Vocab

Question 1

Controls that operate for the entire activity (area, process, or program)

Answer 1

Activity-level controls

Question 2

Reasonable assurance that the organizations risks have been managed effectively and that the organizations goals and objectives will be achieved efficiently and economically.

Answer 2

Adequate control

Question 3

Activities provided by the IAF, nature and scope are agreed with the recipients of the service, are intended to add value and improve an organization’s GRC

Answer 3

Advisory services

Question 4

A technique of coordinating multiple assurance activities designed to mitigate a known risk to a needed or desired level within an established risk tolerance

Answer 4

Assurance layering

Question 5

An objective examination of evidence for the purpose of providing an independent assessment of GRC for the organization.

Answer 5

Assurance services

Question 6

A compilation of the subsidiaries, business units, departments, groups, processes, or other established subdivision of an organization

Answer 6

Audit universe

Question 7

Aligning various assurance activities within an organization to ensure assurance gaps do not exist

Answer 7

Combined assurance

Question 8

An activity that, if key controls do not fully operate effectively, may help reduce the related risk.

Answer 8

Compensating control

Question 9

Advisory and relate client service activities, nature and scope agreed with the client, intended to add value and improve organizations GRC

Answer 9

Consulting services

Question 10

Any action taken by mgmt, board, other parties to manage risk and increase the likelihood that objectives and goals will be achieved

Answer 10

Control

Question 11

The portion of inherent risk that mgmt can reduce through day-to-day operations and mgmt activities

Answer 11

Controllable risk

Question 12

The excercise of ethical and effective leadership by the board toward the achievement of ethical culture, good performance, effective control and legitimacy.

Answer 12

Corporate governance

Question 13

Activity of contracting with a third party to collaborate in the provision of assurance and consulting services

Answer 13

Cosourcing

Question 14

An activity that is designed to discover undesireable events that have already occurred

Answer 14

Detective control

Question 15

A control that causes or encourages a desirable event to occur.

Answer 15

Directive control

Question 16

A process, effected by an entity’s BOD, Mgmt, and other personnel, applied in strategy setting and across the enterprise, designed to ID potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity obj.

Answer 16

ERM

Question 17

A control that operates across an entire entity

Answer 17

Entity-level controls

Question 18

The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the org

Answer 18

Governance

Question 19

The freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner

Answer 19

Independance

Question 20

A process, effected by an entity’s BOD, Mgmt, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives.

Answer 20

Internal control

Question 21

Actions carried out by management to assure the accomplishment of their obj

Answer 21

Management control

Question 22

An unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work quality and no quality compromises are made.

Answer 22

Objectivity

Question 23

The CAE’s line of reporting within the organization that allows the IAF to fulfill its responsibilities free from interference

Answer 23

Organizational independence

Question 24

An activity that operates within a specific process for the purpose of achieving process-level obj

Answer 24

Process-level control

Question 25

The portion of inherent risk that remains after mgmt executes its risk responses

Answer 25

Residual risk

Question 26

The possibility of an event occurring that will have an impact on the achievement of obj.

Answer 26

Risk

Question 27

The level of risk that an organization is willing to accept.

Answer 27

Risk appetite

Question 28

The ID and analysis of relevant risks to the achievement of an organization’s obj, forming a basis for determining how the risks should be managed

Answer 28

Risk assessment

Question 29

The maximum risk a firm may bear and remain solvent

Answer 29

Risk capacity

Question 30

A process to ID, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s obj

Answer 30

Risk management

Question 31

An action, or set of actions, taken by mgmt to reduce the impact and/or likelihood of a risk to a lower, more acceptable level

Answer 31

Risk mitigation

Question 32

The acceptable variation relative to performance to the achievement of obj

Answer 32

Risk tolerance

Question 33

Controls that operate within a transaction-processing system.

Answer 33

Transaction-level control

Question 33

A model of assurance that helps organizations ID structures and processes that best assist the achievement of obj and facilitate strong G and RM.

Answer 33

Three-lines model

Question 33

The practices of the internal audit activity, taken as a whole, satisfy the requirements of the Definition of Internal Auditing, the Code of Ethics, and the Standards.

Answer 33

Conformance

Question 34

Advisory and related client service activities, the nature and scope of which are agreed with the client and which are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility.

Answer 34

Consulting services

Question 35

The values and norms that exist in an organization

Answer 35

Culture

Question 36

A full evaluation of the performance of the internal audit activity performed by a qualified, independent assessor or assessment team from outside the organization. Must be conducted at least once every five years.

Answer 36

External assessment

Question 37

An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations; brings a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Answer 37

Internal auditing

Question 38

An organization’s approach to assess and eventually pursue, retain, or turn away from risk.

Answer 38

Risk attitude