Beruflich Dokumente
Kultur Dokumente
Function from
IA exam and is
portion of the syllabus
,
. djspositictnof.
'
'.
-_ , ':'"
'\'
., ....
,,1
"
.,';,',
,_".
~:;
"
7>,.:
'I
B.
. procedures for the planning; organizing, directing; and monitoring of internal audit
2.' Review
of the internal.audit function within the risk management framework
3. Direct administrative activities (e.g., budgeting, human resources) of the internalaudit.department
4. Interview candidates for internal audit positions
5. Report on the effectiveness of corporate risk management processes to senior management and the board
6. Report on the effectiveness of the internal control and risk management frameworks
7. Maintain effective Quality Assurance Improvement Program
C.
16
1.
Overview
a.
2.
Interpersonal Skills
a.
t~ lai and procedural changes often are resisted by the individuals and
ffected. This response may be caused by simple surprise, inertia, or fear of
But it also may arise from the following:
1)
2)
3)
4)
5)
6)
7)
8)
.'
i
.'
b.
5.
47
2)
3)
-18
t.z
STAKEHOLDER RELATIONSHIPS
1.
Stakeholder Relationships
b.
c.
d.
2.
For internal auditors to be effective, Sawyer's Guide for Internal Auditors, 6th edition,
states that they must build and maintain strong constructive relationships with
managers and other stakeholders within the organization.
These relationships require conscious ongoing focus to ensure that risks are
appropriately identified and evaluated to best meet the needs of th rganization.
Internal auditors have a responsibility to work together with
and other
stakeholders to facilitate work efforts and compliance with
Key stakeholders include the board oj directors, audit
external auditors, and regulators.
b.
Some statutes h
membership of
a)
b)
2)
3.
a.
.c~
ApfJl,~'
the internal audit charter
l
['ing and approving the internal audit activity's work plan
"', uring that the internal audit activity is allocated sufficient resources
esolving disputes between the internal audit activity and management
6) Communicating with the CAE, who attends all audit committee meetings
7) Reviewing the internal audit activity's work product (e.g., interim and final
engagement communications)
8) Ensuring that engagement results are given due consideration
9) Overseeing appropriate corrective action for deficiencies noted by the internal
audit activity
10) Making appropriate inquiries of management and the CAE to determine whether
audit scope or budgetary limitations impede the ability of the internal audit
activity to meet its responsibilities
.
c.
The following are other functions of the audit committee regarding the external auditor:
1)
2)
3)
4)
1!
4.
b.
According to Sawyer's Guide for Internal Auditors, 6th edition, j'n tarn......
I auditors are
responsible for performing their mission, maintaining their ob
. d ensuring
the internal audit activity's independence. They also
maintain
good working relationships with m_anagement.
Good relationships are developed by communicating
constructively, and using participative auditing
1)
2)
,~lopinion is theirs.
tudy multiple-choice
1.
"'"anization's
1)
3)
4)
5)
6)
7)
.&:,
~ mpliance with laws (e.g., tax, securities, antitrust, environmental, privacy, and
labor)
External financial reporting
Conflicts of interest
Entertainment and gift expenses
Relations with customers and suppliers (Should gifts or kickbacks be given or
accepted?)
Social responsibility
20
3.
In any normal population, some people behave unethically. if these people hold
. leadership positions, they may have a bad influence Or} subordinates.
1)
Organizational Factors
a)
b)
c)
d)
2)
External Factors
a)
b)
c)
4.
e to another. For
stent with customary
b.
"Would my be
"What are the
customers,
5.
hics is the established general value system the
apply to its members' activities by
organizational purposes and beliefs and
niform ethical guidelines for members.
guidance extends to decision making.
~. ecific rules cannot cover all situations. Thus, organizations benefit from
ing a code of ethics that effectively communicates acceptable values to all
sted internal and external parties. For example, a code may do the following:
#'
1)
2)
3)
A)
5)
Set high standards against which individuals can measure their own
performance
.
Communicate to those outside the organization the value system from which its
members must not be asked to deviate
'
c.
c)
iii)
2)
3)
6.
a.
The internal a
corporate
organi .
2)
Compliance
Creditors
.satisfaction
~end
Benefits
Billing
Reporting
Reminders
--
22
3)
Because of their skills and position in the organization, auditors should actively
support the ethical culture. Auditor roles may include
a)
b)
c)
4)
The minimum internal audit activity role is assessor of (a) the ethical climate and
(b) the effectiveness of processes to achieve legal and ethical compliance.
Internal auditors should evaluate the effectiveness of the folio 'ng features of
an enhanced, highly effective ethical culture:
a)
b)
c)
d)
e)
f)
g)
h)
i)
j)
k)
c.
r::l"""I"TII~"'C'
Regular s
state of
Regular
Regula
Other internal
complaints, (
ethics cli
meted
42.
the outline
Study multiple-choice
Ii
'
23
Nature of Work
a.
b)
c)
) defines
i) ,
. b.
2.
a.
2)
'
24
SU'I:
3.
b.
The essential strategic function of the internal audit activity is to provide assurance
services and consulting services. Thus, the Definition of Internal Auditing describes
internal auditing as "an independent, objective assurance and consulting activity."
Separate groups of Implementation Standards have been issued for assurance
services and consulting services. These services are defined in The IIA Glossary as
follows:
2)
1,
a,
.external auditors, including coordination with the
s the responsibility of the board, Coordination of internal
U~~i ork is the responsibility of the chief audit executive (CAE).
the support of the board to coordinate audit work effectively"
. ati
b)
c)
d)
'
25
3)
"The external auditor may rely on the work of the internal audit activity in
performing their work. In this case, the CAE needs to provide sufficient
information to enable external auditors to understand the internal auditors'
techniques, methods, and terminology to facilitate reliance by external auditors
on work performed. Access to the internal auditors' programs and working
papers is provided to external auditors in order for external auditors to be
satisfied as to the acceptability for external audit purposes of relying on the
internal auditors' work" (para. 3).
4)
5)
minimized
e audit
timely completion
<tv1"
.'
26
EXAMPLE
From CIA Exam
Which at the following is not a true statement about the relationship between internal auditors and
external auditors?
A.
External auditors must assess the competence and objectivity ot internal auditors.
B.
There may be periodic meetings between internal and external auditors to discuss matters of
mutual interest.
C.
D.
(A) is correct. The external auditor assesses the objectivity and com
auditors only if (s)he intends to rely on their work.
(B) is incorrect. The relationship involves a sufficient number of
(C) is incorrect. .The relationship involves reasonable mu
communications and management letters.
(D) is incorrect. The relationship involves reaso
programs and working papers.
2.
Below is a sam
acquisitions
and trading
dities
vernments may have their own regulatory bodies.
rganizations, entire departments or functions are established to
with the regulations issued by these governmental bodies.
The internal audit activity coordinates its work with that of inspectors and other
personnel from the appropriate governmental bodies and with personnel from
internal assurance functions.
Stop and review! You have completed the outline for this subunit
questions 13 through i5 on page 44.
Study multiple-choice
.'
Governance
a.
The internal audit activity must assess and make appropriate recom
governance process in its accomplishment of the foftowing objectives:
e
Q
, "Internal auditors
. and contributing to the
IInlti'.'ntnn' ....
I auditors provide
and operating effectiveness of the
may provide consulting services
s. In some cases, internal auditors
oard selt;r8ssessments of governance practices"
b.
3.
s of internal auditors involves organizing and leading a team in
d business process improvement.
ap is a simple flowchart or narrative description used to depict a
It aids in assessing the effectiveness and efficiency of processes and
uditors evaluate the whole management process of planning, organizing, and
ved.
All business systems, processes, operations, functions, and activities within the
organization are subject to the internal auditor's evaluations. Internal auditing
provides reasonable assurance that management's
1}
2)
3)
'
28
4.
b.
Key performance measurements for the internal audit activity provide criteria against
which it is judged.
The following guidance is provided by The IIA Practice 'Guide, Measuring Internal
Audit Effectiveness and Efficiency:
1)
2)
3)
4)
5.
An important element of co
objectives. Internal auditors can u
Internal auditors can add value to an
performance measurem
and
Internal auditors ma
results of these en
system is adequ
Study multiple-choice
1.7
2)
b.
A small internal audit activity may be managed informally through daily, close
supervision and memoranda.
In a large internal audit activity, more forma! and comprehensive policies and
procedures are essential to guide the execution of the internal audit plan.
The importance of the relationship of the particular internal audit activity to the extent
of its formal policies and procedures is made clear in this Interpretation:
Interpretation of Standard 2040
The form and content of policies and procedures are dependent upon the size and structure of
the internal audit activity and the complexity of its work.
'
Stop and review! You have completed the outline for this subunit.
. questions 18 through 20 beginning on page 45.
29
Study multiple-cholce
Overview
a.
b.
c.
lement of corporate
nd operating the risk
2.
e to an organization by providing the board with objective
?'
-} ,A, helpful memory aid is
C
Catch
.Lying
Records
'
30
3.
4.
5'.
b.
c.
d.
e.
f.
in pursuit of
uences the entity's
A.
B.
C.
D.
(C) is incorrect. Internal auditors assist both management and the board by examining,
evaluating, reporting, and recommending improvements of the adequacy and effectiveness of risk
management processes.
(0) is incorrect. Internal auditors may recommend controls without losing independence.
.'
31
6.
Determining whether risk management processes are effective is a judgment resulting from the
internal auditor's assessment that:
~
.'? ~Fgi~nizatiQn's:".;)
..,<::{
' -. :. i;
"'.,'
.'
'
:'
,","""""'" .(for;.the
~'t~urrence'of
fraud and
.
~
.
.
,'.
nsibil
t1~
The" _.:s ion of responsibility is described in Practice Advisory 2120-1, Assessing the
'-~cy of Risk Management Processes.
1)
.'
"
32
2)
If the organization has no formal RMPs, the CAE has formal discussions with
management and the board about their obligations for understanding,
managing, and monitoring risks.
3)
The CAE must understand management's and the board's expectations of the
internal audit activity in risk management. The understanding is codified in-the
charters of the internal audit activity and the board.
4)
Senior management and the board determine the internal audit activity's role in
risk management based on factors such as (a) organizational culture, (b)
abilities of the internal audit activity staff, and (c) local co
. ns and customs.
a)
5)
the
. internal
ard-
anization's
small entity may
a)
6)
To form an opinion 0
sufficient, a
.
A.
To help riot,orrn
object
B.
C.
nature, timing, and extent of certain tests must be determined before tile
trol processes can be evaluated.
(B) is incorrect. Internal auditors have no authority to ensure correction of material weaknesses.
(C) is correct. Risk management, control, and governance processes are adequate if
management has planned and designed them to provide reasonable assurance of achieving tile
organization's objectives efficiently and economically. Efficient performance accomplishes
objectives in an accurate, timely, and economical fashion. Economical performance accomplishes
objectives with minimal use of resources (i.e., cost) proportionate to the risk exposure.
(0) is incorrect. The scope of internal auditing is much broader than concern for the fairness of
financial statements.
Stop and review! You have completed the outline for this subunit. Study multiple-choice
questions 21 through 23 beginning on page 46.
Overview
. a.
b.
The chief audit executive (CAE) is responsible for management of internal audit
activity resources in a manner that ensures fulfillment of its responsibilities. Like any
well-managed department, the internal audit activity should operate effectively and
efficiently. This can be accomplished through proper planning, which includes
budgeting and human resources management.
Management oversees the day-to-day operations of the internal
including the foilowing administrative activities:
1)
2)
3)
4)
2.
Budgeting
a.
3.
Human Resources
a.
b.
que
nd forms should be prepared in advance to evaluate,
othejj
~"'theapplicant's (a) technical qualifications, (b) educational
rQuncfl~!i.personalappearance, (d) ability to communicate, (e) maturity,
pers'l~ivJiess, (g) self-confidence, (h) intelligence, (i) motivation, and
U)
er}ti"t'b contribute to the organization.
p91
j~.~l~fs
need a diverse set of skills to perform their jobs effectively. These
Cl.
..
Situational - "What would you do if you saw two people arguing loudly in
the work area?"
job knowledge - "Do you know how to do an Internet search?"
34
c)
d)
2)
4.
Job sample simulation - "Can you show LIS how to compose and send an
e-mail message?"
Worker requirements - "Are you able to spend 25 percent of your time on
the road?"
Reporting
a.
b.
1) Governance,
2) Risk management, and
3) Control.
Periodic reports also are made on internal audit's
and performance.
Reporting to senior management and the boa
Unit 2, Subunit 3.
c.
ility,
1.
a.
.'
SU 1: Strategic and Operational Roles of !nt.;:rna! Audit
35
2)
3)
b)
c)
4)
OAIP efta
5)
(A) is corre
ersight of the work of external auditors, including coordination with the internal
audit activity, is the responsibility of the board (PA 2050-1). It is not within the scope of the
process for monitoring and assessing the quality program.
(B) is incorrect. Conformance with the Definition of Internal Auditing, Standards, and Code of
Ethics, including timely corrective actions to remedy any significant instances of nonconformance,
is an element of the assessment of a quality program.
(C) is incorrect. Adequacy of the internal audit activity's charter, objectives, policies, and
procedures is an element of the assessment of a quality program.
(D) is incorrect. Contribution to the organization's governance, risk management, and control
processes is an element of the assessment of a quality program.
36
til
2.
Internal Assessments
a.
f)
2)
Engagement supervision;
Checklists and procedures;
Feedback;
Peer reviews of working pa
Budget.s, timekeeping,
recoveries; and
Analyses of other pe
.:q.,,)';'
,~~~
a)
b)
c)
d)
6)
~
.. ~. ongoing or periodic internal assessment, conclusions about
~" orrnance are reached, and appropriate action is begun to ensure
iiifrflprOVements are made.
hose conducting internal assessments generally report directly to the CAE, who
should establish a structure for reporting results that maintains credibility and
objectivity.
At least annually, the CAE reports results, action plans, and implementation
information ~osenior management and the board.
"
External Assessments
a.
b.
. ternal
.s ssments:
~.~~.
1)
a)
b)
c)
2)
,''independent
If-assessment
~, identification, and
The scopemu
Individuals
or interest in,
have no rea
relations
a)
5)
6)
The reviewer(s) should have relevant technical and industry experience, and
other specialists may be needed.
Senior management and the board are involved in selecting (a) the approach
and (b) the external quality assessment provider,
38
7)
a)
b)
c)
d)
e)
8)
9)
process,
a)
responsibilities
i)
is impaired
The degree of pa
b)
Expression of an opinion
due professional care.
c)
a)
4.
ccountability
Reporting Res
a.
Se
The
prog
and transparency.
.'
39
5.
Internal Auditing"
The chief audit executive may state that the internal audit activity conforms with the International
Standards for the Professional Practice of Internal Auditing only if the results of
ity assurance
and improvement program support this statement.
6.
ce
b.
Nonconformance of
specific engageme
C.
It is supported
Stop and review! You have completed the outline for this subunit. Study multiple-choice
questions 28 through 30 on page 49.
40
QUESTIONS
1.1 Change Management
1. An organization's management perceives the
need to make significant changes. Which of the
following factors is management least likely to be
able to change?
~.,:,~.
A.
B.
C.
D.
\~~
.'
C. Following up on recommendations
the chief audit executive.
D.
6. An audit committee
enhance the inAo.,onrior
external auditing
functions from
this criterion, a
of
A.
B.
regu
C. Mem
from a
specifically inclu
banking, labor, re
tory agencies,
shareholders, and officers.
D. Only external members of the board of
directors or its equivalent.
42
,,,,,,
of ethical conduct is
organization wishes to
municates organizational
es uniform ethical guidelines
inclu
nee on behavior for members in
A code, ." blishes high standards against
m~j3sti(etheir own performance. It also
outside the organization the value system
be must not be asked to deviate.
rrect. Governments typically have no such
r (C) is incorrect. Codes of conduct provide
qualitative,
antitative, standards. Answer (0) is incorrect.
Other purposes of a code of conduct are much more significant.
.."if'
"'.i~~
..
43
A.
B.
C.
D.
taken by
to manage risk and
objectives will be
, and directs the
to provide reasonable
IV"".SiW'.1I1 be achieved. Thus, control by
of proper planning, organizing, and
Ascertaining needs, identifying
action, setting standards for measuring
comparing outcomes with predetermined
standards i
ic management function. Answer (C) is
incorrects-Authorizinq and monitoring performance and
c ."~'aring actual performance with planned performance is a
anagement function. Answer (D) is incorrect.
ining efficiency and economy of operations, including
ether objectives have been met, is a basic management
nction.
44
1.5 Coordination
13. Who has primary responsibility for providing
information to the board on the professional and
organizational benefits of coordinating internal audit
activities with those of other providers of similar
services?
A. The external auditor.
8. The chief audit executive.
C. The chief executive officer.
D. Each assurance and consulting function.
A.
B.
C. The board.
D. Management.
cift
.'
45
A.
B. Position descriptions.
C. Performance appraisals.
O. Policies and procedures.
46
fJ.
A.
B.
C.
O. The organization
jectives will be achieved
in an accurate and timely manner and with
minimal use of resources.
.
"
to the elements.
o.
al
an
cess.
ariizaiion does not
ief audit
and the board
monitor risks within
mselves that there
ization, even if informal,
sibility into the key risks.
and monitored (PA 2120-1,
e
4f~~\~
~~r
A.
B.
r'-'.
O.
48
C.
O.
er (A) is correct.
REQUIRED: The basic principle of governance.
DISCUSSION: The internal audit activity must assess and
make appropriate recommendations for improving the
governance process (Perf. Std. 2110).
Answer (B) is incorrect. The internal audit activity is an
assessor of the governance process. It is not accountable for
that process. Answer (C) is incorrect. External parties and
internal auditors may provide assurance about the governance
process. Answer (D) is incorrect. The internal audit activity must
assess and make appropriate recommendations for.improving
the governance process in its promotion of appropriate ethics
and values within the organization.
.'
49
A.
B.
C.
D.
st include ongoing
audit activity and
ssessment or by other
ufficient knowledge of
1311). The processes and
include, among other
of working papers by staff not
. dits (PA 1311-1, para. 1).
Project assignment documentation
rmation for assessment purposes than
(C) is incorrect. Status reports do not
ning. Answer (0) is incorrect. The
. gement work schedule does not relate to
ocumentation for individual engagements.
r (0) is correct.
EQUIRED: The subject of the opinion expressed in a
. mmunication after an external assessmentof a quality
program.
DISCUSSION: External assessments of an internal audit
activity contain an expressed opinion as to the entire spectrum of
assurance and consulting work performed (or that should have
been performed under its charter). including (but not limited to)
conformance with the Definition of Internal Auditing, the Code of
Ethics, and the Standards. An external assessment also
includes, as appropriate, recommendations for improvement
(PA 1312-1, para. 2). On completion of the review, a formal
communication should be given to senior management and the
board (PA 1312-1, para. 3).
Answer (A) is incorrect. An opinion is expressed on all
assurance and consulting work performed (or that should have
been performed under its charter). Answer (B) is incorrect. The
scope of an external assessment extends to more than the
effectiveness of the internal auditing coverage. Answer (C) is
incorrect. An external assessment addresses the internal audit
activity, not the adequacy of ihe organization's controls.
Use the additional quest~ns in Gleim CIA Test Prep Online to create Practice Exams
tha;~';':';:;~
~ear;onu~C~~
...J
50
._' \~~
",','
'.
~:
gleim'.C:o,m/_da
800.87'4~5346