the organization’s implementation of governance practices, which include clearly defined policies, roles, and responsibilities, risk appetite alignment, effective communication, tone at the top, management of IT value, and clear accountability.

Essentials of Internal Auditing (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions