Internal control Flashcards
Why does management uses strategic plan?
As point of departure in developing organisational operational direction
Define structure
The way in which the organisation or elements thereof, is arranged
Define policy
Guideline or statement of position with respect to a given topic
Define process
Big picture of what must be done
Define procedure
A fixed, step by step sequences of activities or course of action
Define system
A tool(s) used to facilitate the procedures
Define law
National legal requirement
Define regulation
Additional guidance and rules - based documentation for a specific need
True or False
Internal auditors need a sound understanding of organisational structure term and application within the engagement client’s environment.
True
Who is responsible to ensure governance, risk management and control are established within the organisation to meet business and stakeholders needs.
Management
The performance standards describe which internal audit service?
The nature of work
What does the nature of work of internal audit work/service consist of?
- organisational terms
- standards (GRC)
- definition of control
- objectives of control
- COSO framework
- responsibility for internal control
- advantages and disadvantages
- controls in IT environment`
Explain 2100 Nature of work
The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach. Internal audit credibility and value are enhances when auditors are proactive and their evaluations offer new insight and consider future impact.
The nature of work of IAA consists mainly of providing assurance and consulting services on governance, risk management and control processes, or related fields.
State 2110 Governance
The IAA must assess and make appropriate recommendations to improve the organization’s governance processes for:
- making strategic and operational decisions
- overseeing risk management and control
- promoting appropriate ethics and value within the organization
- ensuring effective organizational performance management and accountability
- communicating risk and control information to appropriate areas of the organization
- coordinating the activities of, and communicating information among, the board, external and internal auditors, other assurance providers, and management
Disclose 2110. A1 Governance
The IAA must evaluate the design, implementation and effectiveness of the organization’s ethics-related objectives, programms, and activities
State 2110. A2
The IAA must assess whether the IT governance of the organization sustains and supports the organization’s strategies and objectives
State 2120 Risk management
The IAA must evaluate the effectiveness and contribute to the improvement of risk management processes.
How should 2120 risk management be interpretated?
Judgement results from assessment:
- organizational objectives support and align with the organization’s mission
- significant risks are identified and assessed
- appropriate risk responses are selected that align risks with the organization’s risk appetite
- relevant risk information is captured and communicated in a timely manner across the organization, enabling staff, management, and the board to carry out their responsibilities
How is risk management processes monitored according to 2120 risk management interpretation?
Through ongoing management activities, separate evaluations, or both
State 2120.A1
The IAA must evaluate the adequacy and effectiveness of controls in responding to risks within the organization’s governance, operations, and information systems, regarding the:
- achievement of the organization’s strategic objectives
- reliability and integrity of financial and operational information
- effectiveness and efficiency of operations and program
- safeguarding of assets
- compliance with laws, regulations, policies, procedures, and contracts
State 2120.A2
The IAA must evaluate the potential for the occurrence of fraud and how the organization manage fraud risk
Explain 2130 control
The IAA must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement
What is control aim according to 2130 control?
To support the organisation in the management of risks that threaten the achievement of its objectives and should amongst others, ensure:
- financial and operational information is reliable and possesses integrity
- operations are performed efficiently and achieve established objectives
- assets are safeguard
- actions and decisions of the organization are in compliance with laws, regulations and contracts
What is the CAE role according to 2130 control?
Should form an overall opinion on the adequacy and effectiveness of the control processes by considering whether significant discrepancies or weaknesses were discovered, corrections or improvement were made after the discoveries, and the discoveries and their potential consequences led to a conclusion that a pervasive condition exists resulting in an unacceptable level of risk.
The IA plan should make provisions for the evaluation of the adequacy and effectiveness of the organization’s control processes. The CAE should report at least once a year on the organization’s control processes to senior management and the board