You are on page 1of 4
I Unit 1 -CIA Part 1 Page 1 of 4 2014 -New 3 part Stream ,~.~
I
Unit
1 -CIA
Part
1
Page 1 of 4
2014 -New 3 part Stream
,~.~
~--".
:
~~.
,"
,
,
r
,.
KA
MS
MANDATORY
GUIDANCE
1.
Definition:
IAA
is
an INDEPENDENT,
OBJECTIVE
ASSURANCE
and
CONSULTING,,!
"
""'0'"""""
(Advisory)
activity
designed
to
ADD
VALUE
and
IMPROVE;'
organization'
s ope~ti~~}~~jI~ih~!,~ii!i)!J!):
organization
accomplish
its
objectives
by
bringing
a SYSTEMATIC
and
DISCIPL~J:JD
a~p;g9ail~~
EV ALUA
TE
and
improve
the
EFFECTIVENESS
of governance,
risk
managem~~\i!~nd,~,~~o!
.f!iiii::,j'c
processes
(GRC).
(
~
iJfrilt!!!!V'
Ji:,!'fi!e
J!!,iiiii~1ifii
Rov.:J ~
~ p~
'"
2.
Governance:
management,
cohesive
It relates
policies,
to
consistent
guidance,
~
processes
and
decision-rights
for
a given
area
of responsibility.
Governance
is related
to
Board.
"It
is
the
way
a company
is operated
by
the
board."
3.
The
role
of
IA
in Governance
process
is
to
~
evaluate
the
design,
implementation
and
C\V"CA(J ( ~
effectiven~ss
~f organization'
s ethic~-.
.
()
related
objectives,
programs
and
activIties.
I<-~o
r'
~A does
assess~ent
~nd
recommends
",
improvements
10 ethics
and
values.
The
iilil;;
minimum
lA's
role
is
assessor
of
the
ethi~it~w
";;':eJ
climate
and
the
effectiveness
of processes
"'!!iJ
to
achieve
legal
and
ethical
compliance.
'"
."'
' 1"1 "
,11111 ..
II
"
.,
4.
Risk
Management
Process
(RPMs)
-It
is
~
the
process
to
identify,
assess,
oWi~,ii~,!~,9;!lii,~l\!!!~!iI(Willl"
~C1\~t
contr~l
p~te~tial
~ve~ts
or
assurance
regarding
the
achievement
of
«
0
I
.organIzatIon
s objectIves.
!i!l:tiI:L
""","
e
-
iIitiwi!ltl\(!)
,,}{l1JP'"
5.
Control
Pr~cesses:
The
~of~rf~li~~iI~rocedu:es
and
activities
th~t
are
part
of
a control
FW.
designed
to
(
b
~
(Y)
\
Ro
I ~
~nsure
that
risks
are
contarne~!i~~thrn
the
risk
tolerances
establIshed
by
the
RMPs.
,'5fi
\:[~WJlffJI
6.
ISPP
-4
purPi"r~
i.e.
( B~!_!}£i1?les,
Framework,
Evaluation
I Measurement,
Improved
org
~
processes)
£iji'~
I
:;,T,~~
C'D~
5
~f'.~0'\"'t
~j
~
,p!"\:) r~I'DA~
C!c
c"1;;11-
O\J-.
~
.
!",
J:,!:i"""",.,.
7.
The
3 man~~of*,tgR!~e!e
to
be
followed
by
IAs
are;
a.
"fQ~fin\tfp~
of
IAA
.
c!c"""",,
ii,"'"
b,,\;~,(I;odelof
Ethics
"!Ii!"""""!,,,!;!,,
c.
""'Sfaritdar!ds
8.
Engagement
Objective
encompasses
range
of elements.
a.
Engagement
Work
Programs
-document
procedures
to achieve
objectives,
scope,
resource
allocation,
timing
of procedures
etc.
b
.i(iiJJh,!;);bjecti1$:;e,~,
""co""",!, "'Iifrf'~""!!;",$#"1;;"",
,
",;;;',:,;:!;I\(
,,\:,&::;~;::~
![t,';;i:il::'
Preuared by: Leader in U.S Certifications
Hammad Ahmad [CIA, CMA (Candidate), SAP, CA-Finalist, CCFC, MBA (fj]

&:

.;1-

Unit 1

..

CIA

Part 1

2014 -New 3 part Stream

9.

Attribute Stds.

-Q~~e

..

to

\6'"'\~~'"

~

0'1.v-.J;;.f-

(.

i.

ii.

iii.

Purpose,Authority and Responsibility-defined in Charter approved

Independenceand objec.tivity

S

~

Proficiencyand due professionalcare

IV.

.

Q

I

'

ua Ity Assuranceand Improvementprogram -CAE

-./'

".

ISresponsIble.

~:~~)

~

'

Page 2 of 4

~PO~~v--D.-oJ

O~).~

...

9

)

"-{.~

10

"td'-

~~CI

')rI/-::',

I \p_V~

'v I¥'

10.

PerformanceStds. (nature of auditand evaluation criteria of auditperformed)

i.

ManagingIAA -responsibility of CAE

\ tJe:i

~

O\N~ t

{ 1\

(t-)

'

n.

iii.

iv.

¥.

~!.

VII.

Natureof Work

EngagementPlanning

Performingthe engt

Communicatingresults to CAE andMagt.

Monitoring 0; results -CAE,

--";>

Management sacceptanceofnsk

(-' u 1\t)w

1\1\ f\

I'

,

I~

L

C P

...

fI

J:,,;,

-,

./

",~i;("

ii",i~;t~)~,~;h~('"~

~

tJ-

,

,

()e t\,./\{)(\,!jbJ~

t~

'I""~

11.

Implementationstds dealwith SpecificServices i.e,

-':}~:'\h~,~II

"

~i.)j~

12.

13.

IA's responsibility-Monitoring the management'simplemented cdll~ls, proceduresand operations

andrecommendations

to developcriteria not control.

,"""""",",":\I:'I.I.IIIII.II!I'

I""""".""8""' ,iliif

""""""""!'!II"!!!!!1I":!I!"

II'"

l'l{i li" 41~1~[('1i!!'

li!J!,I I!'!! !

,IIIlii'

mi""'"

1

"

"",;""",;";""",,,1,,;

"'"'"",(,"""""",

l:i,ii:,li{i(!1riI411ill

RISK (Measurement-impact and likelihood)-~~~~~i~:,:fnat

could impairthe achievementof

14.

objectives.

~ffil!!iii(/"J"""';""

1~}Ili;I"""""I'!"II«I'

Ethics arethe principl~sof cond~ctexpecte~I~~I!!g!~

follow~!aii'!"individuals, Following are the factors

that maylead to unethicalbehavIor;

I

,

a.

b.

Organizationali.e. pressuresto improv;"§I.~'~Trnperformance, emphasis on s1rictchain-of-

commandauthority, informal work grouployl11fties

etc. ,.

Externa~i.e.

wrongdoIngsetc.

..

"I""";'"I\!,,IC

the advantageobtained by othersthrough

15.

Code of Eth~c~: The estabi~lil~~ii!,~heral

value system the organizationwishes to applyto its

membersactIvItIes by'

;I,"";!!'::::""

a.

b.

"'

r;'i!!i!Mi!i&1

Comm~,~~~tingorgadlilional purposesand beliefs

:%Ili;(~

)))~)!)r%)f

Establi~'fnguniforl}'j)y~ical guidelines for members

16.

(ii'il

e;;')ii;gtil.!~I;'

Primary P:UcrPg:I~~;I?i;tu)iipromote

;;i,i::":,,i::):\}}!\I:e;,"

ethical culture to serve one another in the organization.

17.

laws

,

ii.

iii.

P?l~!ibitconflict of interest

Providea methodof policing and discipliningmembers for violations

Preuared by: Leader in U.S Certifications

Hammad Ahmad [CIA, CMA (Candidate), SAP, CA-Finalist, CCFC, MBA (F)]

Unit 1 -CIA

Part 1

Page 3 of 4

2014 -New 3 part Stream

  • 18. . A typical codefor auditorsrequires the following;

i.

Independencefrom conflict of interest

ii.

Integrity anda refusalto compromiseprofessional values for personalgain

ill.

Objectivity in conductingaudit, presentinginformation, preparing reports and making analyses

»CONFIDENTIALITY:

Each memberhas a responsibility to:

  • 1. Keep information confidential exceptwhen disclosureis authorized or

  • 2. Inform all relevant parties regarding appropriateuse of cotdential

subordinates'activities to ensurecompliance.

  • 3. Refrain from using confidential information for unethical or illegal

 

~

» INTEGRITY:

Each member has a responsibilityto:

A

..

~

'1.

Mitigate actual conflicts of interest, regularly

 

associ,atesto

avoid apparentconflicts of interest. Advise all parties of an~~il.tentiarconflicts.

  • 2. Refrain from engaging in any conduct that

:

.

out duties ethically.

  • 3. Abstain from engaging in or supportingan~~gt!~ity that might discredit the profession.

» COMPETENCE:

Each memberhas a

il!.i1~~~~j

  • 1. Maintain an appropriate level of professioq~l:£xpertiseby continually developing knowledge and skills.

2.

Perform professional duties in accord~n

dard

s.

stan

'"

with relevant laws, regulations, and technical

  • 3. Provide decision suplll

,

concise,and timely.

in(g~ation and recommendationsthat are accurate,clear,

  • 4. Recognizeqnd comm~I~~,ateprofessional limitations or other constraints that would preclude,ilJponsible j~IFent

or successfulperformance of an activity.

,'i'

ii'

  • 19. ConsultatiOQi"Will

be g!:¥1~~iiffrequiredby Managementor Board.

  • 20. Complian"f~,i~~I§j1f6fiowingpolicies, procedures, plans, laws and regu ationetc.

"

@i;jiii'i'ii'""

.

al,j!~~"t~\!~eSto ASSURANCEACTIVITY.

~

..

PLIANCE

  • 21. Charte~~jjli,~ga written documentwhich acts as the primary sourceof authorization from BOD.

""",1

It establishesthe IAA's position / statuswithin the organization.

.

PreDaredby: Leader in U.S Certifications

Hammad Ahmad [CIA, CMA (Candidate), SAP, CA-Finalist, CCFC, MBA (F)]

Unit 1'- CIA

Part 1

2014 -New

3 part

Stream t

"

~

,

Page 4 of 4~

22.

The Charter must define the purpose (reasonfor existence),authority (what, how much

access),responsibility (reporting, issues,improvement of processeSetc.) ofIAA

accordingto

IAA definition, Code of Ethics and Stds.

23.

The CAE should periodically assessthe adequacy of Charter.

24.

For scopelimitation, the IAA must be authorized for support and co-operation

management.This support is defined formally in Charter.

'

25.

Wheneverthere is scopelimitation,'

.-l

a.

---,/

Firstl y refer to Charter and

S <.-0 P~

::.-

~ <

..

-()

pe--

\ l'lI\/'" Wi:)

f'-

-/

~~

o~v'Y1iM(J/

b.

ifnot suppoded by Charter, seek written agreement

c.

as a last resort, communicatethis scopelimitation to

Committee) or board.

d.

Wheneverthere is any change in the scopeor nature of

should be amended.

""",C"""""

head (Audit

the Charter

26.

Scope limitation is not related to addition or deletigpz~[any engagementby the Audit

Committee.

I~ ~

~\z,

27.

IA evaluates,determines, assesses

and

controlprocesse:~.!!-~!~nsible

to,.

(L

~

/

Ii>ENTIFY red flags.

-~

28.

Rulesand Regulations

< (Y\Q-.

V=-\JW'\j~D f'

->

\

M~\e.-VV'-t~

relevantlaws.

d

~~e-J

P\c;-1I'l/d~IUI'\

)

1Y'")1)V\.\ \-01)

.

)

z U'

~

\);1\1 t ~ '6 ,

29.

Elementsof internal :ontrr T'"

..

i.

ii.

iii.

GovernancePfocesses ( qltioard )

A+

!i

Control En~~ronment( blii'!oard andMagt )

;;!i:!!!

Control

"::

30.

IA should

"

is?ig9:!e!il,

bothmaterial and immaterialitems in his findings.IfIA concludesthat item

(s) he shouldmeasure the impact(adverse) of thatitem.

,

?:??

t

Prenared bv: Leader in U.S Certifications

Hammad Ahmad [CIA, CMA (Candidate), SAP, CA-Finalist, CCFC, MBA (F)]