The Professional Internal Auditor Flashcards
Which professional designation created a guidance framework for internal auditors on their characteristics/qualities/attributes and the establishment of an internal audit activity?
- The Certified Internal Auditors (CIA) designation
- The code of ethics for internal auditors
- The attribute standards
The IACF distinguishes between what?
Competencies at various levels:
- namely chief audit executive
- senior internal auditor
- new internal audit staff
Which ten core competency areas for internal auditors identified in the IACF?
- Professional ethics
- Internal audit management
- IPPF
- Governance, risk and control
- Business acumen
- Communication
- Persuasion and collaboration
- Critical thinking
- Internal audit delivery
- Improvement and innovation
Which regulatory body developed the code of ethics to guide the behaviour of internal audit professional?
The Institute of Internal Auditors
What is the purpose of the code of ethics>
To promote an ethical culture in the profession of internal auditing.
- To guide ethical behaviour of auditors
- To prevent unethical behaviour
Finish the statement
Code of Ethics applies to all…
Individuals who render internal audit services as well as organisations that provide internal audit services
Which essential components does the code of ethics includes?
- Principles that are relevant to the profession and practice of internal auditing
- Rules of conduct that describes behaviour norms expected of internal auditors. These rules are an aid to interpreting the principles into practical applications and are intended to guide the ethical conduct of internal auditors
What is the consequences of non-adherence to the IIA’s code of ethics?
Suspension of IIA membership and retraction of IIA certification(s)
Which principles internal auditors are required to apply and uphold \?
- Integrity
- Objectivity
- Confidentiality
- Competency
Define integrity
Establishes trust and thus provides the basis for reliance on their judgement
Define objectivity
Internal auditors exhibit the highest level of professional objectivity in gathering evaluating, and communicating information about the activity or process being examined.
Internal auditors make a balances assessment of all relevant circumstances are not unduly influences by their own interests or by others in forming judgements
Discuss confidentiality
Internal auditors respect the value and ownership of information without appropriate authority unless there is a legal or professional obligation to do so.
Discuss competency
Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services
True or false
Confidentiality is the foundation of all other three principles
False
Integrity is the foundation of all other three principles
In relation to the rules of conduct.
Discuss internal auditors integrity
- shall perform their work with honesty, diligence and responsibility
- shall observe the law and make disclosures expected by the law and the profession
- shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the orgnisation
- shall respect and contribute to the legitimate and ethical objectives of the organisation
In relation to the rules of conduct.
Discuss objectivity of internal auditors
- shall not participate in any activity or relationships that may impair or be presumed to impair their unbiased assessment. Includes activities/relationships that may be in conflict with the interest of the organisation
- shall not accept anything that may impair/presumed to impair their professional judgement
- shall disclose all materials facts known to them, if not disclosed, may distort the reporting of activities under review
In relation to the rules of conduct.
Discuss the confidentiality of internal auditors
- shall be prudent in the use and protection of information acquired in the course of their duties
- shall not use information for any personal gain or any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organisation
In context of rules of conduct.
Disclose competency of internal auditors
- shall engage only in those services for which they have the necessary knowledge, skills, and experience
- shall perform internal audit services in accordance with the international standards for the professional practice of internal auditing
- shall continually improve their proficiency and the effectiveness and quality of their services
Attribute standards focus on what?
The characteristics of the internal auditing activity as well as on the individuals who perform the internal audit engagement.
Discuss 1000 - Purpose, Authority and responsibility
The purpose, authority and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent with the mission of internal audit and the mandatory elements of the IPPF.
The CAE must periodically review the internal audit charter and present it to senior management and the board for approval
How should 1000 be interpretated?
The internal audit charter is a formal document that defines the internal audit activity’s purpose, authority and responsibilty.
What does the internal audit charter establishes?
The internal audit activity’s position within the organisation.
- The nature of the CAE’s functional reporting relationship with the board.
- Authorises access to records, personnel and physical properties relevant to the performance of engagements.
- Defines the scope of IAA.
True or False
Final approval of the internal audit charter resides with the audit committee
False
Final approval of the internal audit charter resides with the board
Disclose 1000.A1
The nature of assurance services provided to the organisation must be defined in the internal audit charter.
If assurances are to be provided to parties outside the organisation, the nature of these assurances must be defined in the internal audit charter.
Annotate 1000. C1
The nature of consulting services must be defined in the internal audit charter
Who is responsible for drafting an internal audit charter?
The CAE
State 1010 - Recognizing mandatory guidance in the internal audit charter
The CAE can make specific statement in the internal audit charter recognising the adherence to mandatory elements
State 1100 - Independence and objectivity
The IAA must be independent, and IA must be objective in performing their work
How can the CAE achieve the degree of independence necessary to effectively carry out the responsibilities of the IAS?
The CAE must have direct and unrestricted access to senior management and the board. This is achieved through a dual reporting relationship
Discuss 1110 - Organisational independence
The CAE must report to a level within the org that allows the IAA to fulfil its responsibilities.
The CAE must confirm to the board, at least annually, the organisational independence of the IAA.
Annotate 1110. A1
The IAA must be free from interference in determining the scope of internal auditing, performing work, and communicating results. The CAE must disclose such interference to the board and discuss the implications
State 1111-Direct interaction with the board
The CAE must communicate and interact directly with the board
Which standard number is CAE roles beyond internal auditing?
1112
Interpret 1112
The CAE may be asked to take additional roles and responsibilities outside of internal auditing such as responsibility for compliance or risk management activities.
Will the additional roles the CAE take may impair or impair the organisational independence of the IAA or the individual objectivity of the IA?
Yes
What are the safeguards for standard 1112 ?
Oversight of activities, often undertaken by the board, to address these potential impairments.
The activities include:
- periodically evaluating reporting lines and responsibilities and developing alternative processes to obtain assurance related to the areas of additional responsibility
State 1120 - Individual objectivity
IA must have an impartial, unbiased and avoid conflict of interest
Disclose 1130 Impairment to independence or objectivity
If Independence or objectivity is impaired in fact or appearance, the details of the impairment must be disclosed to appropriate parties. The nature of the disclosure will depend upon the impairment.
Interpret 1130 Impairment of independence or objectivity
If it happens that an IA is in an situation where an actual or potential impairment to independence or objectvity may be reasonable be inferred, or if they have questions about whether a situation constitutes an impairment to objectivity or independence, these facts should be reported to the CAE and they should immediately re-assign the IA
State the scope of limitation of communication to the board, audit committee upon the IAA in relation to standard 1130
- the scope defined in the charter
- the accessing of records, personnel and physical properties relevant to performing engagement
- approved engagement work schedules
- approved staff plans and financial budget
True or false
The concept of gifts or fee does not include promotional items such as pens, calendars that are available to general public and minimal value
True
True or false
Its ethical for IA to accept a fee or gift
False
Its unethical for IA to accept a fee or gift as this may create an appearance that the IA is not objective.
State standard 1130 A.1
IA must refrain from assessing specific operations for which they were previously responsible. Objectivity is presumed to be impaired if an IA provides assurance services for an activity for which they had responsibility within the previous year
State 1130.A2
Assurance engagements for functions over which the CAE had responsibility must be oversee by a party outsIde the IAA
Disclose 1130.A3
The IAA may provide assurance services where it had previously performed consulting services, provided the nature of the consulting did not impair objectivity and provided individual objectivity is managed when assigning resources to the engagement
Annotate 1130.C1
IA may provide consulting services relating to operations for which they had previous responsibilities
What is 1130.C2
If IA have potential impairments to independence or objectivity relating to proposed consulting services, disclosures must be made to the engagement client prior to accepting the engagement
What is 1200 Proficiency and due professional care?
Engagements must be performed with proficiency and due professional care
State 1210 Proficiency
IA must possess the knowledge, skills and other competencies needed to perform their individual responsibilities. The IAA collectively must possess or obtain the knowledge, skills and other competencies needed to perform its responsibilities
What the knowledge, skills and other competencies needed by IA to perform their task with proficiency based on standard 1210 proficiency?
- applying the standards
- proficiency in accounting principles and techniques
- knowledge to identify the indicators of fraud
- knowledge of key IT risk and controls, and tecnhnology based audit techniques
- an understanding of management principles
- an appreciation of the fundamentals of accounting, economics, commercial law, tax, finance, quantitative methods, IT, risk management and fraud
- skilled on dealing with people
- understanding human relationships
- able to communicate effectively
State 1201.A1
The CAE must obtain competent advice and assistance if they IA’s lack the knowledge, skills or other competencies needed to perform all or part of the engagement
Disclose 1210.A2
IA must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the org, but not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud
What is 1210.A3
IA must have sufficient knowledge of key IT risks and controls and available technogy- based audit techniques to perform their assigned work. However, not IA are expected to have the expertise of an IA who is an expert
State 1210.C1
The CAE must decline the consulting engagement or obtain competent advice and assistance if the IA lack the knowledge, skills or other competencies needed to perform all or part of the engagement
Disclose 1220 Due professional care
IA must apply the care and skills expected of a reasonably prudent and competent IA. “Due professional care” does not imply infallibility
True or false
IA should be alert to intentional wrongdoings, errors and omissions. Based on standard 1220 due professional care
True
What should IA considering when exercising due professional care
- extent of work needed to achieve the engagement’s objectives
- relative complexity, materiality, or significance of matters to which assurance procedures are applied
- adequacy and effectiveness of governance, risk management, and control processes
- probability of significant errors, fraud, or non-compliance
- cost of assurance in relation to potential benefits
State 1220.A2
In exercising due professional care, IA must consider the of technology based audit and other data analysis techniques
Disclose 1220.A3
IA must be alert to the significant risks that might affect objectives, operations, or resources. However, assurance procedures alone, even when performed with due professional care, do no guarantee that all significant risks will be identified
Discuss 1220.C1
IA must exercise due professional care during consulting engagement by considering the :
- needs and expectations of clients
- relative complexity and extent of work needed to achieve the engagement’s objectives
- cost of consulting engagement in relation to potential benefits
Disclose 1230 Continuing professional development (CPD)
IA must enhance their knowledge, skills and other competencies through continuing professional development
What does continuing professional development entail?
IA must continue their education to enhance and maintain their proficiency.
Continuing education may be obtained through membership of professional societies, attending conferences, seminars, courses, in-house training and research projects
Annotate 1300 Quality assurance and improvemEnt programme (QAIP)
The CAE must develop and maintain a quality assurance and improvement programme that covers all aspects of the IAA
State 1310 Requirements of the quality assurance and improvement programme
The quality assurance and improvement programme must include both internal and external assessments
Discuss 1311 Internal Assessment
IA must include:
- on-going monitoring of the performance of the IAA
- periodic self-assessments or assessments by other persons within the org with sufficient knowledge of IA practices
Discuss 1312 External assessments
External assessments must be conducted at least once every 5 years by a qualified, independent assessor team from outside the org. The CAE must discuss with the board:
- the form and frequency of external assessement
- the qualifications and independence of the external assessor or assessment team, including any potential conflict of interest.
State 1320 Reporting on the quality assurance and improvement programme
The CAE must communicate the results of the quality assurance and improvement program to senior management and the board.
Disclosure should include:
- the scope and frequency of both the internal and external assessment
- the qualifications and independence of the assessor(s) or assessment teaam
- conclusion of assessors
- corrective action plans
Interpret 1320 Reporting on the quality assurance and improvement programme
The quality of assurance and improvement program is established through discussions with senior management and board
State 1321 Use of “Conforms to the International Standards for the professional Practices of IA”
Indicating that the IAA conforms with the International Standards for the professional Practices of IA is appropriate only if supported by the results of the quality assurance and improvement program
State 1321 Use of “Conforms to the International Standards for the professional Practices of IA”
Indicating that the IAA conforms with the International Standards for the professional Practices of IA is appropriate only if supported by the results of the quality assurance and improvement program
Disclose 1322 Disclosure of non-conformance
When non-conformance with the code of ethics or the standards impacts the overall scope or operation of the IAA, the CAE must disclose the non-conformance and the impact to senior management and the board
