Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIA Part 1 > SU 4 - Quality Assurance & Improvement Program > Flashcards

SU 4 - Quality Assurance & Improvement Program Flashcards

1
Q

The practices of the internal audit activity, taken as a whole, satisfy the requirements of the Definition of Internal Auditing, the Code of Ethics, and the Standards.

A

Conformance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An organization’s standards of excellence for product or service output.

A

Quality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A program designed to enable an evaluation of the internal audit activity’s conformance with the Standards and an evaluation of whether internal auditors apply the Code of Ethics. It also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement.

A

Quality Assurance Improvement Program (QAIP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A teaming arrangement in which the internal audit activity for one organization agrees to perform the full external assessment or validation for an SAIV for another organization in exchange for that organization providing a similar service.

A

Reciprocal peer assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A strategic measurement and management system that links long-term strategic planning objectives with day-to-day activities; measures financial performance, customer knowledge, internal business processes, and learning and growth.

A

Blanced Scorecard (BSC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Situation in which the impact and severity of deficiencies in the practices of the internal audit activity are so significant that they impair the activity’s ability to discharge its responsibilities.

A

Nonconformance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An ongoing, cyclical process of regularly evaluating and working to improve a product, service, or process, either by a series of incremental improvements or by larger initiatives that may result in breakthrough improvements.

A

Continues improvement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A full evaluation of the performance of the internal audit activity performed by a qualified, independent assessor or assessment team from outside the organization. Must be conducted at least once every five years.

A

External Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Ongoing monitoring of the performance of the internal audit activity coupled with periodic self-assessments or assessments by other persons within the organization with sufficient knowledge of internal audit practices.

A

Internal Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The process of assuring that an internal audit function operates according to a set of standards defining the specific elements that must be present to ensure that the findings of the internal audit function are legitimate.

A

Quality Assurance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An internal audit department of 12 persons reports administratively to the chief financial officer (CFO) and functionally to a seven-person audit committee. The department is currently undergoing an external quality assurance review as part of a quality assurance and improvement program (QAIP). In his interview with the quality assurance team, the chief audit executive (CAE) states that the internal audit committee meets six times a year and that prior to each meeting the CFO meets with the CAE to review the agenda and the details of discussions that will be conducted. The CFO requests that the CAE prepare a script for the meeting and provides comments and revisions to it. What is the best action for the quality assurance team to take with this information?

a) Discuss the situation with CFO and the audit committee and include best practices in the audit report to improve the independence of the internal audit function.

b) Do nothing, since a quality assurance team should not get involved in this situation.

c) Use the nonconformance statement in the audit report.

d) Mention the scripting of the meeting to the audit committee chair but do not include it in the report unless the chair finds it to be noteworthy.

A

a) Discuss the situation with CFO and the audit committee and include best practices in the audit report to improve the independence of the internal audit function.

Rationale
The CAE must have free and unencumbered access to the audit committee. The best action for the CAE is to discuss the situation with CFO and the audit committee. The quality assurance team should also include best practices in the audit report, in this case, suggestions to improve the independence of the internal audit function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which is considered an element of a quality assurance and improvement program (QAIP)?

a) Annual appraisals of individual internal auditors’ performance

b) Internal reviews of audits completed

c) Conformance with communication restrictions of senior management

d) Total objectivity of internal quality assessments

A

b) Internal reviews of audits completed

Rationale
Ongoing internal evaluations of the internal audit activity are performed in part by doing internal reviews of audits completed. Because the CAE supervises internal quality assessments, this involvement precludes total objectivity. Individual appraisal is part of personnel management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which would constitute the simplest acceptable peer review team relationship formed from members of one or more outside organizations (denoted A, B, C, D, etc.) for purposes of an external quality assessment as part of a quality assurance and improvement program (QAIP)?

a) A reviews B, B reviews C, C reviews D, and D reviews A, but all rotate to new assignments the next time.

b) A reviews B, B reviews C, and C reviews A.

c) A reviews B, and B reviews A.

d) All teams do a self-assessment, and A provides independent validation for B, C, and D, with B taking over independent validation the next time, and so on.

A

b) A reviews B, B reviews C, and C reviews A.

Rationale
External quality assessment reviews may be performed by a peer review team formed using members from one or more outside organizations. Note that reciprocal arrangements such as peer A providing audit services for peer B and then peer B doing the same for peer A would compromise independence, but A auditing B, B auditing C, and C auditing A would be the simplest acceptable method of those listed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

It would be inappropriate for which of the following to serve as a member of a team conducting a periodic external review of the internal audit activity in an organization’s regional office?

a) Internal audit peer from another organization’s internal audit activity

b) Outside certified public accountant with internal audit experience who has been an external auditor of the organization’s financial reports

c) Auditor from headquarters who is not a member of the regional audit activity

d) Tax consultant who has no audit experience but who will review only technical matters related to tax audits

A

d) Tax consultant who has no audit experience but who will review only technical matters related to tax audits

Rationale
There are advantages and drawbacks in regard to the independence, objectivity, or cost of these various potential team members, but only the consultant with no internal audit experience clearly falls outside the pool of potential external quality reviewers. Outside consultants should be experienced in internal auditing and able to appraise all types of operations in the internal audit activity. Internal peer group consultants may include auditors from headquarters who are outside the subsidiary or regional office, but only if the chief audit executive and the audit committee determine that they have the required independence and objectivity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A chief audit executive (CAE) needs to establish an effective performance measurement process. The CAE should begin

a) by defining internal audit effectiveness.

b) by identifying key internal and external stakeholders.

c) by monitoring and reporting results.

d) by developing measures of audit effectiveness and efficiency.

A

a) by defining internal audit effectiveness.

Rationale
The IIA’s Practice Guide “Measuring Internal Audit Effectiveness and Efficiency” describes four steps for effective performance measurement: (1) define internal audit effectiveness; (2) identify key internal and external stakeholders; (3) develop measures, or key performance indicators (KPIs), of internal audit effectiveness and efficiency; and (4) monitor and report results.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

External assessments must be conducted at least once every ____ years by a qualified, independent assessor or assessment team from outside the organization.

a) 5
b) 2
c) 3
d) 10

A

a) 5

Rationale
According to Standard 1312, “External Assessments,” external assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Why should a chief audit executive (CAE) recommend that the results of an external quality assessment be shared with the board?

a) To increase communications between the internal audit activity and the audit committee

b) To motivate staff in the internal audit activity to accept the need for external assessment

c) To provide accountability and transparency for the internal audit activity’s operations

d) To emphasize the importance of the internal audit activity’s charter

A

c) To provide accountability and transparency for the internal audit activity’s operations

Rationale
According to Performance Standard 2060, “The chief audit executive must report periodically to senior management and the board on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan and on its conformance with the Code of Ethics and the Standards. Reporting must also include significant risk and control issues, including fraud risks, governance issues, and other matters that require the attention of senior management and/or the board.” By reporting audit results to the board, a CAE provides accountability and transparency for the audit activity’s operations. Also, Attribute Standard 1320, “Reporting on the Quality Assurance and Improvement Program,” indicates, “The chief audit executive must communicate the results of the quality assurance and improvement program to senior management and the board…”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A quality assurance and improvement program (QAIP) rating of “Generally conforms” is one of the results possible from the ___________________ rating scale.

a) IIA’s Assessment

b) IIA’s Capability Model for the Public Sector

c) DIIR (IIA-Germany) Guideline for Conducting a Quality Assessment

d) IIA’s Quality Assessment Manual

A

d) IIA’s Quality Assessment Manual

Rationale
A QAIP should include a rating scale to assess the level of conformance of the internal audit activity with the Standards. Different options are available when deciding which assessment scale better suits particular needs. An example is the scale in The IIA’s Quality Assessment Manual.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

To implement IIA Standard 1300 – Quality Assurance and Improvement Program, the chief audit executive must consider requirements related to which essential component(s)?

a) Schedules of external assessments.

b) Internal and external assessments.

c) The proper use and explanation of nonconformance statements.

d) The documented qualifications of external assessors.

A

b) Internal and external assessments.

Rationale
Per IIA Standard 1300- Quality Assurance and Improvement Program: The quality assurance and improvement program should encompass all aspects of operating and managing the internal audit activity, including consulting engagements, as found in the mandatory elements of the IPPF.Disclosure of Nonconformance is required per IIA Standard 1322: Disclosure of Nonconformance, and is required when nonconformance with the Code of Ethics or the Standards impacts the overall scope or operation of the internal audit activity. Documented qualifications of external assessors is not required per IIA Standard 1300. Per IIA Standard 1312, not all members of the team need to have all the competencies; it is the team as a whole that is qualified. Also, according to IIA Standard 1312, external assessments must be conducted at least once every five years, and its schedule is not required to be published.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

An external quality assessment as part of a quality assurance and improvement program (QAIP) of an internal audit department provides reasonable assurance of what?

a) Senior management’s and board of directors’ level of satisfaction with assurance and consulting services

b) Auditor training that addresses all gaps in auditor knowledge needed to satisfy the annual audit plan

c) Audit program continual improvement, including auditors delivering assurance and consulting services at or above the requirements in the charter

d) Conformance of audit work with all mandatory guidance including Code of Ethics and the Standards

A

d) Conformance of audit work with all mandatory guidance including Code of Ethics and the Standards

Rationale
The mandatory element of an external quality assessment as part of a QAIP is to assess conformance to the mandatory guidance and provide an opinion as to whether the internal auditing activity generally conforms to the Code of Ethics and all of the Standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which statement best describes the purpose of the Quality Assurance and Improvement Program?

a) It is designed to assess the internal audit activity’s capabilities to accurately estimate level of effort.

b) It is designed as a communication tool for informing the organization of internal audit’s findings, observations, and recommendation.

c) It is designed to enable an evaluation of the internal audit activity’s conformance with the mandatory elements of the IPPF.

d) It is designed to establish a full external assessment’s scope, methods, expectations, and value.

A

c) It is designed to enable an evaluation of the internal audit activity’s conformance with the mandatory elements of the IPPF.

Rationale
IIA Standard 1300 – InterpretationA quality assurance and improvement program is designed to enable an evaluation of the internal audit activity’s conformance with the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the internal audit activity and identifies opportunities for improvement. The chief audit executive should encourage board oversight in the quality assurance and improvement program.While communicating results of an engagement is indeed required, it is a requirement based on IIA Standard 2400: Communicating Results. There is no IIA Standard that requires that the internal audit activity’s capability to accurately estimate the level of effort. A full external assessment’s scope, methods, expectations, and value are not a requirement of the Quality Assurance and Improvement Program. The external quality assessor will follow the guidance in the Quality Assessment Review manual.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

When nonconformance with the Code of Ethics or the Standards impacts the overall scope or operation of the internal audit activity, the chief audit executive (CAE) must disclose the nonconformance and the impact to whom?

a) Ethics officer and the audit committee
b) Compliance officer and the board
c) Senior management and the board
d) Chief financial officer and the audit committee

A

c) Senior management and the board

Rationale
According to Standard 1322, “Disclosure of Nonconformance,” when nonconformance with the Code of Ethics or the Standards impacts the overall scope or operation of the internal audit activity, the CAE must disclose the nonconformance and the impact to senior management and the board.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following is an example of an internal audit effectiveness metric?

a) Client satisfaction ratings
b) Actual hours vs. budgeted hours
c) Staff utilization, direct vs. indirect time
d) Number of audits completed

A

a) Client satisfaction ratings

Rationale
Measures of effectiveness include:

  • Client satisfaction ratings.
  • Staff satisfaction ratings.
  • Number of significant audit findings.
  • Percent of recommendations implemented.
  • Number of repeat findings.
  • Number of open audit findings past planned corrective action date.
  • Number of unsatisfactory internal audit opinions.
24
Q

A department conducts internal assessments annually and communicates results to the board. They recently underwent an external quality assessment, and it was determined that the department conforms to all aspects of the Standards. The quality assurance (QA) team noted, however, that the auditors were allowed to accept gifts of nominal value, went to golf outings with management, and lunched with executives quite often. The chief audit executive (CAE) believes this is important, as it builds strong relationships with management and allows the department to get better cooperation. What should the conformance statement in the QA team’s report say in relation to the International Professional Practices Framework (IPPF) and The IIA’s Code of Ethics?

a) Since the department complies with the Standards, no statement is required.

b) While the department conforms to the IPPF, it does not conform to The IIA’s Code of Ethics.

c) Regardless of what it says in the organization’s policy about gifts, outings, and lunches, the department conforms to the IPPF and The IIA’s Code of Ethics.

d) If the auditors’ actions related to gifts, outings, and lunches are allowed under current organizational policy, then the report can indicate that the department conforms to the IPPF and The IIA’s Code of Ethics.

A

b) While the department conforms to the IPPF, it does not conform to The IIA’s Code of Ethics.

Rationale
Both internal and external assessments of the internal audit activity are performed to evaluate and express an opinion on the activity’s conformance with the IPPF and The IIA’s Code of Ethics. In this case, the behavior goes beyond what would be considered reasonable in The IIA’s Code of Ethics and results in the appearance of lack of objectivity (or actual conflict of interest).

25
Q

Who is the main beneficiary of quality assurance and improvement program (QAIP) internal and external assessments?

a) Senior management
b) Audit committee
c) Chief audit executive
d) Internal audit staff

A

c) Chief audit executive

Rationale
Both internal and external QAIP assessments of the internal audit activity are performed to evaluate and express an opinion on the activity’s conformance with the International Professional Practices Framework and The IIA’s Code of Ethics. The chief audit executive is the main beneficiary of these internal and external assessments.

26
Q

An organization’s internal audit activity has limited resources. Of those listed, which is its best option for an external quality assessment review as part of a quality assurance and improvement program?

a) Team that is totally independent of the organization that is being reviewed

b) Peer review team formed using members from one or more outside organizations

c) Periodic assessment by other persons within the organization with sufficient knowledge of internal audit practices

d) Self-assessment with independent validation (SAIV)

A

d) Self-assessment with independent validation (SAIV)

Rationale
A self-assessment with independent validation (SAIV) is an external quality assessment performed by an independent, qualified reviewer/team to validate a self-assessment. A self-assessment might be used when there are limited resources available. Assessments by other persons within the organization with sufficient knowledge of internal audit practices is a type of internal, not external, assessment.

27
Q

A quality assurance and improvement program (QAIP) requires what two types of assessments to be performed?

a) Operational and information technology
b) Efficient and effective
c) Code of ethics and standards
d) Internal and external

A

d) Internal and external

Rationale
Standard 1310 communicates the requirements that make up the QAIP, which covers all aspects of the internal audit activity. Specifically, the standard indicates that both internal and external assessments are required.

28
Q

Which statement best describes a benefit of performing ongoing monitoring of performance of the Quality Assurance and Improvement Program?

a) Ongoing monitoring of internal audit performance is necessary in order to successfully conduct an internal self-assessment.

b) Ongoing monitoring evaluates conformance with the Mission of Internal Audit and the Standards when an external assessment is not performed.

c) Ongoing monitoring eliminates the need for internal audit to establish key performance indicators.

d) Ongoing monitoring is a part of the necessary review for communicating internal audit status to an organization’s stakeholders.

A

a) Ongoing monitoring of internal audit performance is necessary in order to successfully conduct an internal self-assessment.

Rationale
IIA Standard 1311 – Interpretation: Ongoing monitoring is an integral part of the day-to-day supervision, review, and measurement of the internal audit activity. Ongoing monitoring is incorporated into the routine policies and practices used to manage the internal audit activity and uses processes, tools, and information considered necessary to evaluate conformance with the Code of Ethics and the Standards. Ongoing monitoring is part of routine policies, practices, processes, tools, and information necessary to evaluating conformance to the IPPF. The focus of ongoing monitoring is at the engagement level, and it is achieved through continuous activities conducted on an engagement-by-engagement basis, including engagement supervision, standardized work practices, work paper procedures and sign-offs, report reviews, assessments of areas of weakness, and any related action plans developed to address those weaknesses.

29
Q

An experienced chief audit executive (CAE) takes over the internal audit operations at a company. The department has 12 auditors, and it reports to the internal audit committee and administratively to the chief executive officer. The previous CAE retired after 10 years with the company, in good standing. As part of the quality assurance and improvement program (QAIP), a external quality assurance review was performed six months ago, and it concluded that the department was in full conformance with the International Professional Practices Framework. The new CAE is considering having another external quality assurance review performed in the upcoming months. What would be the CAE’s best approach?

a) Have a quality assurance review performed with an independent validator.

b) The CAE should wait the full five years for the next quality assurance review, since the internal audit department was in full compliance with the IPPF.

c) Have another quality assurance review performed immediately. Since the previous CAE is no longer there, the earlier quality assurance review is disqualified.

d) Evaluate the performance of the department before deciding to conduct another quality assurance review sooner than the usual five years between reviews.

A

d) Evaluate the performance of the department before deciding to conduct another quality assurance review sooner than the usual five years between reviews.

Rationale
It would be best to evaluate the performance of the department over the next several months and determine whether a quality assurance review should be performed sooner than the usual five years between external reviews.

30
Q

Evidence that ongoing monitoring activities are being performed in accordance with the internal audit activity’s quality assurance and improvement program (QAIP) is required to support conformance with Standard 1311. Which of the following is an example of such evidence?

a) Code of ethics

b) Key performance indicators (KPIs)

c) Quality assessment manual for internal audit activity

d) Due professional care

A

b) Key performance indicators (KPIs)

Rationale
Multiple items may indicate conformance with Standard 1311, including any evidence that ongoing monitoring activities have been completed according to the internal audit activity’s QAIP. Examples may include completed checklists that support workpaper reviews, survey results, and KPIs related to the efficiency and effectiveness of the internal audit activity, such as an analysis of budget-to-actual engagement hours. In addition, conformance may be demonstrated by documentation of completed periodic assessments, which include the scope of the review and approach plan, workpapers, and communication reports. Finally, presentations to the board and management, meeting minutes, and the results of both ongoing monitoring and periodic self-assessment—including corrective action plans and corrective actions taken to improve conformance, efficiency, and effectiveness—may indicate conformance.

31
Q

Quality is achieved more economically if the company focuses on

a) prevention costs.
b) appraisal costs.
c) external failure costs.
d) internal failure costs.

A

a) prevention costs.

Rationale
Prevention costs prohibit poor-quality services from being performed in the first place. Appraisal and internal and external failure costs are corrective actions that are costly.

32
Q

Which is considered a part of an internal audit activity’s quality assurance and improvement program, rather than the chief audit executive’s regular duties and responsibilities?

a) The chief audit executive conducts annual performance appraisals with feedback for each internal auditor on staff.

b) The chief audit executive or delegate performs ongoing monitoring of the performance of the internal audit activity.

c) The chief audit executive presents the internal audit charter to senior management and the board for review and approval.

d) The chief audit executive periodically reports to senior management and the board on the internal audit activity’s performance relative to its audit plan.

A

b) The chief audit executive or delegate performs ongoing monitoring of the performance of the internal audit activity.

Rationale
Per IIA Standard 1311: Internal Assessments, internal assessments must include: Ongoing monitoring of the performance of the internal audit activity. Periodic self-assessments or assessments by other persons within the organization with sufficient knowledge of internal audit practices.

33
Q

The chief audit executive must communicate the results of the quality assurance and improvement program to senior management and the board. Disclosure should include which of the following?

a) The qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest; the preliminary discussion with senior management; and the conclusions of the assessors, which include suggested corrective action plans.

b) The qualifications and independence of the assessor(s) or assessment team, the transcript of the preliminary discussion with senior management and the board, and the corrective action plans.

c) The scope and frequency of both the internal and external assessments, the qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest, the conclusions of assessors, and the corrective action plans.

d) The scope and frequency of the internal and external assessments, the qualifications of the assessor(s) or assessment team, and the form and frequency of the assessment.

A

c) The scope and frequency of both the internal and external assessments, the qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest, the conclusions of assessors, and the corrective action plans.

Rationale
IIA Standard 1320 - Interpretation: In accordance with IIA Standard 1320, “The chief audit executive must communicate the results of the quality assurance and improvement program to senior management and the board. Disclosure should include: The scope and frequency of both the internal and external assessments. The qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest. Conclusions of assessors. Corrective action plans. The form and frequency of the assessment is not a requirement of the chief audit executive’s reporting on the quality assurance and improvement program. While the form, content, and frequency of communicating the results of the quality assurance and improvement program is established through discussions with senior management and the board, a discussion, or a transcript of the discussion, is not required as part of the disclosure when reporting on the quality assurance and improvement program.

34
Q

Who is responsible for communicating the results of the quality assurance and improvement program (QAIP) to senior management and the board?

a) Chief executive officer (CEO)
b) Chief financial officer (CFO)
c) Chief audit executive (CAE)
d) Chief operating officer (COO)

A

c) Chief audit executive (CAE)

Rationale
As described in Standard 1320, “Reporting on the Quality Assurance and Improvement Program,” the CAE must communicate the results of the QAIP to senior management and the board. Disclosures should include:

  • The scope and frequency of both the internal and external assessments.
  • The qualifications and independence of the assessor(s) or assessment team, including potential conflicts of interest.
  • The conclusions of the assessors.
  • Corrective action plans.
35
Q

Which statement applies to the 1300 series of standards on quality assurance and improvement?

a) Internal assessments must include both ongoing monitoring of internal audit performance as well as periodic self-assessments or assessments by those with sufficient knowledge of internal audit practices.

b) The review process is designed to improve the operations of major, well-established internal audit activities and should be limited in scope for small or new internal audit activities.

c) The review process must assess the degree to which consulting, but not assurance, engagements add value to the organization and improve operations.

d) The standards focus on the client and the ability of the internal audit activity to communicate with impact.

A

a) Internal assessments must include both ongoing monitoring of internal audit performance as well as periodic self-assessments or assessments by those with sufficient knowledge of internal audit practices.

Rationale
Attribute Standard 1311 states, “Internal assessments must include ongoing monitoring of the performance of the internal audit activity and periodic self-assessments or assessments by other persons within the organization with sufficient knowledge of internal audit practices.” The 1300 series of standards dictates specific activities that must be part of quality assurance and improvement programs, whether the internal audit activity is small or large or basic or well-established. The standards require that any quality program cover all aspects of the internal audit activity and that the process must assess the degree to which the activity (both assurance and consulting) is adding value to the organization and improving operations.

36
Q

The requirements for a quality assurance and improvement program indicate that the chief audit executive (CAE) is responsible for ensuring that the internal audit activity conducts an internal assessment that includes both ________ monitoring and ________ self-assessments.

a) internal; external
b) ongoing; periodic
c) operational; information technology
d) efficient; effective

A

b) ongoing; periodic

Rationale
As Standard 1311 indicates, the CAE is responsible for ensuring that the internal audit activity conducts an internal assessment that includes both ongoing monitoring and periodic self-assessments. Internal assessments validate that the internal audit activity continues to conform with the International Standards for the Professional Practice of Internal Auditing and The IIA’s Code of Ethics. The CAE understands that the internal assessments focus on continuous improvement of the internal audit activity and involve monitoring its efficiency and effectiveness.

37
Q

In relation to a quality assurance and improvement program (QAIP), what is required for internal auditors to assert that the internal audit activity conforms with the Code of Ethics and the Standards?

a) All that is required is that an external review was passed within the last five years.

b) Both internal and external assessment results must support such a statement.

c) Management, the chief executive officer, and the audit committee must express satisfaction (in writing) with the results of an internal or external QAIP.

d) The department must have an internal audit charter that specifies using a QAIP and is signed by the chair of the audit committee.

A

b) Both internal and external assessment results must support such a statement.

Rationale
Internal auditors may assert that the internal audit activity conforms with Code of Ethics and the Standards only if the results of the QAIP, including both internal and external assessment results, support such a statement.

38
Q

The internal audit activity conforms to the Code of Ethics and the Standards when it achieves the outcomes described therein. As such, external assessments must be conducted at least once every _______ year(s) by a qualified, independent assessor or assessment team.
a) Two.
b) Three
c) One.
d) Five.

A

d) Five.

Rationale
Per IIA Standard 1312: External Assessments, external assessments must be conducted at least once every five years by a qualified, independent assessor or assessment team outside the organization. The chief audit executive must discuss with the board: The form and frequency of external assessment. The qualifications and independence of the external assessor or assessment team, including any potential conflict of interest. IIA Standard 1312 - Interpretation: External assessments may be accomplished through a full external assessment, or a self-assessment with independent external validation. The external assessor must conclude as to conformance with the Code of Ethics and the Standards; the external assessment may also include operational or strategic comments.

39
Q

A mineral extraction organization is subject to heavy government regulation. Which of the following is primarily an internal audit activity that should provide timely periodic validation of compliance with applicable laws, regulations, and government or industry standards?

a) Compliance monitoring

b) External assessments

c) Balanced scorecard for internal auditing departments

d) Internal assessments

A

d) Internal assessments

Rationale
Internal assessments, as part of a quality assurance and improvement program, should include periodic validations of compliance with applicable laws, regulations, and government or industry standards. External assessments generally focus on other things than laws, regulations, and standards, and even if they do address these things, they would not be timely, since they are done only every five years or so. Compliance monitoring is usually conducted by compliance officers outside of internal auditing.

40
Q

For internal assessments, the chief audit executive (CAE) must share the results with

a) affected operations management and senior management only.

b) senior management and the board.

c) the Institute of Internal Auditors and external auditors.

d) the board only.

A

b) senior management and the board.

Rationale
For internal assessments, the CAE must share the results with senior management and the board, per Attribute Standard 1320, “Reporting on the Quality Assurance and Improvement Program.”

41
Q

The objective of evaluating an internal audit activity’s stakeholder satisfaction, audit processes, and internal audit innovation and capabilities is to measure

a) strategies.
b) compliance with the Code of Ethics.
c) performance effectiveness.
d) conformance with the Standards.

A

c) performance effectiveness.

Rationale
The internal audit activity should identify key performance measurement categories such as stakeholder satisfaction, audit processes, and internal audit innovation and capabilities. To develop measurements of internal audit effectiveness, there must be an understanding of key stakeholders’ expectations of the internal audit activity as well as what internal audit attributes, deliverables, and capabilities these key stakeholders value and related shortcomings or advancements in these areas.

42
Q

According to Standard 1312, external assessments “must be conducted at least once every five years by a qualified, independent assessor or assessment team from outside the organization.” Which of the following best describes a situation where a more frequent review may be appropriate?

a) The organization is in an industry subject to extensive regulation and/or supervision.

b) There was recent extensive benchmarking with industry best practices.

c) There is a merger of two audit functions in an acquisition.

d) The organization is subject to extensive external oversight and direction relating to governance and internal controls.

A

c) There is a merger of two audit functions in an acquisition.

Rationale
The chief audit executive must discuss with the board the need for more frequent external assessments. More frequent reviews may be appropriate, particularly when there have been significant changes in the internal audit function or the organization itself. Implementation Guide 1312 recognizes the other alternatives shown here as circumstances where a full external assessment by an independent team may not be necessary.

43
Q

Key stakeholders for the internal audit activity may be internal or external. Which of the following are internal stakeholders?

a) Board of directors (or a committee such as the audit committee)
b) Vendors
c) External auditors
d) Regulatory bodies

A

a) Board of directors (or a committee such as the audit committee)

Rationale
Internal stakeholders include the board of directors (or a committee such as the audit committee), senior management, operations and support management, and internal auditors.

External stakeholders include regulatory bodies and standards setters, external auditors, third-party vendors, and third-party customers.

44
Q

Which of the following is an essential component of an effective quality assurance and improvement program (QAIP)?

a) Communication of results
b) Due professional care
c) Code of ethics
d) Proficiency

A

a) Communication of results

Rationale
To implement Standard 1300, the chief audit executive must consider the requirements related to the five essential components of a QAIP:

  • Internal assessments (Standard 1311)
  • External assessments (Standard 1312)
  • Communication of QAIP results (Standard 1320) (The CAE must communicate the results of the QAIP to senior management and the board.)
  • Proper use of a conformance statement (Standard 1321)
  • Disclosure of nonconformance (Standard 1322)
45
Q

What are the requirements related to the five essential components of a QAIP that the chief audit executive must consider to implement Standard 1300

A

To implement Standard 1300, the chief audit executive must consider the requirements related to the five essential components of a QAIP:

  • Internal assessments (Standard 1311)
  • External assessments (Standard 1312)
  • Communication of QAIP results (Standard 1320) (The CAE must communicate the results of the QAIP to senior management and the board.)
  • Proper use of a conformance statement (Standard 1321)
  • Disclosure of nonconformance (Standard 1322)
46
Q

According to IIA guidance, the chief audit executive should make a disclosure to senior management and the board whenever which of the following occurs?

a) The internal audit activity does not conform to the Standards.

b) The internal audit activity does not conform to the Standards or the internal auditors do not comply with The IIA’s Code of Ethics.

c) Nonconformance to the Standards or The IIA’s Code of Ethics affects the overall operation of the internal audit activity.

d) The internal auditors do not comply with The IIA’s Code of Ethics.

A

c) Nonconformance to the Standards or The IIA’s Code of Ethics affects the overall operation of the internal audit activity.

Rationale
According to Standard 1322, “Disclosure of Nonconformance,” when nonconformance with the Code of Ethics or the Standards impacts the overall scope or operation of the internal audit activity, the chief audit executive must disclose the nonconformance and the impact to senior management and the board.

47
Q

Which audit step is the best example of innovation in internal auditing to promote growth and to meet the ever-changing needs of stakeholders?

a) Using existing audit software to perform 100% sampling of the population

b) Developing a redundant duplicate payment test in an accounts payable audit

c) Recommending what components should be considered in a balanced scorecard for the department subject to the audit

d) Sending a purchased product to an independent lab to ensure that it meets contract specifications

A

c) Recommending what components should be considered in a balanced scorecard for the department subject to the audit

Rationale
Innovation in internal auditing is both crucial for its growth and necessary in meeting the ever-changing needs of stakeholders. Internal audit should find ways to be more forward-looking by embracing change and driving improvement and innovation. Recommending what components should be considered in a balanced scorecard for the department subject to the audit would be an innovative step.

48
Q

Which statement applies to the 1300 series of standards on quality assurance and improvement?

a) Internal assessments must include both ongoing monitoring of internal audit performance as well as periodic self-assessments or assessments by those with sufficient knowledge of internal audit practices.

b) The review process is designed to improve the operations of major, well-established internal audit activities and should be limited in scope for small or new internal audit activities.

c) The review process must assess the degree to which consulting, but not assurance, engagements add value to the organization and improve operations.

d) The standards focus on the client and the ability of the internal audit activity to communicate with impact.

A

a) Internal assessments must include both ongoing monitoring of internal audit performance as well as periodic self-assessments or assessments by those with sufficient knowledge of internal audit practices.

Rationale
Attribute Standard 1311 states, “Internal assessments must include ongoing monitoring of the performance of the internal audit activity and periodic self-assessments or assessments by other persons within the organization with sufficient knowledge of internal audit practices.” The 1300 series of standards dictates specific activities that must be part of quality assurance and improvement programs, whether the internal audit activity is small or large or basic or well-established. The standards require that any quality program cover all aspects of the internal audit activity and that the process must assess the degree to which the activity (both assurance and consulting) is adding value to the organization and improving operations.

49
Q

Periodic internal assessments of the Quality Assurance and Improvement Program may include:

a) Oversight by an external, qualified, and independent assessor or assessment team.

b) Benchmarking of the internal audit activity’s practices and performance against industry-specific best practices.

c) Preliminary discussions with senior management regarding the type of internal assessment that will take place.

d) Ongoing monitoring of the performance of the internal audit activity.

A

d) Ongoing monitoring of the performance of the internal audit activity.

Rationale
Per IIA Standard 1311: Internal Assessments, internal assessments must include: Ongoing monitoring of the performance of the internal audit activity. Periodic self-assessments or assessments by other persons within the organization with sufficient knowledge of internal audit practices.

While the chief audit executive should encourage board oversight in the external assessment to reduce perceived or potential conflicts of interest (IIA Standard 1312), the Quality Assurance and Improvement Program does not require the chief audit executive to discuss with senior management the type of internal assessment that will take place.

While benchmarking an internal audit activity’s practices and performance against best practices may provide insight, it is not required as part of an internal assessment.

Oversight by an external, qualified, and independent assessor or assessment team is not a part of an internal assessment.

50
Q

A quality assessment team that is part of a quality assurance and improvement program has selected ten sets of workpapers to be reviewed for conformance to the Standards. The department uses manual workpapers because there are only five team members. The chief audit executive is unable to provide one set of workpapers because they have been lost. The review of the remaining nine sets of workpapers demonstrates conformance. What points should the quality assessment team include in its report?

a) The department “does not conform” to the Standards due to professional skepticism regarding the missing workpaper.

b) The department “generally conforms” to the Standards, but it would be best if the department migrates to the use of automated workpapers, as this is a best practice and could prevent loss of future workpapers.

c) The department “generally conforms” to the Standards. No mention of the missing workpaper is needed.

d) The department “partially conforms” to the Standards due to professional skepticism regarding the missing workpaper.

A

b) The department “generally conforms” to the Standards, but it would be best if the department migrates to the use of automated workpapers, as this is a best practice and could prevent loss of future workpapers.

Rationale
According to The IIA’s Quality Assessment Manual, the most important aspect of an assessment is the evaluation of the internal audit activity’s conformance to the Standards and its charter along with the extent of its use of current best practices and its program of continuous improvement. These evaluations should also include recommendations to enhance conformance to the Standards.

51
Q

Which of the following is the best approach for obtaining feedback from engagement clients on the quality of internal audit work?

a) Distributing questionnaires to selected engagement clients shortly before preparing the internal audit annual activity report

b) Providing questionnaires to engagement clients at the beginning of each engagement and requesting that the clients complete and return them after the engagement

c) Calling engagement clients after the exit interviews and sending copies of the documented responses to the clients

d) Asking questions during the exit interviews and sending copies of the documented responses to the clients

A

b) Providing questionnaires to engagement clients at the beginning of each engagement and requesting that the clients complete and return them after the engagement

Rationale
It is best practice to provide questionnaires to customers at the beginning of engagements, either routinely or periodically. The quality measures being used by the internal audit activity and the internal auditor are then clearly understood by the customer, and specific requirements and expectations can be noted by the internal auditor before the engagement begins. The customer can assess the quality of the internal audit work during the engagement and complete the questionnaire after it. This also encourages a continuous process of monitoring quality and providing feedback by the customer throughout the engagement.

52
Q

Periodic review of internal audit activity compliance with the activity charter, the Standards, and the Code of Ethics is primarily achieved through

a) Routine self-assessment.
b) analysis of performance metrics.
c) automated working paper procedures.
d) feedback from audit customers and other stakeholders.

A

a) Routine self-assessment.

Rationale
Internal audit departments can fulfill this type of periodic review by routinely conducting self-assessments.

53
Q

Evidence that ongoing monitoring activities are being performed in accordance with the internal audit activity’s quality assurance and improvement program (QAIP) is required to support conformance with Standard 1311. Which of the following is an example of such evidence?

a) Quality assessment manual for internal audit activity
b) Due professional care
c) Code of ethics
d) Key performance indicators (KPIs)

A

d) Key performance indicators (KPIs)

Rationale
Multiple items may indicate conformance with Standard 1311, including any evidence that ongoing monitoring activities have been completed according to the internal audit activity’s QAIP. Examples may include completed checklists that support workpaper reviews, survey results, and KPIs related to the efficiency and effectiveness of the internal audit activity, such as an analysis of budget-to-actual engagement hours.

In addition, conformance may be demonstrated by documentation of completed periodic assessments, which include the scope of the review and approach plan, workpapers, and communication reports.

Finally, presentations to the board and management, meeting minutes, and the results of both ongoing monitoring and periodic self-assessment—including corrective action plans and corrective actions taken to improve conformance, efficiency, and effectiveness—may indicate conformance.

54
Q

What would the final audit report for an external assessment most likely contain?

a) An opinion on the internal audit activity’s compliance with the Definition of Internal Auditing, the Code of Ethics, and the Standards, based on a structured rating process

b) Assessments and evaluations of the cost and length of time that the assessment took versus the benefit that will be received if the recommendations are adopted

c) Assessments and evaluations of the best practices of other companies’ internal audit quality assurance reviews benchmarked against those of the organization

d) A weighted score indicating the internal audit activity’s level of compliance with the Definition of Internal Auditing, the Code of Ethics, and the Standards, based on quantitative analysis

A

a) An opinion on the internal audit activity’s compliance with the Definition of Internal Auditing, the Code of Ethics, and the Standards, based on a structured rating process

Rationale
A formal report from an external assessment should contain an opinion on the internal audit activity’s compliance with the Definition of Internal Auditing, the Code of Ethics, and the Standards based on a structured rating process.

The cost and length of time that the assessment took should not be included in the final report communication; it would be communicated at the planning phase of the assessment.

55
Q

Which is considered an element of a quality assurance and improvement program (QAIP)?

a) Conformance with communication restrictions of senior management

b) Annual appraisals of individual internal auditors’ performance

c) Internal reviews of audits completed

d) Total objectivity of internal quality assessments

A

c) Internal reviews of audits completed

Rationale
Ongoing internal evaluations of the internal audit activity are performed in part by doing internal reviews of audits completed.

Because the CAE supervises internal quality assessments, this involvement precludes total objectivity.

Individual appraisal is part of personnel management.

56
Q

Which activity is designed to provide feedback on the effectiveness of an audit department for use in a quality assurance and improvement program (QAIP) ?

a) Proper training
b) External assessments at least annually
c) Proper supervision
d) Management-conducted performance reviews

A

c) Proper supervision

Rationale
The purpose of a QAIP is to evaluate the operations of the internal audit department. Standard 1300 states that such a program covers all aspects of the internal audit activity.

Implementation Guide 1300 states that the chief audit executive is accountable for implementing processes to evaluate the quality of the activities. These processes include appropriate supervision, periodic internal assessments and ongoing monitoring of quality assurance, and periodic external assessments (once every five years, not annually).

While proper training is required, it is not a feedback mechanism.

57
Q

An audit department of 12 staff members undergoes an internal assessment of their compliance to the Standards annually. An audit manager and Certified Internal Auditor (CIA) in the department performs the review under the direction of the chief audit executive (CAE). Who must the internal audit assessment be communicated to?

a) CAE
b) Audit committee of the board of directors
c) Chief executive officer, executive management, and key users receiving the internal audit services
d) There is no requirement to communicate the results of an internal quality assessment.

A

b) Audit committee of the board of directors

Rationale
Results of quality assurance and improvement program assessments, which indicate the internal audit activity’s level of conformance, must be communicated to senior management and the board, per Attribute Standard 1320, “Reporting on the Quality Assurance and Improvement Program.” Reporting to key users receiving the internal audit services is optional rather than mandatory.

CIA Part 1 (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions