Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
21 Cards in this Set
- Front
- Back
|
Define internal auditing
|
Internal auditing has been defined (since June 1999) by the Institute of Internal Auditors as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
|
|
|
What are the key terms in the internal auditing definition and explain each
|
ASSURANCE refers to services that provide an objective examination of evidence for the purpose of providing an independent assessment on risk management, control or governance processes for the organization.
CONSULTING refers to services that are advisory and are intended to add value and improve an organization’s operations without the internal auditor assuming management responsibilities. ADDING VALUE refers to how the auditor can improve opportunities to achieve organizational objectives, identify operational improvements and /or reduce risk exposure. HELPING THE ORGANIZATION refers to the focus on the overall organizational objectives and on the way in which they are achieved operationally. RISK MANAGEMENT PROCESSES identify, assess, manage and control potential events to situations to provide reasonable assurance toward the achievement of the organization’s objectives. CONTROL PROCESSES are the policies, procedures, and activities that are part of a control framework, designed to ensure that risks are contained within the risk tolerances established by the risk management process. GOVERNANCE consists of the combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives. |
|
|
Describe the three elements that determine the scope of internal auditing.
|
1. Risk management – to identify and evaluate significant exposures to risk and contribute to the improvement of risk management and control systems.
2. Control – to maintain effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement. 3. Governance – to evaluate and improve the processes through which values and goals are established and communicated, the accomplishment of goals is monitored, accountability is ensured and values are preserved. |
|
|
Explain the main functions of management
|
1. Planning is developing a clear idea of the purpose, long- term objectives and short-term goals of an organization;
2. Organizing entails establishing a rule structure to help achieve the goals of the organization; 3. Directing is the process of inducing members of an organization to perform their roles successfully; 4. Controlling is the comparison of actual performance with pre-determined standards, plans or objectives. |
|
|
How do the main functions of management relate to achieving control
|
1. establish performance standards
2. measure performance 3. compare performance with standards 4. evaluate deviations 5. determine and implement corrective action 6. follow up on corrective action (return to step 2) |
|
|
Define risk
|
Risk is the possibility (uncertainty) of an event occurring that will have a (negative) impact on the achievement of objectives.
|
|
|
Define enterprise risk
|
Enterprise risk (also called business risk) is, therefore, the possibility (uncertainty) of an event occurring that will reduce the likelihood of an organization achieving its objectives.
|
|
|
How do risk and enterprise risk relate to the concept of control
|
Effective control provides reasonable (but not absolute) assurance that the entity will achieve its objectives (by reducing uncontrolled risks to an acceptable level) and therefore includes the identification and management of risks.
|
|
|
Explain the role of internal auditors in their organization
|
The internal auditor acts as a consultant to both management and the board of directors in assessing and improving the effectiveness and efficiency of the organization’s risk management, control and governance processes.
|
|
|
Compare the role of internal auditors in an organization to the role of external auditors in an organization
|
Internal auditors are responsible to the board and management of the organization; external auditors are responsible to the shareholders;
Internal auditors are independent of the functions that they audit but are not independent of the organization; external auditors must be independent of the organizations that they audit; The purpose of internal auditing is to improve organizational performance; the purpose of external auditing is to express an opinion on the organization’s financial statements; The scope of internal auditing covers all the activities of the organization; the scope of external auditing is limited to those areas impacting the financial statements; Internal auditing focuses on the appropriate design and implementation of management processes; external auditing focuses on financial statement balances at a point in time; Although internal auditing standards are set by the Institute of Internal Auditors, internal auditors are not required to be members of the IIA; external auditing standards are set by professional accounting organizations of which external auditors must be members. |
|
|
Describe the types of audits carried out by internal auditors.
|
Compliance audits focus on reviewing compliance with established policies, procedures, laws, etc.
Internal financial audits focus on the reliability and integrity of the accounting system and its output. Operational audits review an organization’s effectiveness, efficiency and economy of operations and recommend improvements. Comprehensive audits (mainly in the public sector) focus on financial verification, compliance and performance (value-for- money) assess Information Technology (IT) audits focus on the controls in computerized environments. Integrated audits are conducted when IT auditing is included within other types of internal audits. Fraud audits may be carried out by internal auditors when fraud exists or is suspected. Environmental audits assess the extent to which the entity is in compliance with regulatory requirements on environmental matters. |
|
|
Compare internal auditing and performance measurement.
|
- Internal auditing evaluates and reports on the degree of correspondence between performance and appropriate agreed-upon criteria.
- Internal auditing increasingly focuses on the evaluation of organizational effectiveness and efficiency and requires that measurable criteria be established against which to assess performance. - Performance measurement has the advantage of being a continuous process; internal auditing of particular activities is usually intermittent. |
|
|
Outline the role of the internal auditor in promoting ethical culture and standards in an organization.
|
Internal auditors should use their positions of trust and integrity to be advocates of ethical conduct. They should work towards increased compliance with legal, ethical and societal responsibilities.
Internal auditors should periodically assess the state of the ethical climate and evaluate the extent to which the organization fulfills its ethical responsibilities. This assessment should include evaluating compliance with the organization’s code of ethics. Unethical actions can pose a significant risk to an organization and should be reported to senior management or the board of directors. |
|
|
Apply ethical judgments in the context of the internal auditor’s work.
|
Examples of possible unethical activities encountered by internal auditors
By-passing of control procedures by employees. Manipulation of accounting information to improve performance. Personal travel or entertainment charged to the employer. Purchase kickbacks received by purchasing officers. Personnel in conflict of interest positions. |
|
|
Prepare a case analysis report from information provided on an internal auditing issue.
|
1. Skim the case.
2. Carefully reread the information. 3. Identify the problem areas and issues. 4. Analyze the data. 5. Generate alternatives. 6. Select the decision criteria. 7. Analyze and evaluate each alternative. 8. Make a recommendation or decision. 9. Write a report or action plan. |
|
|
a) Following the adoption of the current definition of internal auditing in 1999, the IIA significantly revised its Standards for the Professional Practice of Internal Auditing (now called International Standards for the Professional Practice of Internal Auditing). According to the definition and Performance Standards, what are the three areas of work for internal auditors?
1) Risk management, control and governance 2) Financial reporting, control and governance 3) Financial reporting, risk management, and control 4) Risk management, safeguarding of assets, and governance |
1
|
|
|
b) Planning is one of the four main functions of management. Which of the following management activities are part of effective planning?
1) Setting objectives and goals and verifying compliance with policies and procedures 2) Formulating programs and premises and indentifying budget variances for analysis 3) Preparing budgets and identifying budget variances for analysis 4) Setting objectives and goals and preparing budgets |
4
|
|
|
c) In addition to helping an organization evaluate and improve its risk management process, which of the following best describes how internal auditing helps an organization accomplish its goals?
1) It helps an organization evaluate and improve its control and governance processes. 2) It helps an organization evaluate and improve its strategic management and governance processes. 3) It helps an organization evaluate and improve its human resources management and governance processes. 4) It helps an organization evaluate and improve its financial management and governance processes. |
1
|
|
|
d) Which of the following best describes the responsibilities of the internal auditor?
1) Internal auditors are responsible for ensuring compliance and enforcement of all an organization’s policies, especially ethical policies relating to a corporate conflict of interest policy. 2) Internal auditors are expected to carry out fraud investigation assignments as long as management is willing to support the internal audit function. 3) As with any other employee, internal auditors’ access to information in the organization is restricted to their specific area of responsibility; accordingly, internal auditors must follow the ethical principle of respecting the confidentiality of financial, operational, and personal information when they seek information from other employees. 4) Internal auditors may be asked by management for an interpretation of relevant ethical standards, such as conflict of interest rules or corporate and professional codes of ethics. |
4
|
|
|
e) Management auditors’ contribution to the business is mainly measured by which of the following?
1) The auditors’ ability to assist in the performance of operational managers’ responsibilities 2) The effectiveness of the control systems they have set up 3) Their ability to monitor activities 4) The extent to which they increase public confidence in the company |
1
|
|
|
f) According to the definition and performance standards adopted by the Institute of Internal Auditors (IIA), controls should address which of the following?
1) The reliability and integrity of financial information, the reliability of services provided by the organization, the safeguarding of assets, and compliance with laws 2) The image projected by the company, the effectiveness and efficiency of the organization’s operations, the safeguarding of assets, and compliance with laws 3) The reliability and integrity of financial information, the effectiveness and efficiency of the organization’s operations, the safeguarding of assets, and compliance of activities with policies of the board of directors 4) The reliability and integrity of financial information, the effectiveness and efficiency of the organization’s operations, the safeguarding of assets, and compliance with laws |
4
|
