Part 1

Question 1

A variety of assessment techniques, including facilitated workshops and surveys, in which the assessment is performed by people involved in the area or process being assessed rather than by an independent party.

Answer 1

Control self-assessment

Question 2

Broad statements developed by internal auditors that define intended engagement accomplishments.

Answer 2

Engagement objectives

Question 3

A specific internal audit assignment, task, or review activity, such as an internal audit, control self-assessment review, fraud examination, or consultancy.

Answer 3

Engagement

Question 4

Type of conflict that erodes relationships and derails progress toward goals.

Answer 4

Dysfunctional conflict

Question 5

As related to risk, an uncertain event with a positive consequence.

Answer 5

Opportunity

Question 6

A type of review that examines relationships among information.

Answer 6

Analytical review

Question 7

The probability that fraud will occur and the potential severity or consequences to the organization when it occurs.

Answer 7

Fraud risk

Question 8

A process designed to provide reasonable assurance regarding the achievement of objectives in the categories of effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.

Answer 8

Internal control

Question 9

The benchmarks against which the subject matter of an engagement can be assessed.

Answer 9

Internal audit criteria

Question 10

Controls that reduce the potential impact should an event occur. Insurance is a prime example of this type of control.

Answer 10

Mitigating controls

Question 11

Advisory and related client service activities, the nature and scope of which are agreed with the client and which are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility.

Answer 11

Consulting services

Question 12

The possibility of an event occurring that will have an impact on the achievement of objectives; measured in terms of impact and likelihood.

Answer 12

Risk

Question 13

An incident or occurrence resulting from internal or external sources that affects the implementation of strategy or achievement of objectives.

Answer 13

Event

Question 14

The risk remaining after management takes action to reduce the impact and likelihood of an adverse event, including control activities in responding to a risk.

Answer 14

Managed risk

Question 15

The assignment of risk into categories, such as financial risk, operational risk, strategic risk, or reputation risk.

Answer 15

Risk classification

Question 16

Ranking risks, formally or informally, from the highest to the lowest.

Answer 16

Risk prioritization

Question 17

Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved.

Answer 17

Control

Question 18

A pictorial representation of a process or activity, typically including a series of boxes and connecting lines to indicate association and direction/order.

Answer 18

Block diagram

Question 19

A graphical representation of the actual or ideal path followed by any service or product; provides a visual sequence of the steps in a process, illustrates the relationship between parts, and identifies what the process does or should do.

Answer 19

Flowchart

Question 20

The risk derived from the environment without the mitigating effects of internal controls.

Answer 20

Absolute risk

Question 21

A type of control that prevents or detects a deviation from the approved procedure.

Answer 21

Active control

Question 22

A situation in which the underlying reasons for a conflict are eliminated.

Answer 22

Conflict resolution

Question 23

The identification of risk, the measurement of risk, and the process of prioritizing risk or selecting alternatives based on risk.

Answer 23

Risk assessment

Question 24

The means by which members of a profession maintain, improve, and broaden the knowledge, skills, and competence required in their professional lives.

Answer 24

Continuing professional development

Question 25

A structured, consistent, and continuous process across the whole organization for identifying, assessing, deciding on responses to, and reporting on opportunities and threats that affect the achievement of its objectives.

Answer 25

Enterprise risk management (ERM)

Question 26

Limitations of risk management, control, and governance related to human judgment, resource limitations, and the need to balance the costs of controls in relation to expected benefits.

Answer 26

Inherent limitations

Question 27

A department, division, team of consultants, or other practitioner(s) that provide independent, objective assurance and consulting services designed to add value and improve an organization’s operations.

Answer 27

Internal audit activity

Question 28

Principles relevant to the profession and practice of internal auditing and Rules of Conduct that describe behavior expected of internal auditors.

Answer 28

Code of Ethics

Question 29

The acceptable levels of variation relative to the achievement of objectives.

Answer 29

Risk tolerance

Question 30

The process of identifying human capital needs for the internal audit function and internal audit activities and ensuring that qualified individuals are available for engagements.

Answer 30

Staffing

Question 31

A type of proactive control that deters undesirable events from occurring.

Answer 31

Preventive control

Question 32

The amount of risk an organization is willing to accept in pursuit of value.

Answer 32

Risk appetite

Question 33

The combination of processes and structures implemented by the board in order to inform, direct, manage and monitor the activities of the organization toward the achievement of its objectives.

Answer 33

Governance

Question 34

The top position in an organization responsible for internal audit activities.

Answer 34

Chief audit executive (CAE)

Question 35

The actions taken to manage risk.

Answer 35

Risk response

Question 36

A condition that warrants attention as a potential or real shortcoming that leaves the organization excessively at risk.

Answer 36

Control deficiency

Question 37

An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations; brings a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Answer 37

Internal auditing

Question 38

The risk remaining after management takes action to reduce the impact and likelihood of an adverse event, including control activities in responding to a risk.

Answer 38

Residual risk

Question 39

A type of conflict that leads to beneficial results; can transform the ways in which individuals interact and improve the quality of conflict outcomes.

Answer 39

Positive conflict

Question 40

A type of control that operates without human intervention; may be built into a computer system or a relationship or process that possesses control implications.

Answer 40

Passive control

Question 41

A type of conflict that leads to beneficial results; can transform the ways in which individuals interact and improve the quality of conflict outcomes.

Answer 41

Constructive conflict

Question 42

The evaluation of the magnitude of risk.

Answer 42

Risk measurement

Question 43

The type of risk found throughout the environment.

Answer 43

Pervasive risk

Question 44

The systematic measurement of characteristics such as education and experience that results in recognition of an individual as one who meets the suggested knowledge and other minimum requirements for a position or a profession.

Answer 44

Certification

Question 45

A type of control that is proactive and that causes or encourages a desirable event to occur; examples include guidelines, training programs, incentive plans.

Answer 45

Directive control

Question 46

The processes an organization puts into place so that security controls and expenditures are fully commensurate with the risks to which the organization is exposed.

Answer 46

Security risk management

Question 47

A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of an organization’s objectives.

Answer 47

Risk management

Question 48

In terms of the internal audit activity, a formal written document that defines the activity’s purpose, authority, and responsibility.

Answer 48

Charter

Question 49

A recognized system of concepts encompassing all elements of internal control.

Answer 49

Control framework

Question 50

The attitude and actions of the board and management regarding the significance of control within the organization; provides the discipline and structure for the achievement of the primary objectives of the system of internal control.

Answer 50

Control environment

Question 51

A preconstructed array of questions used to elicit key information about internal control.

Answer 51

Internal control questionnaire (ICQ)

Question 52

Any relationship that is or appears to be not in the best interest of the organization; would prejudice an individual’s ability to perform his or her duties and responsibilities objectively.

Answer 52

Conflict of interest

Question 53

Objective examination of evidence for the purpose of providing an independent assessment on risk management, control, or governance processes for an organization.

Answer 53

Assurance services

Question 54

A type of risk that revolves around the business impact that would be experienced if certain risks were realized.

Answer 54

Acceptable risk

Question 55

Controls that compensate for the lack of an expected control; for example, close supervisory review may compensate for a lack of segregation of duties where a small staff size makes proper segregation impractical.

Answer 55

Compensating controls

Question 56

A level of control that is present if management has planned and organized in a manner that provides reasonable assurance that the organization’s risks have been managed effectively and that the organization’s goals and objectives will be achieved efficiently and economically.

Answer 56

Adequate control

Question 57

When parties disagree over substantive issues or when emotional antagonisms prevail and result in friction between parties.

Answer 57

Conflict

Question 58

Type of conflict that erodes relationships and derails progress toward goals.

Answer 58

Destructive conflict

Question 59

A mapping process that provides a step-by-step picture of a process in a single document without the use of detailed symbols or keys.

Answer 59

Narratives

Question 60

The policies, procedures, and activities that are part of a control framework, designed to ensure that risks are contained within the risk tolerances established by the risk management process.

Answer 60

Control processes

Question 61

An organization’s standards of behavior.

Answer 61

Corporate values

Question 62

A risk level derived from an organization’s legal and regulatory compliance responsibilities, its threat profile, and its business drivers and impacts.

Answer 62

Acceptable risk level

Question 63

A type of control that is reactive and that detects undesirable events that have occurred.

Answer 63

Detective control

Question 64

The continuous process of planning and directing changes that occur within an organization to achieve an intended result.

Answer 64

Change management

Question 65

The method of recognizing possible threats and opportunities.

Answer 65

Risk identification

Question 66

The conformity and adherence to policies, plans, procedures, laws, regulations, contracts, or other requirements.

Answer 66

Compliance

Question 67

A document that lists the procedures to be followed during an engagement, designed to achieve the engagement plan.

Answer 67

Engagement work program

Question 68

The identification of risk, the measurement of risk, and the process of prioritizing risk or selecting alternatives based on risk.

Answer 68

Risk analysis

Question 69

Any illegal acts characterized by deceit, concealment, or violation of trust.

Answer 69

Fraud

Question 70

The risk derived from the environment without the mitigating effects of internal controls.

Answer 70

Inherent risk

Question 71

A type of review that examines relationships among information.

Answer 71

Analytical auditing