Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
18 Cards in this Set
- Front
- Back
|
Describe the attribute standards governing internal auditing
|
1. The purpose, authority and responsibility of the internal audit activity must be formally defined in a charter and approved by the board.
2. The internal audit activity must be independent and internal auditors should be objective in performing their work. 3. Engagements must be performed with proficiency and due professional care. 4. The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. |
|
|
Describe the performance standards governing internal auditing
|
1. The chief audit executive must effectively manage the internal audit activity to ensure that it adds value to the organization.
2. The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes through a systematic and disciplined approach. 3. Internal auditors must develop and document a plan for each engagement, including the objectives, scope, timing and resource allocations. 4. Internal auditors must identify, analyze, evaluate and document sufficient information to achieve the engagement’s objectives. 5. Internal auditors must communicate the results of engagements. 6. The chief audit executive must establish and maintain a system to monitor the disposition of results communicated to management. 7. When the chief audit executive believes that senior management has accepted a level of residual risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management and, if necessary, the board. |
|
|
What are the key provisions of the Sarbanes - Oxley Act
|
Sarbanes-Oxley Act Section 302
Periodic statutory financial reports (of companies whose securities are traded in the United States) must include certifications that: the signing officers have reviewed the report; the report does not contain any untrue statements, material omissions and is not misleading; the financial statements and related information fairly present the financial position and results in all material respects; the signing officers are responsible for internal controls and have evaluated the controls within the last ninety days; a list of all control deficiencies and information on any fraud by employees involved in control activities; any significant changes in controls that could have a negative impact on the internal controls. Sarbanes-Oxley Act Section 404 Management must perform a formal assessment of its controls over financial reporting. Management must include in its annual report an assessment of its controls over financial reporting. The external auditor must provide an opinion on the effectiveness of the system of internal control over financial reporting. The report on internal control must contain: a statement of management’s responsibility for establishing and maintaining adequate internal control over financial reporting; a statement identifying the control framework used by management in its evaluation; management’s assessment of the effectiveness of the internal controls over financial reporting; and a statement that the auditors have issued an attest report on the controls over financial reporting. |
|
|
Determine the purposes and content of an internal audit charter.
|
Organizations must have a formal audit charter to define and communicate the purpose, authority and responsibility of the internal audit department.
The charter must be consistent with the definition of internal auditing, the IIA Code of Ethics and the Standards. The charter must be approved by senior management and the board. The charter should establish the position of the internal audit activity within the organization, set out the scope of its activities and guarantee access to personnel and records. Contents of the sample internal audit department charter (from Exhibit 2.2-1)  Mission and scope of work Accountability Independence Responsibility Authority Standards of audit practice |
|
|
Explain the importance of independence and objectivity in internal auditing
|
Objectivity is primarily a state of mind, a perspective that is neutral and free from undue influence (that is, an independent mental attitude). It is an unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they have an honest belief in their work product and that no significant quality compromises are made. Objectivity requires internal auditors not to subordinate their judgment on audit matters to that of others. The effectiveness of internal auditors is directly affected by their credibility and the extent to which management can trust the objectivity of the auditors’ reports. This trust is developed, in part, by ethical practices, including an objective state of mind.
In the definition of internal auditing adopted in 1999, the term “independent” was supplemented with the term “objective.” Independence was retained as a concept reflecting the freedom to determine the scope of work and perform the appropriate work without interference. For more on the importance of objectivity, read the following example. |
|
|
How are independence and objectivity achieved in internal auditing
|
the organizational status of the internal audit department
the authority and responsibility given to internal auditors the degree of objectivity maintained by internal auditors. The chief audit executive should be responsible to an individual in the organization with sufficient authority to promote independence and to ensure broad audit coverage, adequate consideration of engagement communications, and appropriate action on engagement recommendations. Ideally, the chief audit executive should report functionally to the board and administratively to the chief executive officer of the organization. The chief audit executive must have direct communication and interaction with the board of directors. |
|
|
Identify the main standards for proficiency and due professional care in internal auditing.
|
1. Internal auditors and internal audit departments must possess the knowledge, skills and competencies needed to perform their responsibilities.
2. Internal auditors must apply the care and skills expected of a reasonably prudent and competent internal auditor. 3. Internal auditors must enhance their knowledge, skills, and competencies through continuing professional development. |
|
|
Outline the main requirements of using outsourced resources in internal auditing.
|
When outside service providers are used, the chief audit executive should assess their competency, independence and objectivity in relationship to the specific engagement to be performed.
The chief audit executive should agree on the scope of work with the outside service provider before work commences. The chief audit executive should ensure that the work done by the outside service provider complies with the appropriate professional standards. |
|
|
State the standards for the proper management of the internal audit department, including quality assurance.
|
establish risk-based plans to determine priorities for the internal audit activity that are consistent with the organization’s goals.
communicate the department’s plans and resource requirements to senior management and the board for review and approval. ensure that the resources are appropriate, sufficient and effectively deployed to achieve the approved plan. establish policies and procedures to guide the internal audit activity. Quality Assurance; Internal auditor must: adopt a process to monitor and assess the overall effectiveness of its quality programs provide for internal assessments performed both by members of the department and by others in the organization arrange for external quality assurance reviews to be conducted at least once every five years report the result of the external assessment to the board |
|
|
Describe the attribute standards governing internal auditing
|
1. The purpose, authority and responsibility of the internal audit activity must be formally defined in a charter and approved by the board.
2. The internal audit activity must be independent and internal auditors should be objective in performing their work. 3. Engagements must be performed with proficiency and due professional care. 4. The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity. |
|
|
Describe the performance standards governing internal auditing
|
1. The chief audit executive must effectively manage the internal audit activity to ensure that it adds value to the organization.
2. The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes through a systematic and disciplined approach. 3. Internal auditors must develop and document a plan for each engagement, including the objectives, scope, timing and resource allocations. 4. Internal auditors must identify, analyze, evaluate and document sufficient information to achieve the engagement’s objectives. 5. Internal auditors must communicate the results of engagements. 6. The chief audit executive must establish and maintain a system to monitor the disposition of results communicated to management. 7. When the chief audit executive believes that senior management has accepted a level of residual risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management and, if necessary, the board. |
|
|
What are the key provisions of the Sarbanes - Oxley Act
|
Sarbanes-Oxley Act Section 302
Periodic statutory financial reports (of companies whose securities are traded in the United States) must include certifications that: the signing officers have reviewed the report; the report does not contain any untrue statements, material omissions and is not misleading; the financial statements and related information fairly present the financial position and results in all material respects; the signing officers are responsible for internal controls and have evaluated the controls within the last ninety days; a list of all control deficiencies and information on any fraud by employees involved in control activities; any significant changes in controls that could have a negative impact on the internal controls. Sarbanes-Oxley Act Section 404 Management must perform a formal assessment of its controls over financial reporting. Management must include in its annual report an assessment of its controls over financial reporting. The external auditor must provide an opinion on the effectiveness of the system of internal control over financial reporting. The report on internal control must contain: a statement of management’s responsibility for establishing and maintaining adequate internal control over financial reporting; a statement identifying the control framework used by management in its evaluation; management’s assessment of the effectiveness of the internal controls over financial reporting; and a statement that the auditors have issued an attest report on the controls over financial reporting. |
|
|
Determine the purposes and content of an internal audit charter.
|
Organizations must have a formal audit charter to define and communicate the purpose, authority and responsibility of the internal audit department.
The charter must be consistent with the definition of internal auditing, the IIA Code of Ethics and the Standards. The charter must be approved by senior management and the board. The charter should establish the position of the internal audit activity within the organization, set out the scope of its activities and guarantee access to personnel and records. Contents of the sample internal audit department charter (from Exhibit 2.2-1)  Mission and scope of work Accountability Independence Responsibility Authority Standards of audit practice |
|
|
Explain the importance of independence and objectivity in internal auditing
|
Objectivity is primarily a state of mind, a perspective that is neutral and free from undue influence (that is, an independent mental attitude). It is an unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they have an honest belief in their work product and that no significant quality compromises are made. Objectivity requires internal auditors not to subordinate their judgment on audit matters to that of others. The effectiveness of internal auditors is directly affected by their credibility and the extent to which management can trust the objectivity of the auditors’ reports. This trust is developed, in part, by ethical practices, including an objective state of mind.
In the definition of internal auditing adopted in 1999, the term “independent” was supplemented with the term “objective.” Independence was retained as a concept reflecting the freedom to determine the scope of work and perform the appropriate work without interference. For more on the importance of objectivity, read the following example. |
|
|
How are independence and objectivity achieved in internal auditing
|
the organizational status of the internal audit department
the authority and responsibility given to internal auditors the degree of objectivity maintained by internal auditors. The chief audit executive should be responsible to an individual in the organization with sufficient authority to promote independence and to ensure broad audit coverage, adequate consideration of engagement communications, and appropriate action on engagement recommendations. Ideally, the chief audit executive should report functionally to the board and administratively to the chief executive officer of the organization. The chief audit executive must have direct communication and interaction with the board of directors. |
|
|
Identify the main standards for proficiency and due professional care in internal auditing.
|
1. Internal auditors and internal audit departments must possess the knowledge, skills and competencies needed to perform their responsibilities.
2. Internal auditors must apply the care and skills expected of a reasonably prudent and competent internal auditor. 3. Internal auditors must enhance their knowledge, skills, and competencies through continuing professional development. |
|
|
Outline the main requirements of using outsourced resources in internal auditing.
|
When outside service providers are used, the chief audit executive should assess their competency, independence and objectivity in relationship to the specific engagement to be performed.
The chief audit executive should agree on the scope of work with the outside service provider before work commences. The chief audit executive should ensure that the work done by the outside service provider complies with the appropriate professional standards. |
|
|
State the standards for the proper management of the internal audit department, including quality assurance.
|
establish risk-based plans to determine priorities for the internal audit activity that are consistent with the organization’s goals.
communicate the department’s plans and resource requirements to senior management and the board for review and approval. ensure that the resources are appropriate, sufficient and effectively deployed to achieve the approved plan. establish policies and procedures to guide the internal audit activity. Quality Assurance; Internal auditor must: adopt a process to monitor and assess the overall effectiveness of its quality programs provide for internal assessments performed both by members of the department and by others in the organization arrange for external quality assurance reviews to be conducted at least once every five years report the result of the external assessment to the board |
