Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
78 Cards in this Set
- Front
- Back
|
2040 Policies and Procedures: Whose responsibility is it to establish policies and procedures to guide IA activity?
|
CAE
|
|
|
PA 2040 Policies and Procedures: How do policies and procedures differ between small and large IA activities? |
the larger the IA activity, the more formal and comprehensive its policies & procedures
|
|
|
In what kind of document are policies and procedures of the IA activity integrated?! |
audit manual
|
|
|
Who is responsible for the creation of the audit manual and the enforcement its policies and procedures ? |
CAE
|
|
|
What kind of charter does the audit manual typically contain? |
IA charter
|
|
|
What kind of risk exposures are IA expected to identify and evaluate in the normal cource of their duties? |
significant risk exposures
|
|
|
IA's involvement in the organization's risk management framework may range from where to where?! |
"from
- non-involvement to - auditing to - managing and coordinating the risk management process |
|
|
"
IA's full involvement in the risk management framework does IA not allow to perform what kind of responsibilities in this area?! |
managerial responsibilities (e.g. setting of risk appetite, implementation of risk management processes and risk responses)
|
|
|
Who does determine IA activity's role in the organizational risk management process? |
senior management and the board
|
|
|
2120 – Risk Management: What must the IA activity evaluate of the risk management process?(2) |
evaluate effectiveness of risk management process
|
|
|
2120 – Risk Management: To what must the IA activity contribute with regard to the risk management process? |
contribute to the improvement of the risk management process
|
|
|
2120 – Risk Management: Determining whether risk management processes are effective is a judgement resulting from IA's assessment that organizational objectives support and align with what? |
organization's mission
|
|
|
2120 – Risk Management: Determining whether risk management processes are effective is a judgement resulting from IA's assessment that which risks are identified and assessed? |
significant risks
|
|
|
2120 – Risk Management: Determining whether risk management processes are effective is a judgement resulting from IA's assessment that appropriate risk responses are selected that align risks with what? |
with organization's risk appetite
|
|
|
2120 – Risk Management: Determining whether risk management processes are effective is a judgement resulting from IA's assessment that what kind of information is captured and communicated in a timely manner across the organization, enabling staff, management, and the board to carry out their responsibilities? |
relevant risk information
|
|
|
2120 – Risk Management: During how many engagements may the IA activity gather the information to support the assessment of risk management processes? |
during multiple engagements
|
|
|
2120 – Risk Management: Through what kind of activities and evaluations are risk management processes monitored?(3) |
"- ongoing management activities
- separate evaluations - combination of the two above |
|
|
"
2120.A1 – Risk Management: The IA activity must evaluate risk exposure relating to which organizational functions?(3) |
"- governance
- operations - information systems |
|
|
"
2120.A1 – Risk Management: The IA activity must evaluate risk exposures relating to the organization's governance, operations, and information systems regarding the achievement of what? |
achievement of organization's strategic objectives
|
|
|
2120.A1 – Risk Management: The IA activity must evaluate risk exposures relating to the organization's governance, operations, and information systems regarding the reliability and integrity of what?(2) |
"reliability and integriy of
- financial information - operational information |
|
|
"
2120.A1 – Risk Management: The IA activity must evaluate risk exposures relating to the organization's governance, operations, and information systems regarding the effectiveness and efficiency of what?(2) |
"effectiveness and efficiency of
- operations - programs |
|
|
"
2120.A1 – Risk Management: The IA activity must evaluate risk exposures relating to the organization's governance, operations, and information systems regarding the safeguarding of what?(2) |
assets
|
|
|
2120.A1 – Risk Management: The IA activity must evaluate risk exposures relating to the organization's governance, operations, and information systems regarding the compliance with what?(2) |
"- laws
- regulations - policies - procedures - contracts |
|
|
"
2120.A2 – Risk Management: The IA activity must evaluate the potential of the occurence of what? |
potential of the occurence of fraud
|
|
|
2120.A2 – Risk Management: The IA activity must evaluate how the organization manages what type of risk? |
fraud risk
|
|
|
2120.C1 – Risk Management: During consulting engagements IAs must address which risk consistend with what? |
risk consistent with the engagement's objectives
|
|
|
2120.C1 – Risk Management: During consulting engagements IAs must be alert of the existence of which risks? |
existence of other significant risks
|
|
|
2120.C2 – Risk Management: IAs must incorporate knowledge of risks gained from consulting engagements into their evaluation of which processes? |
risk management processes
|
|
|
2120.C3 – Risk Management: When assisting management in establishing or improving risk management processes, IAs must refrain from assuming any management responsibility by actually doing what? |
managing risks
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: Risk is a key responsibility of whom? |
senior management and the board
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: To achieve its business objectives, management ensures that what is in place and functioning? |
sound risk management processes
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: What kind of role does the board have to determine that appropriate risk management processes are in place and that these processes are adequate and effective? |
oversight role
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: What may the board do in its oversight role to determine that appropriate risk management processes are in place and that these processes are adequate and effective? |
the board may direct the IA activity to assist the board
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: In situations where the organization does not have formal risk management processes, which obligations must the CAE formally discuss with management and the board? |
the board's and senior management's obligations to manage risks
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: In situations where the organization does not have formal risk management processes, the CAE must formally discuss with the board and senior management which need? |
need to satisfy the board and senior management that there are processes operating within the organization that provide the appropriate level of visibility into the key risks and how they are being managed and monitored
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: How may the processes, operating within the organization that provide the appropriate level of visibility into the key risks and how they are being managed and monitored, even be? |
informal
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: What must the CAE obtain from senior management and the board regarding the IA activity and the organization's risk management process? |
senior management's and the board's expectations of the IA activity in the organization's risk management process
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: What must be done with the board's and senior management's understanding of the IA activity in the risk management process? |
coded in the IA activity's charter
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: What must be coordinated between all groups and individuals within the organization's risk management process? |
the IA's responsibilities
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: What can the IA activity's role do in the risk management process over time? |
its role can change over time
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: Which activities may IA's role in the risk management process over time encompass?(4) |
"- no role
- auditing the process as part of the audit plan - active involvement - management and coordination |
|
|
"
PA 2120-1: Assessing the Adequacy of Risk Management Processes: When IA is actively involved in the risk management process, on what committees would the IA participate? |
oversight committees
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: When IA is actively involved in the risk management process, in what activities would the IA participate? |
monitoring activities
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: When IA is actively involved in the risk management process, in which reporting would the IA participate? |
status reporting
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: IA activity's taking on management's responsibility regarding the risk management process poses a threat to which IA's feature? |
independence
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: IA assuming management's responsibility regarding the risk management requires what?(2) |
"- full disclosure
- board approval |
|
|
"
PA 2120-1: Assessing the Adequacy of Risk Management Processes: Depending on the size and complexity of the organization's business activities, risk management processes can be?(3) |
"- formal or informal
- quantative or subjective - embedded in the business units or centralized at a corporate level |
|
|
"
PA 2120-1: Assessing the Adequacy of Risk Management Processes: As the organization designs processes based on its culture, management style, and business objectives, who must determine that the methodology chosen is sufficiently comprehensive and appropriate for the nature of the organization's activities? |
IA
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: What do IAs need to obtain to determine that the key objectives of the risk management processes are being met to form an opinion on the adequacy of risk management processes? |
sufficient and appropriate evidence
|
|
|
PA 2120-1: Assessing the Adequacy of Risk Management Processes: In gathering sufficient and appropriate evidence for the assessment of the risk management process, IA might consider the research what? |
current developments
|
|
|
PA 2120 -2 Managing the risk of IA activity: The shortfall in qualified IA personnel, increased compensation costs, and high demand for specialized resources result for an IA activity in a high level of what? |
high level of risk
|
|
|
PA 2120 -2 Managing the risk of IA activity: As the IA activity is not immune to risks, it needs to take steps to ensure what? |
that it is managing its own risks
|
|
|
PA 2120 -2 Managing the risk of IA activity: What are the three broad catagories of risk that the IA activity is facing? |
"- audit failure
- false assurance - reputation risk |
|
|
"
PA 2120 -2 Managing the risk of IA activity: An audit failure occurs when the IA activity fails to do what and /or wastes time on what? |
fails to do the right audits, and wastes time on the wrong audits
|
|
|
PA 2120 -2 Managing the risk of IA activity: The lack of an effective risk assessment process to identify key audit areas during which kind of assessment does result in audit failures? |
strategic risk assessment
|
|
|
PA 2120 -2 Managing the risk of IA activity: The lack of an effective risk assessment process to identify areas of high risk during which phase of individual audits does result in audit failures? |
the planning of individual audits
|
|
|
PA 2120 -2 Managing the risk of IA activity: Not following the Standards could result in which kind of IA risk? |
audit failure
|
|
|
PA 2120 -2 Managing the risk of IA activity: An inappropriate QAIP including procedures to monitor auditor independence could result in which kind of IA risk? |
audit failure
|
|
|
PA 2120 -2 Managing the risk of IA activity: The lack of the evaluation of both the design adequacy and the control effectiveness as part part of IA procedures results in which kind of IA riks? |
audit failure
|
|
|
PA 2120 -2 Managing the risk of IA activity: What kind of IA deficiency does the use of audit teams that do not have the appropriate level of competence based on experience or knowledge of high risk areas represent? |
audit failure
|
|
|
PA 2120 -2 Managing the risk of IA activity: What kind of IA deficiency does the inadequate evaluation of ICS' design and efficiency represent? |
audit failure
|
|
|
PA 2120 -2 Managing the risk of IA activity: The lack of exercising heightened professional skepticism and extended IA procedures related to findings or control deficiencies results in which kind of audit risk? |
audit failure
|
|
|
PA 2120 -2 Managing the risk of IA activity: The lack of an adequate IA supervision results in which kind of audit risk? |
audit failure
|
|
|
PA 2120 -2 Managing the risk of IA activity: Making the wrong decision when there was some evidence of fraud - e.g. "It's probably not material" or "We don't have the time or resources to deal with this issue" results in which kind of audit risk? |
audit failure
|
|
|
PA 2120 -2 Managing the risk of IA activity: Communication of suspicion not to the right people results in which kind of audit risk? |
audit failure
|
|
|
PA 2120 -2 Managing the risk of IA activity: Inadequare reporting results in which kind of audit risk? |
audit failure
|
|
|
PA 2120 -2 Managing the risk of IA activity: Which program helps in preventing audit failures? |
QAIP
|
|
|
PA 2120 -2 Managing the risk of IA activity: The periodic review of which universe does help to prevent audit failures? |
periodic review of the audit universe
|
|
|
PA 2120 -2 Managing the risk of IA activity: The periodic review of which plan does help to prevent audit failures? |
periodic review of the audi plan
|
|
|
PA 2120 -2 Managing the risk of IA activity: By doing what with higher risk assignments in the audit plan, does management of IA activity have better visibility and may spend more time understanding the approach to the critical assignments? |
flagging the higher risk assignments
|
|
|
PA 2120 -2 Managing the risk of IA activity: For what there is no substitute in reducing audit failures? |
effective audit planning
|
|
|
PA 2120 -2 Managing the risk of IA activity: Building what kind of IA activity management items into the audit process helps to prevent audit failures? |
IA activity management checkpoints
|
|
|
PA 2120 -2 Managing the risk of IA activity: Studying the design of what prior to the start of testing its effectiveness does prevent audit failures? |
design of the system of internal controls
|
|
|
PA 2120 -2 Managing the risk of IA activity: When may false assurance occur? |
when IA's involvement in a project makes the project responsibles think that no errors can occur
|
|
|
PA 2120 -2 Managing the risk of IA activity: The reinforcement of what is a leading practice in protecting the reputation of IA?(2) |
"- Code of Conduct
- ethical bahavior standards |
|
|
"
PA 2120 -2 Managing the risk of IA activity: What is a key stategy to manage false assurance? |
frequent and clear communication
|
|
|
PA 2120 -2 Managing the risk of IA activity: What may a "project acceptance" process ensure when IAs are involved in a project? |
that no "false assurance" occurs
|
|
|
When IA activity extends its services to include consulting engagements, what kind of safeguards should be in place? |
safeguards to preserve its independence and objectivity
|
