Mandatory Guidance

Question 1

The 6 parts of the IPPF

Answer 1

• the definition of internal auditing
• the code of ethics
• the standards
• practice advisories (PAs)
• practice guides
• position papers

Question 2

Mandatory components of the IPPF

Answer 2

• the definition of internal auditing
• the code of ethics
• the standards

Question 3

Recommended components of the IPPF

Answer 3

• practice advisories (PAs)
• practice guides
• position papers

Question 4

The IIA’s best practices

Answer 4

• practice advisories (PAs)

- practice guides

Question 5

The 4 purposes of the standards

Answer 5

• delineate basic principles that represent the practice of internal auditing
• provide a framework for performing and promoting a broad range of value-added internal auditing
• establish the basis for the evaluation of internal audit performance
• foster improved organizational processes and operations

Question 6

Another name for the IPPF

Answer 6

The red book

Question 7

The 3 types of standards

Answer 7

• attribute standards
• performance standards
• implementation standards

Question 8

Attribute standards

Answer 8

• address the characteristics of organizations and people performing internal audit activities
• apply to all internal audit services and internal auditors individually

Question 9

The 4 major sections of attribute standards

Answer 9

• purpose, authority and responsibility
• independence and objectivity
• proficiency and due professional care
• quality assurance and improvement program

Question 10

Performance standards

Answer 10

• describe the nature of internal auditing and provide quality criteria for evaluating audit performance
• apply to all internal audit services and internal auditors individually

Question 11

The 7 major sections of performance standards

Answer 11

• managing the internal audit activity
• nature of work
• engagement planning
• performing the engagement
• communicating results
• monitoring progress
• communicating the acceptance of risks

Question 12

Implementation standards

Answer 12

• expand upon attribute and performance standards

- provide separate mandatory instructions for implementing the attribute and performance standards

Question 13

The 2 types of audit engagements

Answer 13

• assurance
• consulting

note: these do not have to be mutually exclusive

Question 14

Assurance engagements

Answer 14

involve the auditor’s objective assessment of evidence to provide an independent opinion or conclusion regarding an entity, operation, function, process, system, etc.

Question 15

Who determines the scope of an assurance engagement?

Answer 15

the internal auditor

Question 16

The 3 parties involved in assurance services

Answer 16

• the process owner (client)
• the internal auditor
• the user of the assessment

Question 17

Consulting engagements

Answer 17

• advisory in nature

- generally performed at the request of the client

Question 18

Who determines the scope of a consulting engagement?

Answer 18

mutually agreed upon between the internal auditor and the client

Question 19

The 2 parties involved in consulting services

Answer 19

• the process owner (client)

- the internal auditor

Question 20

4 categories of consulting engagements

Answer 20

• formal
• informal
• special
• emergency

Question 21

Formal consulting engagements

Answer 21

planned and subject to written agreement

Question 22

Informal consulting engagements

Answer 22

routine activities (e.g. participation on standing committees, limited-life projects, ad hoc meetings, routine information exchange)

Question 23

Special consulting engagements

Answer 23

participation on a merger or acquisition team or system conversion team

Question 24

Emergency consulting engagements

Answer 24

participation on a team established for recovery or maintenance of operations after a disaster or other extraordinary business event

OR

participation on a team assembled to supply temporary help to meet a special request or unusual deadline

Question 25

Note on consulting & assurance services

Answer 25

shouldn’t use consulting services as a means of getting past having an assurance engagement

BUT

services once conducted as an assurance engagement may be performed in a consulting engagement - just have to watch out for redundancy

Question 26

Numbering conventions for standards

Answer 26

• attribute standards are the 1000s
• performance standards are the 2000s
• implementation standards can be either & also include lettering to denote whether they relate to assurance (A) or consulting (C) engagements

Question 27

Note on standards and the law

Answer 27

if a law prohibits auditors from complying with certain parts of the standards, it must be disclosed

ONLY the law overrides the Code of Ethics and the Standards

Question 28

Who drafts Practice Advisories?

Answer 28

the IIA’s Professional Issues Committee

Question 29

Practice Advisories

Answer 29

provide concise and timely guidance in applying the Code of Ethics and the Standards, as well as promoting best practices

Question 30

Practice Advisories cover which topics?

Answer 30

• international, country or industry-specific issues
• specific types of engagements
• legal or regulatory issues

Question 31

Practice Advisories DO cover:

Answer 31

• approach
• methodology
• considerations

Question 32

Practice Advisories DO NOT cover:

Answer 32

detailed processes and procedures

Note: These are covered by Practice Guides

Question 33

How are Practice Advisories developed?

Answer 33

• suggestions can be submitted from anyone

- formal review process performed by the Professional Issues Committee

Question 34

Practice Guides

Answer 34

• provide detailed guidance for conducting internal audit activities
• include detailed processes and procedures (e.g. tools and techniques, programs, step-by-step approaches, examples of deliverables)

Question 35

Are Practice Advisories and Practice Guides available to anyone?

Answer 35

NO, these are password protected on the IIA’s website, as they are intended for member use only

Question 36

Position Papers

Answer 36

• assist in understanding specific governance, risk or control issues
• assist in delineating the related roles and responsibilities of the internal audit profession

Question 37

Are Position Papers available to anyone?

Answer 37

YES

Question 38

Are the definition of Internal Auditing, the Code of Ethics and the Standards available to anyone?

Answer 38

YES

Question 39

Integrated audits provide assurance over any combination of these 5 engagement types:

Answer 39

• financial
• controls
• IT
• compliance
• operations

Question 40

The 5 financial assertions

Answer 40

• existence or occurrence
• completeness
• valuation and allocation
• rights and obligations
• presentation and disclosure

Question 41

What is the highest level of governing body charged with the responsibility to direct and/or oversee the activities and management of an organization?

Answer 41

the Board

Question 42

Definition of Internal Auditing

Answer 42

• an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations
• helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes

Question 43

Internal audit activity

Answer 43

a department, division, team of consultants, etc. that provides independent, objective assurance and consulting services designed to add value and improve an organization’s operations

Question 44

GRC

Answer 44

• governance
• risk
• control

Question 45

What is the foundation of internal auditing? (2 things)

Answer 45

• organizational independence

- individual objectivity

Question 46

Organizational independence exists if the CAE: (3 things)

Answer 46

• reports functionally to the Board
• has direct and unrestricted access to the Board
• reports administratively to the CEO or a similar head of the organization

Question 47

The CAE can report administratively to a different organizational level as long as the internal audit activity controls, without interference: (3 things)

Answer 47

• the scope of the work
• the performance of the work
• the reporting of results

Question 48

There is an increasing view of internal audit having a positive influence over: (2 things)

Answer 48

• governance

- risk management process

Question 49

Governance

Answer 49

combination of processes and structures implemented by the board to inform, direct, manage and monitor the activities of the organization toward the achievement of its objectives

Question 50

With respect to governance, internal auditors can ensure a company has:

Answer 50

• proper tone at the top
• management and operating methodology
• ethics and integrity

Question 51

Nature and Work for the Internal Audit Activity: Risk

Help an organization manage risk by: (3 things)

Answer 51

• identifying and evaluating significant exposures to risk
• contributing to the improvement of risk management and control systems
• monitoring and evaluating the risk management system

Question 52

Nature and Work for the Internal Audit Activity: Control

Help an organization maintain effective controls by: (2 things)

Answer 52

• evaluating the effectiveness and efficiency of controls

- promoting the continuous improvement of the control environment

Question 53

Nature and Work for the Internal Audit Activity: Governance

Help an organization assess and make recommendations for improving governance in its accomplishment of the following objectives: (4 things)

Answer 53

• promoting appropriate ethics and values within the organization
• ensuring effective organizational performance management and accountability
• effectively communicating risk and control information to appropriate areas of the organization
• effectively coordinating the activities of, and communicating information among, the board, external and internal auditors and management

Question 54

IIA’s view of ‘modern’ internal auditing

Answer 54

internal auditors pursue cooperative, productive working relationships through value-added activities as opposed to being the client’s adversary

Question 55

Internal audit activity’s purpose (5 items)

Answer 55

• provide an independent, objective assurance and consulting activity
• add value and improve an organization’s operations
• support organizational objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of GRC processes
• determine if organizational GRC processes are in place and are functioning properly
• communicate any opportunities for improvement or risk exposure to the appropriate management level

Question 56

Internal audit activity’s authority (3 items)

Answer 56

• provide appropriate unfettered access to records, personnel and physical properties
• maintain full and open access with the audit committee, board of directors or other governing authority
• secure necessary internal and external resources to accomplish audit activity objectives as planned

Question 57

Internal audit activity’s responsibility (5 items)

Answer 57

• document the objectives and scope of the engagement as well as the methodology to be used
• ensure that audit activity staff have sufficient knowledge, skills, experience and/or professional certifications to fulfill the engagement charter
• communicate the results of the internal audit activity or other matters that the CAE determines necessary to senior management, the audit committee, the board or other governing body of the organization
• consider the coordination of internal and external audit work to increase economy, efficiency and effectiveness of the overall audit process
• do not perform management activities