• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

18 Cards in this Set

  • Front
  • Back

What are the three aspect to risk?

Risk is the combination of a threat exploiting some vulnerability that could cause harm to some assets.

Give an example of different stakeholders having different vulnerabilities to the same risk

Take-over, shareholder may welcome takeover if they get premium on shares. Workers may fear takeover as may mean job losses

What are some of the factors that affect sensitivity to cost control

Profit margin,

Fixed and variable costs,

Flexibility and willingness of the company to change.

The cost of risk and control can be compared through the use of optimisation model. When benchmarked against risk appetite, an optimisation model can identify?

Where the best 'return on control investment' can be achieved

how is systems-based audit undertaken?

Under the systems-based auditing approach, auditors and management identify all financial and non-financial auditable systems and processes. These are prioritised against risk assessments and the resources needed to audit and an audit frequency is determined

What's a major benefit of systems audit?

The systems audit is cost-effective because it focuses on risks and controls, offers better assurance that a system is currently achieving and will continue to achieve its objectives

How will Risk-based auditing undertaken?

Risk-based auditing approach begins with business objectives and focuses on those risks identified by management that may prevent the objectives from being achieved. Internal audit assesses the extent to which a robust risk management process is in place to reduce risks to a level acceptable to the board

The core role of internal auditing in ERM is ?

To provide objective assurance to the board on the effectiveness of an organisation's ERM activities to ensure that key business risks are being properly managed and that internal controls are effective.

What is ERM ?

Enterprise-wide risk management

What does Internal auditors provide?

Internal auditors provide advice to management and the board and challenge or support management decisions in relation to risk.

What do Internal auditors do?

Internal auditors assess how risks are identified, analysed and managed and give independent advice on how to embed risk management practices into business activities.

Different types of risks in auditing are:

Inherent risk

Risk related to failure of controls

Residual risk

Audit risk

Inherent risk

Risk related to failure of controls

Residual risk

Audit risk

Risk assessment in internal auditing can be assessed through three methods?

Intuitive or judgmental assessment

Risk assessment matrix

Risk ranking

Internal auditors need to make judgments about the measures that can be taken against risk?

Transferring the risk

Reducing the likelihood of risk

Reducing exposure to risk

Detecting occurrences

Recovering from occurrences

What is An ICQ ?

An ICQ is a checklist of the specific internal control techniques that should be present in a particular system to provide assurances about internal control.

The potential weaknesses in the system identified by ICQ can be overcome by

looking for compensating controls.

countering weaknesses by substantive testing.

increasing internal control risk.

Management audits cover the following three areas:




what are the three final part of internal audit

1. The auditor writes a draft report of findings, conclusions and recommendations and presents this to management for their response.

2. A plan of action is agreed between the auditor and management, which is incorporated into the final audit report and presented to the audit committee.

3. The auditor subsequently follows up whether the agreed action plan has been implemented.