Midterms Flashcards
Formal document that defines the internal audit activity’s purpose, authority, and responsibility. Establishes the internal audit activity’s position within the organization, authorizes access to records, personnel, and physical properties
Internal audit chapter
Who is responsible for final approval of internal audit charter?
The Board
The CAE reports functionally to the _______ and administratively to the organization’s __________. This facilitates organizational independence.
The CAE reports functionally to the board and administratively to the organization’s CEO. This facilitates organizational independence.
_________________ is the reporting relationship within the organization’s management structure that facilitates the day-to-day operations of the internal audit activity. It typically includes:
- budgeting and management accounting
- human resources administration
- internal communications and information flows
- administration of the internal audit activity’s policy and procedures
Administrative Reporting
______________ occurs when the CAE regularly attends and participates in board meetings that relate to the board’s oversight responsibilities for auditing, financial reporting, organizational governance, and control.
Direct communication
How often should the CAE meet privately with the board?
At least annually
___________ means the internal auditors perform engagements in such a manner that the have an honest belief in their work product and no significant quality compromises are made.
Individual objectivity
___________ involves the CAE organizing staff assignments that prevent potential and actual conflict of interest and bias.
Individual objectivity
The internal auditor recommends standards of control for systems or reviews procedures before they are implemented. Is his objectivity adversely affected?
No. The internal auditor’s objectivity is not adversely affected when the auditor recommends standards of control for systems or reviews procedures before they are implemented.
The auditor’s objectivity is considered to be impaired if the auditor designs, installs, drafts procedures for, or operates such systems.
________________________ is a situation in which an internal auditor, who is in a position of trust, has a competing professional or personal interest.
Conflict of interest. A conflict of interest exists even if no unethical or improper act results.
______________ is a restriction placed on the internal audit activity that precludes the activity from accomplishing its objectives and plans.
Scope limitation
Among other things, a scope limitation may restrict:
- scope defined in the internal audit charter
- internal audit activity’s access to records, personnel, and physical properties
- approved engagement work schedule
- performance of necessary engagement procedures
- approved staffing plan and financial budget
(T/F) Internal auditors should accept fees, gifts, or entertainments from an employee, client, customer, supplier, or business associate that may create the appearance that the auditor’s objectivity has been impaired.
FALSE.
Internal auditors are NOT accept fees, gifts, or entertainments from an employee, client, customer, supplier, or business associate that may create the appearance that the auditor’s objectivity has been impaired.
UNLESS promotional items (such as pens, calendars, or samples) that are available to employees and the general public and have minimal value.
(T/F) Objectivity is presumed to be impaired if an auditor provides assurance services for an activity for which the auditor had responsibility in the previous year
TRUE.
Internal auditors must refrain from assessing specific operations for which they were previously responsible until at least one year has elapsed.
Should internal auditors accept responsibility for non-audit functions or duties?
NO.
Auditors are not to accept responsibility for non-audit functions or duties that are subject to periodic internal audit assessments. If they have this responsibility, then they are not functioning as internal auditors.
Assurance engagements for functions over which the CAE has responsibility must be overseen by a party outside the internal audit activity.
What happens when the internal audit charter contains specific restrictions or limiting language regarding the assignment of non-audit functions to the internal auditor?
Disclosure and discussion with management of such restrictions is necessary. If the management insists, then disclosure and discussion with the board is necessary.
When the internal audit activity accepts operational responsibilities and that operation is part of the internal audit plan, the CAE needs to minimize impairment to objectivity and disclose the operating responsibilities of the internal auditor
___________________ includes conforming with the Code of Ethics and, as appropriate, the organization’s Code of Conduct.
Due Professional Care
What are the two essential components of Code of Ethics?
- Principles that are relevant to the profession and practice of internal auditing: integrity, objectivity, confidentiality, and competency
- Rules of conduct that describe behavioral norms expected of internal auditors
Refers to the knowledge, skills, and other competencies that are required of internal auditors to effectively carry out their professional responsibilities.
Proficiency.
Internal auditors are encouraged to demonstrate their proficiency by obtaining appropriate professional certifications and qualifications.
Ability to apply knowledge to situations likely to encountered and to deal with them appropriately without extensive recourse to technical research and assistance.
Proficiency
Ability to apply broad knowledge to situations likely to encountered, to recognize significant deviations, and to be able to carry out the research necessary to arrive at reasonable solutions
Understanding
Ability to recognize the existence of problems or potential problems and to identify the additional research to be undertaken or the assistance to be obtained
Appreciation
Does every member of the internal audit activity need to be qualified in all disciplines?
NO.
The internal audit activity may use external service providers or internal resources that are qualified in disciplines to meet the internal audit activity’s responsibilities.
Person or firm, independent of the organization that has special knowledge, skill, and experience in a particular discipline.
External service provider
Services beyond the requirements of audit standards generally accepted by external auditors
Extended audit services
CAE needs to ascertain that work performed by external auditors does not impair the external auditor’s independence. If external auditors act or appear to act as members of senior management, management, or as employees of the organization, then their independence is impaired.
When CAE issues engagement communications and an external service provider was used, should the CAE refer to such services provided?
The CAE may, as appropriate, refer to such services provided.
The external service provider needs to be informed and, if appropriate, concurrence should be obtained before making such reference in engagement communications
Application of the care and skill expected of a reasonably prudent and competent internal auditor in the same or similar circumstances
Due professional care.
Due professional care is appropriate to the complexities of the engagement being performed. It involves internal auditors being alert to the possibility of fraud, intentional wrongdoing, errors and omissions, inefficiency, waste, ineffectiveness, and conflicts of interest
Designed by the CAE to enable an evaluation of the internal audit activity’s conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics
Quality Assurance and Improvement Program.
The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement
Who should head the formal QAIP function in large or complex organizations?
Internal audit executive, independent of the audit and consulting segments of the internal audit activity
The executive administers and monitors the activities needed for a successful QAIP
Ongoing and periodic assessment of the entire spectrum of audit and consulting work performed by the internal audit activity.
Quality Assurance and Improvement Program
These ongoing and periodic assessments are composed of rigorous, comprehensive processes, continuous supervision and testing of internal audit and consulting work, and periodic validations of conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards.
What is the basis for periodic internal assessments?
IIA’s Quality Assessment Manual or a comparable set of guidance and tools
_______________ is an integral part of the day-to-day supervision, review, and measurement of the internal audit activity. It is incorporated into the routine policies and practices used to manage the internal audit activity and uses processes, tools, and information considered necessary to evaluate conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards
Ongoing monitoring
Assessments conducted to evaluate conformance with the Definition of Internal Auditing, the Code of Ethics, and the Standards
Periodic reviews
(T/F) if the periodic internal assessment is performed by a qualified, independent external reviewer or review team, the assessment results should not communicate any assurances on the outcome of subsequent external quality assessment.
FALSE
Cover the entire spectrum of audit and consulting work performed by the internal audit activity and should not be limited to assessing its quality assurance and improvement program
External assessments
External assessments must be conducted at least once every five years by a qualified, independent reviewer or review team from outside the organization.
What are the two ways that external assessment could be performed?
- Full external assessment by a qualified, independent external reviewer or review team
- Comprehensive internal self-assessment with independent validation by a qualified, independent external reviewer or review team
______________________ consists of individuals who are competent in the professional practice of internal auditing and external assessment processes
Quality reviewer or quality review team
___________________ means not having either real or apparent conflict of interest and not being a part of, or under the control of, the organization to which the internal audit activity belongs
Independent reviewer or review team
_________________ may be a parent organization, an affiliate in the same group of entities, or an entity with regular oversight, supervision or quality assurance responsibilities
Related organization
____________ requires reviewers to be honest and candid within the constraints of confidentiality
Integrity
__________________ is a state of mind and a quality that lends value to a reviewer(s) services. Imposes the obligation to be impartial, intellectually honest, and free of conflict of interest
Objectivity
_______________ means the practices of the internal audit activity, taken as a whole, to satisfy the requirements of the Definition of Internal Auditing, the Code of Ethics, and the Standards
Conformance
__________________ means the impact and severity of the deficiencies in the practices of the internal audit activity are so significant that they impair the internal audit activity’s ability to discharge its responsibilities
Non-conformance
A judgement that considers the professional internal audit experience and professional credentials of the individuals selected to perform the review
Evaluation of the competency of the reviewer and review team.
The evaluation considers the professional internal audit experience and professional credentials of the individuals selected to perform the review. The evaluation also considers the size and the complexity of the organizations that the reviewers have been associated with.
Who is responsible for disclosing instances of non-conformance that impact the overall scope or operation of the internal audit activity to senior management and the board?
CAE
List of all possible audits that could be performed
Audit universe
The CAE must establish _______ to determine the priorities of the internal audit activity, consistent with the organization’s goals
Risk-based plans.
The CAE is responsible for developing a risk-based plan. The CAE takes into account the organization’s risk management framework, including using risk tolerance levels set by management for the different activities or part of the organization
___________ likely reflect the organization’s attitude toward risk and the degree of difficulty to achieving planned objectives
Strategic plan
The audit universe can include components from the plan in forming risk-based plans. Strategic plans also likely reflect the organization’s attitude toward risk and the degree of difficulty to achieving planned objectives.
How often should the audit universe be assessed?
It is advisable to assess the audit universe on at least an annual basis to reflect the most current strategies and direction of the organization
Who is primarily responsible for the sufficiency and management of internal audit resources?
CAE is primarily responsible for the sufficiency and management of internal audit resources in a manner that ensures the fulfillment of the internal audit responsibilities.
__________________ is conducted by the CAE to determine the specific skills required to perform the internal audit activities
Periodic skills assessment or inventory
_____________ refers to the mix of knowledge, skills, and other competencies needed to perform the plan.
Appropriate
_____________ refers to the quantity of resources needed to accomplish the plan
Sufficient
Who is responsible for oversight of the work of external auditors, including coordination with the internal audit activity?
The board
Who is responsible for regular evaluations of the coordination between internal and external auditors?
CAE
Such evaluations may also include assessments of the overall efficiency and effectiveness of internal and external audit activities, including aggregate audit cost. These results are communicated to senior management and board
