UNIT 4: THE INTERNAL AUDIT PLAN Flashcards
What is included in the audit universe?
All business units, processes, or operations that can be evaluated and defined.
Besides the audit universe, what else is the internal audit activity’s audit plan based on?
Assessed risks
Input from senior management and the Board
List internal risk factors.
Quality of and adherence to controls Degree of change Timing and results of last engagement Impact Likelihood Materiality Asset liquidity Management competence
List external risk factors.
Competitor actions Suppliers Industry issues Employee relations Government relations
Define risk management as defined by The IIA.
A process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives.
Define inherent risk.
The susceptibility of information or data to a material misstatement given no related mitigating controls.
Name three traits of risk registers (logs).
Identifies and analyzes risks
Should be systematic, complete, and accurate
Describes each risk, its impact and likelihood
Records planned responses if the event occurs
Records preventive measures
May document risks below the strategic level
With regard to risk, an internal audit plan focuses on
Unacceptable current risks requiring management action
Control systems on which the organization is most reliant
Areas where the difference between inherent risk and residual risk is great
Areas where inherent risk is very high
Define risk modeling.
An effective method used to rank and validate risk priorities when prioritizing engagements in the audit plan.
What is the audit risk model used by the AICPA?
Audit risk =
Risk of material misstatement × Detection risk-base
Audit risk =
(Inherent risk × Control risk) × Detection risk
Define audit risk in an internal audit context.
The risk that the auditor will provide senior management and the Board with flawed or incomplete information about governance, risk management, and control.
Define inherent risk in an internal audit context.
The risk arising from the nature of the account or activity under review.
Define control risk in an internal audit context.
The risk that the system of internal control designed and implemented by management will fail to achieve management’s goals and objectives for the account or activity under review.
Define detection risk in an internal audit context.
The risk that the auditor will fail to discover conditions relevant to the established audit objectives for the account or activity under review.
Which of the four risks–audit, inherent, control, or detection–is under the auditor’s direct control?
Detection risk.
