Performance Standard Flashcards
The chief audit executive must effectively manage the internal audit activity to ensure it adds value to the organization.
2000 - Managing the Internal Audit Activity
It refers to the mix of knowledge, skills, and other competencies needed to perform the plan.
Appropriate
It refers to the quantity of resources needed to accomplish the plan.
Sufficient
They determine the frequency and content of reporting
Chief Audit Executive, Senior Management, and the Board
It is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor.
Sufficient information
It is the best attainable information through the use of appropriate engagement techniques.
Reliable information
It supports engagement observations and recommendations and is consistent with the objectives for the engagement.
Relevant information
It helps the organization meet its goals.
Useful information
They are free from errors and distortions and are faithful to the underlying facts.
Accurate communications
These are fair, impartial, and unbiased and are the result of a fair-minded and balanced assessment of all relevant facts and circumstances.
Objective communications
These are easily understood and logical, avoiding unnecessary technical language and providing all significant and relevant information.
Clear communications
they are to the point and avoid unnecessary elaboration, superfluous detail, redundancy, and wordiness.
concise communications
these are helpful to the engagement client and the organization and lead to improvements where needed.
Constructive communications
They lack nothing that is essential to the target audience and include all significant and relevant information and observations to support recommendations and conclusions.
Complete communications
These are opportune and expedient, depending on the significance of the issue, allowing management to take appropriate corrective action.
Timely communications
When nonconformance with the Code of Ethics or the Standards impacts a specific engagement, communication of the results must disclose the:
Principle(s) or rule(s) of conduct of the Code of Ethics or the Standard(s) with which full conformance was not achieved.
Reason(s) for nonconformance.
Impact of nonconformance on the engagement and the communicated engagement results.
Present if management has planned and organized (designed) in a manner that provides reasonable assurance that the organization’s risks have been managed effectively and that the organization’s goals and objectives will be achieved efficiently and economically.
Adequate Control
Adherence to policies, plans, procedures, laws, regulations, contracts, or other requirements
Compliance
The attitude and actions of the board and management regarding the importance of control within the organization. It provides the discipline and structure for the achievement of the primary objectives of the system of internal control. It includes the following elements:
Integrity and ethical values.
Management’s philosophy and operating style.
Organizational structure.
Assignment of authority and responsibility.
Human resource policies and practices.
Competence of personnel.
Control Environment
The policies, procedures (both manual and automated), and activities that are part of a control framework, designed and operated to ensure that risks are contained within the level that an organization is willing to accept
Control processes
the foundation for the International Professional Practices Framework and support internal audit effectiveness.
Core Principles for the Professional Practice of Internal Auditing
A specific internal audit assignment, task, or review activity, such as an internal audit, control self-assessment review, fraud examination, or consultancy. It may include multiple tasks or activities designed to accomplish a specific set of related objectives.
Engagement
Broad statements developed by internal auditors that define intended engagement accomplishments.
Engagement Objectives
A document that lists the procedures to be followed during an engagement, designed to achieve the engagement plan.
Engagement Work Program
A person or firm outside of the organization that has special knowledge, skill, and experience in a particular discipline.
External Service Provider
The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.
Governance
Controls that support business management and governance as well as provide general and technical controls over information technology infrastructures such as applications, information, infrastructure, and people.
Information Technology Controls
The conceptual framework that organizes the authoritative guidance promulgated by The IIA. Authoritative guidance is composed of two categories – (1) mandatory and (2) recommended.
International Professional Practices Framework
The rating, conclusion, and/or other description of results provided by the chief audit executive addressing, at a broad level, governance, risk management, and/or control processes of the organization. it is the professional judgment of the CAE based on the results of a number of individual engagements and other activities for a specific time interval
Overall Opinion
Any automated audit tool, such as generalized audit software, test data generators, computerized audit programs, specialized audit utilities, and computer-assisted audit techniques (CAATs).
Technology-based Audit Techniques
The relative importance of a matter within the context in which it is being considered, including quantitative and qualitative factors, such as magnitude, nature, effect, relevance, and impact. Professional judgment assists internal auditors when evaluating the significance of matters within the context of the relevant objectives.
Significance