Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
33 Cards in this Set
- Front
- Back
Which Standard applies to the IA Charter?
|
1000 - Purpose, Authority, and Responsibility
|
|
With what should the IA Charter be consistent? |
consistent with Definition of IA, Code of Ethics, and Standards
|
|
Who should regularly review the IA charter? |
regular review of the IA Charter by the CAE
|
|
Who should accept the IA charter |
acceptance of the IA charter by senior management
|
|
With whom does the final approval of the IA charter reside? |
final approval by the board
|
|
What does the IA charter establish? |
establishes the IA activity's position within the organization
|
|
What kind of reporting relationship with the board should the IA charter define? |
functional reporting relationship with the board
|
|
To what should the IA charter grant the IA access? |
should grant access to records, property, and personnel
|
|
What about the IA activities does the IA charter define? |
defines the scope of IA activities
|
|
Which Standard applies to the risk-based IA plan? |
2010 - Planning
|
|
How is the risk-based IA plan called as well? |
long-range plan
|
|
According to 1110 - Organizational Independence, who should approve the risk-based IA plan? |
the board
|
|
Who is responsible for developing the annual risk-based IA plan? |
CAE
|
|
What is the purpose of the risk-based IA plan? |
to determine the priorities of the IA activity, consistent with organizational goals
|
|
What should the CAE take into account when developing the annual risk-based IA plan?(2) |
"- risk management framework
- riks appetites set by management for the different activities of the organization |
|
"
What should the CAE do if the organization does not have a risk management framework? |
the CAE uses his own judgement of risks
|
|
In making his own judgement of risks, what must the CAE consider? |
consider the input from senior management and the board
|
|
What is usually the foundation of the annual risk-based IA plan? |
the audit universe
|
|
Of which plan may the audit universe include components? |
components of the organization's strategic plan
|
|
How often should the audit universe be updated at least? |
at least annually
|
|
|
"- Audit work schedule |
|
"
What does the audit work schedule include?(5) |
"- assessment of risk factors
- activities to be audited - time when activities will be audited - estimated audit time required (workload requirements) - identification of auditable locations |
|
"
The coverage of what does the audit work schedule ensure? |
the adequate audit coverage over time
|
|
How is the audit work schedule called as well? |
long-range schedule
|
|
Which two other IA plans do audit work schedules determine? |
"- staffing plan
- financial budget |
|
"
Which Standard applies to the audit work schedule, staffing plan, financial budget? |
PA 2020 - Communication and Approval
|
|
PA 2020 - Communication and Approval: To whom and how often must the CAE submit a summary of the IA audit plan, work schedule, staffing plan, and financial budget for approvel? |
annually to the board and senior management
|
|
In which plan are the risk-based plan, the work schedule, staffing plan, and financial budget included? |
IA operating plan
|
|
What should the operating plan additionally include? |
measurability criteria for engagement and targeted dates of engagement completion
|
|
Based on the analysis of what should auditable units be assigned to IA managers in the work schedule and IA department resource plan? |
based on risk and skill analysis
|
|
If the annual audit plan does not cover all material regulations affecting the company, whom should the IA inform about this limitation? |
senior management and the board
|
|
What is easer to measure: performance and results or morale? |
performance and results
|
|
Can personal feelings such as morale be measured objectively? |
yes, as objective tests are available
|