Internal Audit Process Flashcards

Question 1

Q

What is an audit?

Answer

A

Is an examination to verify the correctness of representations

Question 2

Q

What do internal auditor audits?

Answer

A

The reasonableness of financial information an the adequacy and effectiveness of internal control activities

Question 3

Q

True or False

A list of criteria is also required by the internal auditor to determine weather he/she is satisfied with a business unit/process

Question 4

Q

To audit is thus to:

Answer

A

Set up a list of criteria which you see as acceptable (“What should be in place”)
Measure the reality (condition) against these criteria (“What is in place”)
Obtain evidence to support your findings

Question 5

Q

What do internal audit refer an audit as?

Answer

A

An audit engagement

Question 6

Q

What does assurance services refer to?

Answer

A

To compliance audit engagements, financial audit engagements, operational audit engagements and system security audit engagements

Question 7

Q

What does consulting services refer to?

Answer

A

To advisory and related client service activities
Counselling
Providing advice
Facilitation
Training

Question 8

Q

Which levels within an organisation an audit engagement can be conducted?

Answer

A

Strategic level
Business level
Operational/Functional level

Question 9

Q

True or False
The internal auditor needs to understand the organization’s vision, mission, specific organizational objectives as well as strategies to achieve the set objectives

Question 10

Q

Why should the internal auditor need to understand the organization’s vision, mission specific organizational objectives and strategies to achieve the set objectives?

Answer

A

The internal auditor will use these organizational objectives to do a risk assessment and determine the specific engagement objectives

Question 11

Q

What is an vision statement?

Answer

A

A statement about what the organization wants to become: thus something the organization aspires to

Question 12

Q

What is an mission statement?

Answer

A

Defines the purpose of the organization; thus what an organization does. The mission is broken down into strategic objective for each business unti/process

Question 13

Q

Who are responsible for determining a vision and mission for the organization as a whole and for determining the strategic organizational objectives?

Answer

A

The senior management

Question 14

Q

What should the internal audit plan specify?

Answer

A

The engagement objectives to be achieved by the internal audit when performing assurance or consulting engagements

Question 15

Q

How should the internal audit plan be structured?

Answer

A

In such a way that the engagement objectives relate to the achievement of the overall organizational objectives

Question 16

Q

What is the strategic level audit engagement?

Answer

A

(Objective) of the organization

Question 17

Q

What is the strategic level organizational objectives?

Answer

A

To ensure the (objective/control) of the organization

Question 18

Q

Disclose operational business unit organizational objectives

Answer

A

To ensure an effective (department division)

Question 19

Q

State operational business process audit engagement

Answer

A

(Specific control process)

Question 20

Q

Disclose organizational objectives

Answer

A

To ensure an effective (control process)

Question 21

Q

True or False

Some organization are subject to certain risk or threats that could prevent the organization achieving its organizational objectives

Answer

A

False

All organization are subject to certain risk or threats that could prevent the organization achieving its organizational objectives

Question 22

Q

How is the risk of the organization determined>

Answer

A

First determine the objectives that were set by management.
After objectives are set by management, the risks threatening the achievement of objectives can be identified

Question 23

Q

What is engagement objectives according to the Standards?

Answer

A

Are board statements developed by internal auditors that define intended engagement accomplishments

Question 24

Q

What should the engagement objectives address?

Answer

A

The risks associated with the business unit/process under review

Question 25

Q

State 2200 Engagement planning

Answer

A

Internal auditor must develop and document a plan for each engagement including the engagement’s objectives, scope, timing and resource allocations. The plan must consider the organisation’s strategies, objectives, and risks relevant to the engagement.

Question 26

Q

State 2300 Performing the engagement

Answer

A

Internal auditors must identify, analyze, evaluate and record sufficient information to achieve the engagement

Question 27

Q

State 2400 Communicating results

Answer

A

Internal auditors should communicate the engagement results promptly

Question 28

Q

State Monitoring progress

Answer

A

The CAE should establish and maintain a system to monitor the disposition of results communicated to management

Question 29

Q

What should the written engagement plan address? (2200 engagement planning)

Answer

A

The scope/volume of work to be performed, taking into account any specific management requests, the risk assessment and background information about the engagement client obtained during a preliminary survey

Question 30

Q

What should be documented in an engagement work programme?

Answer

A

The specific engagement objectives to be achieved and the engagement procedure to be performed

Question 31

Q

What is the objective of stage 2: Performing the engagement?

Answer

A

The objective of this stage is to obtain sufficient appropriate evidence regarding the engagement objectives that were set and to measure this evidence against the acceptable criteria

Question 32

Q

What else is included in the engagement procedures (stage 2 : performing the engagement)?

Answer

A

Include testing and sampling techniques performed by the internal auditor to gather evidence, must, where possible, be selected up-front and extended or altered as circumstances require

Question 33

Q

What does stage 3: communicating results involve?

Answer

A

Disseminating the results of the audit engagement in the form of an internal audit engagement report

Question 34

Q

What should be measured against the acceptable criteria in stage 3: communicating results?

Answer

A

After analyzing an evaluating the evidence gathered regarding the engagement objectives, this evidence should be measured against the acceptable criteria

Question 35

Q

Which form is the findings or engagement observations communicated to the relevant parties? (stage 3: communicating results)

Answer

A

In the form of an internal audit report, and high light, amongst other things, any weaknesses in the processes, risks associated with these weaknesses, and recommendations for improvement

Question 36

Q

What is required by the internal audit in stage 4: monitoring progress?

Answer

A

After the audit engagement investigate whether the implementation and improvement of processes as recommended in the internal audit engagement report have been addressed

Question 37

Q

What should the internal auditor establish in stage 4: monitoring progress?

Answer

A

The internal auditor must establish whether any correctives measures have been taken by management and whether or not these measures are achieving the desired results or that the management or board of directors has accepted the risk in cases where no corrective measures have been taken

Question 38

Q

What engagements should be drawn up when addressed in the engagement programme? (2200 engagement planning)

Answer

A

It must document the procedures followed for collecting, analysing, interpreting and documenting information during the engagement
It must state the objectives of the engagement
It must identify the technical aspects, risks, processes and transactions that should be examined
It must state the nature and extent of testing required

Question 39

Q

What is subjected to review and approval by the CAE?

Answer

A

The programme (engagement programme 2200)

Question 40

Q

Can modifications be made on the engagement programme (2200 engagement planning)?

Answer

A

Yes, as needed, during the course of the engagement

Question 41

Q

Should meeting be held with management responsible for the area to be covered in the planning phase of the engagement? (2200 engagement planning)

Answer

A

Yes, concerns and request from management should be considered after this meeting and included in the engagement objectives, if needed

Question 42

Q

What should the internal auditor consider in the planning the engagement? (2201 planning consideration)?

Answer

A

The strategies and objectives of the activity being reviewed and the means by which the activity controls its performance
The significant risks to the activity’s objectives, resources, and operations and the means by which the potential impact of risk is kept to an acceptable level
The adequacy and effectiveness of the activity’s goverance, risk management, and control processes compared to a relevant framework or model
The opportunities for making significant improvements to the activity’s governance, risk management and control processes

Question 43

Q

State 2201 A.1

Answer

A

When planning an engagement for parties outside the organisation, IA must establish a written understanding with them about objectives, scope, respective responsibilities, and other expectations, including restrictions on distribution of the results of the engagement and access engagement records

Question 44

Q

What is an engagement objective according to 2210 engagement objective?

Answer

A

Are board statements developed by the internal auditor that define what the engagement is intended to accomplish

Question 45

Q

State 2201. C1 (planning consideratio)

Answer

A

Internal auditors must establish an understanding with consulting engagement clients about objectives, scope, respective responsibilities, and other client expectations. For significant engagements, this understanding should be documented

Question 46

Q

What is an engagement procedure according to 2210 engagement objectives?

Answer

A

Are the means followed by the internal auditor to achieve the engagement objective

Question 47

Q

What combined constitutes the scope of the engagement? (2210 engagement objective)

Answer

A

Engagement objective and engagement procedures

Question 48

Q

What should the engagement objective address according to 2210 engagement objectives?

Answer

A

The risks associated with the activity under review

Question 49

Q

What is used further define the initial objectives and identify other significant areas of concern?

Answer

A

The risk assessment conducted during the engagement planning phase (2210 engagement objectives_

Question 50

Q

State 2210 A.1

Answer

A

Internal auditors must conduct a preliminary assessment of the risks relevant to the activity under review. Engagement objectives must reflect the results of this assessment

Question 51

Q

Disclose 2210 engagement objectives

Answer

A

Objectives must be established for each engagement

Question 52

Q

What should internal auditors consider in the engagement objectives and procedures setting (2210.A1)?

Answer

A

Risks associated with the activity under review

Question 53

Q

How should risk be measured according to 2210.A1?

Answer

A

In terms of consequences and likelihood

Question 54

Q

How is risk for an activity determined? (2210.A1)

Answer

A

Background information on the activity should be obtained

Question 55

Q

State one method to obtaining information when determining risk for an activity (2210.A1)

Answer

A

Conduct a preliminary survey of the activity

Question 56

Q

What is the purpose of a preliminary survey? (2210.A1)

Answer

A

Would familiarize the internal auditor with the activity, its processes and control, to identify areas for engagement emphasis, and to invite comments and suggestions from engagement clients, but would include detailed verification of information obtained

Question 57

Q

State 2210.A2

Answer

A

Internal auditors must consider the probability of significant errors, fraud, non-compliance, and other exposures when developing the engagement objectives

Question 58

Q

State 2210.A3

Answer

A

Adequate criteria are needed to evaluate controls. Internal auditors must ascertain the extent to which management has established adequate criteria to determine whether objectives and goals have been achieved, If adequate, Internal auditors must use such criteria in their evaluation. If inadequate, internal auditors must identify appropriate criteria through discussion with management and/or the board

Question 59

Q

State the type of criteria that may included in 2210. A3

Answer

A

Internal (e.g. policies and procedures of the organization)
External (e.g. laws and regulations imposed by statutory bodies)
Leading practices (e.g. industry and professional guidance)

Question 60

Q

State 2210. C1

Answer

A

Consulting engagement objectives must address governance, risk management and control processes to the extent agreed upon with the client

Question 61

Q

State 2210.C2

Answer

A

Consulting engagement objectives must be consistent with the organization’s values, strategies and objectives

Question 62

Q

State 2220 Engagement scope

Answer

A

The established scope must be sufficient to satisfy the objectives of the engagement

Question 63

Q

State 2220.A1 Engagement scope

Answer

A

The scope of the engagement must include consideration of relevant systems, records, personnel, and physical properties, including those under the control of third parties

Question 64

Q

State 2220.A2

Answer

A

If significant consulting opportunities arise during an assurance engagement, a specific written understanding as to the objectives, scope, respective responsibilities and other expectations should be reached and the results of the consulting engagement communicated in accordance with consulting standards

Answer 63

A

In performing consulting engagements, internal auditors must ensure that the scope of the engagement is sufficient to address the agreed-upon objectives.
If the internal auditors develop reservations about the scope during the engagement, these reservations must be discussed with the client to determine whether to continue with the engagement

Answer 64

A

During consulting engagements, internal auditors must address controls consistent with the engagement’s objectives and be alert to significant control issues

Answer 65

A

Internal auditors must determine appropriate and sufficient resources to achieve engagement objectives, based on an evaluation of the nature and complexity of each engagement, time constraints, and available resources

Answer 66

A

The number and experience level of the internal audit staff
Training needs - involvement in certain engagements may be the ideal training method for internal auditors
Where the engagement requires knowledge, skills and other competencies not found within the current staff resources: the use of resources should be considered

Answer 67

A

Internal auditors must develop and document work programmes that achieve the engagement objectives

Answer 68

A

Prior to the commencement of the engagement

Answer 69

A

Work programmes must include the procedures for identifying, analysing, evaluating, and documenting information during the engagement. The work programme should be approved prior to its implementation, and any adjustments approved promptly

Answer 70

A

Work programmes for consulting engagements may vary in form and content, depending upon the nature of the engagement

Answer 71

A

Internal auditors must identify, analyze, evaluate, and document sufficient information to achieve the engagement’s objectives

Answer 72

A

The protection of personally identifiable information gathered during audit engagements, as advances in IT and communications continue to present privacy risks and threats

Answer 73

A

Internal auditors must identify sufficient, reliable, relevant, useful information to achieve the engagement’s objectives

Answer 74

A

Internal auditors must base conclusions and engagements results on appropriate analyses and evaluations

Answer 75

A

Analytical procedures

Answer 76

A

In identifying unexpected differences, lack of expected differences, potential errors, fraud or illegal acts or unusual events.

Answer 77

A

Internal auditors must document sufficient, reliable, relevant, and useful information to support the engagement results and conclusions

Answer 78

A

The internal auditor performing engagements procedures

Answer 79

A

The management of the internal audit activity

Answer 80

A

The CAE must control access to engagement records.
They must also obtain the approval of senior management and/or legal counsel prior to releasing such records to external parties, as appropriate

Answer 81

A

The CAE must develop policies governing the custody and retention of consulting engagement records, and their release to internal and external parties. These policies must be consistent with the organization’s guidelines and any pertinent regulatory or other requirements

Answer 82

A

Engagements must be properly supervised to ensure objectives are achieved, quality is assured, and staff is developed

Answer 83

A

The extent of supervision required will depend on the proficiency and experience of the internal auditors and the complexity of the engagement
The CAE has overall responsibility for supervising the engagements, whether performed by or for the internal audit activity, but may designate appropriately experiences members of the internal audit activity to perform the review

Answer 84

A

Step 1: Obtain an understanding of the engagement client and business unit/process under review
Step 2: Provisional contact with engagement client
Step3 : Conduct a preliminary survey
Step 4: Conduct a risk assessment/ use outcome of an organization’s risk assessment

Answer 85

A

Step 5: Determine the engagement/audit objectives; criteria and engagement scope

Answer 86

A

Step 6: Identify and allocate the resources needed to perform the engagement

Answer 87

A

-Step 7: Draw up an engagement work programme
- Step 8: Obtain final confirmation from management to proceed with the engagement

Answer 88

A

The characteristics of the services rendered and/or goods supplied by the organization
The philosophy and culture within the organization
The management style of the top management, including the existence and functioning of committees
Labour matters, including relevant legislation and agreements, and the general climate of labour relations in the country
The investment policy of the organisation and the management of capital
Influence of political circumstances on the organization.
The influence of changes in international trade on the organization
Changes in the geographical distribution of the organization’s activities
Exposure of the organization to changes in technology

Answer 89

A

The head of the business unit/process should be informed of the proposed engagement
The proposed scope of the work should be discussed
The objectives of the business unit/process being reviews should be obtained
Documents that will be required may be identified and arrangements may be made for obtaining background information
Information on how the business unit/process measures its effectiveness and performance with regard to the achievement of set objectives should be obtained
The names and job descriptions of the team performing the audit engagement may be disclosed to the management
A physical tour, which entails observations of people, processes and workflow, should be conducted.

Answer 90

A

Broad statements developed by internal auditors that define intended engagement accomplishments – ‘what do you want to achieve’. EXAMPLE: “To determine/assess/evaluate whether all leave transactions are properly approved by the designated official.”

Answer 91

A

A document that lists the audit/engagement procedures to be followed during an engagement, designed to achieve the engagement objectives.

Answer 92

A

Audit actions performed by the auditor to gather sufficient, reliable, relevant and useful evidence to enable the auditor to make a conclusion / express an opinion. EXAMPLE: “Inspect (how) a sample of leave forms for a signature (what) to evaluate whether all leave applications were approved by the designated official (why).

Answer 93

A

Was an overview/comprehensive understanding of the engagement client obtained?  Was preliminary contact done with the engagement client?
Was a preliminary survey performed and were risk areas identified?  Were audit objectives and scope of work, criteria and resource allocation determined?
Was background information obtained and was adequate research for the audit project performed?
Did the auditors perform sufficient review to determine the executive tone at the top?
Was an audit budget developed and were actual audit day’s charges established (resource allocation)?
Were appropriate auditee management personnel notified that the audit would take place? Were they advised as to the audit objective?
Was an audit programme prepared and was the programme approved?
Was an audit engagement approach established?  Was final confirmation from management to proceed with the engagement received?

Brainscape's Knowledge GenomeTM

Internal Audit Process Flashcards

Brainscape's Knowledge Genome^TM