Proficiency and Due Professional Care

Question 1

Standard 1200 - Proficiency and Due Professional Care

Answer 1

Engagements must be performed with proficiency and due professional care.

Question 2

Performing engagements with proficiency and due professional care is the responsibility

Answer 2

of every internal auditors

Question 3

Internal auditors who have attained professional certifications need to

Answer 3

be aware of the continuing education requirements to keep their certifications current.

Question 4

Due professional care requires

Answer 4

understanding the IPPF’s systematic and disciplined approach to internal auditing, which is supplemented by organization-specific policies and procedures established by the CAE.

Question 5

The CAE is responsible for

Answer 5

ensuring conformance with this standard by the internal audit activity as a whole.

Question 6

As part of managing the internal audit activity, The CAE

Answer 6

establishes policies and procedures that enable internal auditors to perform engagements with proficiency and due professional care. This involves the CAE’s recruitment and training of internal auditors, as well as the proper planning, staffing, and supervising of engagements.

Question 7

Secondment

Answer 7

Obtaining an individual from another function in the organization

Question 8

Subcontracting

Answer 8

Obtaining an external individual for an engagement, e.g., a subject matter expert

Question 9

Co-sourcing

Answer 9

A mix of internal staff and external outsourcing

Question 10

Out-sourcing

Answer 10

1) Fully outsourced to an external service provider, or 2) Outsourced to a group internal audit function (considered as outsourced at the local level)

Question 11

In-house auditing

Answer 11

Dedicated audit team: usually full time and from within the organization.

Question 12

Standard 2030 Resource Management

Answer 12

The CAE must make that the resources of internal audit are sufficient, appropriate and are used effectively to achieve the objectives of internal audit plan.
Appropriate: refers to the mix of knowledge, skill and competencies needed to achieve the objectives of internal audit plan,

Question 13

Specific skill exceptions (Fraud & IT)

Answer 13

Fraud: internal auditors must be able to evaluate fraud, but are not expected to have specialized expertise.
IT: internal auditors must know key risks, controls and CAAT’s (Computer Assisted Audit Tools), but are not expected to have specialized expertise.

Question 14

Assurance /especially/

Answer 14

the internal audit activity must collectively have or acquire the knowledge, skills and competencies needed to perform its work.

Question 15

Consulting

Answer 15

The CAE must decline the proposed consulting engagement or obtain assistance if the current internal audit team does not have all the required competencies to perform the engagement.

Question 16

Shows due professional care

Answer 16

Performing internal audits which conform with the Standard. Not identifying a significant risk can be a major failure in an internal audit.

Question 17

Continuing professional development may lead to additional professional competencies that could enhance internal audit work in specific areas. Opportunities to pursue professional development include participating in:

Answer 17

• Conferences
• Seminars
• Training programs
• Online courses and webinars
• Self-study programs
• Classroom courses
• Conducting research projects
• Volunteering with professional organizations
• Pursuing professional certifications, such as the CIA

Question 18

The internal auditor is ultimately responsible for conforming with standard 1230. Internal auditors may want to reflect on:

Answer 18

• Their job requires
• Training policies
• Professional education requirements of their profession, organization, or industry
• Any certifications or areas of specialization
• Feedback from recent performance reviews
• Assessment results regarding conformance with the Mandatory Guidance of the IPPF
• Results of self-assessments

Question 19

Implementation standard 1220.C1 (must exercise - consulting)

Answer 19

Internal auditors must exercise due professional care during a consulting engagement by considering the:
- Needs and expectations of clients, including the nature, timing, and communication of engagement results
- Relative complexity and extent of work needed to achieve the engagement’s objectives
- Cost of the consulting engagement and in relation to potential benefits

Question 20

Implementation standard 1220.A3
(must be alert)

Answer 20

Internal auditors must be alert to the significant risks that might affect objectives, operations, or resources. However, assurance procedures alone, even when performed with due professional care, do not guarantee that all significant risks will be identified.

Question 21

Implementation standard 1220.A2
(must consider)

Answer 21

In exercising due professional care internal auditors must consider the use of technology-based audit and other data techniques.

Question 22

Compliance for the internal audit activity as a whole may be demonstrated by:

Answer 22

• An internal audit plan that includes an analysis of resource requirements
• An inventory of available audit staff skills or individual profiles listing qualifications
• An assurance map with a list of qualifications of service providers on which the internal audit activity relies.

Question 23

The CAE may demonstrate conformance through:

Answer 23

• The use of a competency tool
• The development of:
  
  • Internal audit policies
  • Internal audit procedures
  • Training materials

Question 24

Individual internal auditors may demonstrate conformance by:

Answer 24

• Resume or curriculum vitae
• Records of certifications and continuing professional development

Question 25

Implementation standard 1210.C1
(must decline)

Answer 25

When consulting engagements are being considered and the available internal auditors do not have the required proficiencies, the CAE must decline the engagement or pursue other options, as described in Standard 1210.C1

Question 26

The CAE can encourage professional development of internal auditors through:

Answer 26

• On-the-job training
• Attendance at professional conferences and seminars
• Encouraging the pursuit of professional certifications

Question 27

Implementation standard 1220.A1
(internal auditors must exercise due professional care by considering the):

Answer 27

• Extent of work needed to achieve the engagement’s objectives
• Relative complexity, materiality, or significance of matters to which assurance procedures are applied
• Adequacy and effectiveness of governance, risk management, and control processes
• Probability of significant errors, fraud, or noncompliance
• Cost of assurance in relation to potential benefits

Question 28

External Service Providers

Answer 28

Qualified external service providers may be recruited from many sources, such as a public accounting firm, an external consulting firm, or a university.
External service providers may more easily accommodate engagement requirements in distant locations.

Question 29

External Service Providers (unacceptable)

Answer 29

An external service provider associated with the engagement client is unacceptable because the person would not be independent or objective.

Question 30

Implementation standard 1210.A1
CAE’s responsibility obtain

Answer 30

The CAE must obtain competent advice and assistance if the internal auditors lack the knowledge, skills, or other competencies needed to perform all or part of the engagement.

Question 31

Not be outsourced

Answer 31

Oversight of and responsibility for the internal audit activity must not be outsourced.
Regardless of the degree of outsourcing, services still must be performed in accordance with the Standard, and the guidance for obtaining external service providers should be followed.

Question 32

Hiring practices

Answer 32

are an essential part of understanding the background of the internal audit staff. During this process, the CAE identifies the internal auditor’s education, previous experience, and specialized areas of knowledge.

Question 33

Periodic skills assessment

Answer 33

The CAE should conduct periodic skills assessments to determine the specific resources available. Assessments should be performed at least annually.

Question 34

Staff performance appraisals

Answer 34

are completed at the end of any major internal audit engagement. These appraisals help the CAE assess future training needs and current staff abilities.

Question 35

Continuing professional development

Answer 35

encourages continued growth. Acquired training also should be considered when identifying internal audit resources.

Question 36

The CAE must ensure that the internal audit activity is able to fulfill its responsibilities:

Answer 36

• Identifying the available knowledge, skills and competencies within the internal audit activity will help the CAE determine whether the current staff is sufficient to satisfy those responsibilities.
• Senior management is responsible for the hiring of internal audit staff.

Question 37

Professionalism

Answer 37

addresses authority, credibility, and ethical conduct.

Question 38

Performance

Answer 38

is associated with planning, conducting and delivering internal audit engagements in accordance with the IIA’s Standards.

Question 39

Environment

Answer 39

involves the risk management of identifying and understanding specific risks within the industry and location the entity operates

Question 40

Leadership and communication

Answer 40

comprise developing and managing the internal audit function, persuading, and motivating others and communicating with impact.

Question 41

The four knowledge areas are:

Answer 41

1. Professionalism
2. Performance
3. Environment
4. Leadership and communication

Question 42

To build and maintain the proficiency of the internal audit activity

Answer 42

the CAE may develop a competency assessment tool or skills assessment based on the framework or another benchmark, such as a mature internal audit activity.

Question 43

The three competency levels are:

Answer 43

1. General awareness (staff, mid-level personnel)
2. Applied knowledge (management, mid-level personnel)
3. Expert (executive, senior-level personnel)

Question 44

Competency

Answer 44

is the ability to perform task or job properly. It is a set of defined knowledge, skills, and behavior.

Question 45

Standard 1210.A3
(must have -key)

Answer 45

Internal auditors must have sufficient knowledge of key information technology risks and controls and available technology-based audit techniques to perform their assigned work. However, not all internal auditors are expected to have the expertise of an internal auditor whose primary responsibility is information te auditing.

Question 46

Standard 1210.A2
(must have - evaluate)

Answer 46

Internal auditors must have sufficient knowledge to evaluate the risk of fraud and manner in which it is managed by the organization but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud.

Question 47

The internal audit activity is considered proficient if

Answer 47

the team collectively possesses or obtains the competencies needed to perform its responsibilities. The internal audit activity as a whole, not each auditor individually, must be proficient in all necessary competencies.
The internal audit activity as a whole, not each auditor individually, must be proficient in all necessary competencies.