Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
55 Cards in this Set
- Front
- Back
Attribute Standard 1100: Independence and Objectivity |
The internal audit activity must be independent, and internal auditors must be objective in performing their work |
|
Interpretation of Standard 1100 (Independence) |
Independence is freedom from conditions that threaten the ability of the internal audit activity to carry out responsibilities in an unbiased manner |
|
How does on achieve the degree of independence necessary to carry out the activity? |
CAE has direct and unrestricted access to senior management and the board, achieved through a dual-reporting relationship. |
|
Attribute Standard 1110 - Organizational Independence |
CAE must report to a level within the organization that allows the internal audit activity to fulfill its responsibilities. The CAE must confirm to the board, at least annually, the organizational independence of the internal audit activity |
|
Interpretation of Standard 1110 (Organization Independence) |
Organization independence is achieved when the CAE reports functionally to the board. |
|
Examples of functional reporting |
The board: - Approves the internal audit charter - Approves the risk based internal audit plan - Approving the budget and resource plan - Approving decision regarding the appt and removal of the CAE |
|
Dual-Reporting Relationship |
Reporting functionally to the board and administratively to the the CEO |
|
Administrative Reporting |
Reporting relationship that facilitates day to day operations: - Budget and mgmt accounting - HR administration - Internal communications and info flows - Administration of the activity's policies and procedures |
|
Implementation Standard 1110.A1 - how internal audit independence is applied as a practical matter |
The internal audit activity must be free from interference in determining the scope of internal auditing, performing work, and communicating results. |
|
Attribute Standard 1111 - Direct Interaction with the Board |
The CAE must communicate and interact directly with the board |
|
Interpretation of Standard 1100 (Objectivity) |
Objectivity is an unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work product and no quality compromises are made. Requires that auditors do not subordinate their judgement to others |
|
How must threats to objectivity be managed |
At the individual auditor, engagement, functional, and organizational levels |
|
Attribute Standard 1120: Individual Objectivity |
Internal auditors must have an impartial, unbiased attitude and avoid any conflict of interest |
|
Define: Conflict of Interest |
Any relationship that is, or appears to be, not in the best interest of the organization. A conflict of interest would prejudice an individual's ability to perform his duties and responsibilities objectively |
|
Interpretation of Standard 1120 - Importance of Identifying Potential Conflict of Interest |
A conflict of interest can create an appearance of impropriety that can undermine confidence and impair ability to perform an individual's ability to perform his duties and responsibilities objectively. A conflict of interest exists even if no unethical or improper act results. |
|
Who is responsible for maintaining objectivity |
CAE and internal auditors themselves |
|
How can the CAE assess the objectivity of individual internal auditors |
Periodic reviews of conflicts of interest or as-needed assessments during the staffing requirements phase of each engagement |
|
Attribute Standard 1130: Impairment to Independence or Objectivity |
If independence or objectivity is impaired in fact or appearance, the details of the impairment must be disclosed to appropriate parties. The nature of the disclosure will depend on the impairment |
|
Interpretation of Standard 1130 - examples of impairment to organizational independence and individual objectivity |
- Personal conflict of interest - Scope limitation - Restrictions on access to records, personnel, and properties - Resource limitations, such as funding |
|
Who should scope limitations be reported to |
A scope limitation, along with its potential effect, needs to be communicated, preferably in writing, to the Board. |
|
Implementation Standard 1130.A1 - Objectivity Impaired by Previous Assignment of Internal Audit Personnel |
Internal auditors must refrain from assessing specific operations for which they were previously responsible. Objectivity is presumed to be impaired if an auditor provides assurance services for an activity for which the auditor had responsibility within the previous year |
|
How long must an auditor refrain from assessing operations for which they were previously responsible? |
One year |
|
Implementation Standard 1130.A2 - Internal Audit's Responsibility for Other (Non-audit) Functions |
Assurance engagements for functions over which the CAE has responsibility must be overseen by a party outside the internal audit activity (may not accept responsibility for non-audit functions that are subject to periodic internal audit assessments) |
|
Attribute Standard 1200 - Proficiency and Due Professional Care |
Engagements must be performed with proficiency and due professional care |
|
Define: Proficiency |
The knowledge, skills, and other competencies needed to fulfill internal audit responsibilities |
|
Define: Due Care |
The care and skill expected of a reasonably prudent and competent internal auditor |
|
Attribute Standard 1210 - Proficiency |
Internal auditors must possess the knowledge, skills, and other competencies needed to perform their individual responsibilities. |
|
Components of auditor proficiency |
Proficiency, Knowledge, Understanding, Appreciation |
|
What must all internal auditors have proficiency in applying? |
- Internal audit standards, procedures, and techniques in performing engagements
- Accounting principles and techniques if internal auditors work extensively with financial records and reports |
|
What must the internal auditor have knowledge of |
- The indicators of fraud sufficient to identify them
- Key IT risks and controls and available technology-based audit techniques |
|
What must the internal auditor have an understanding of |
Management principles to recognize and evaluate the materiality and significance of deviations from good business practices |
|
What is an understanding (as relates to proficiency) |
The ability to apply broad knowledge to situations likely to be encountered, to recognize significant deviations, and to reach reasonable solutions |
|
What is an appreciation (as relates to proficiency) |
The ability to recognize the existence of problems or potential problems and to identify the additional research to be undertaken or the assistance to be obtained |
|
What fundamentals of business subjects must the internal auditor have an appreciation of |
- Accounting - Economics - Commercial law - Taxation - Finance - Quantitative methods - Fraud - Risk Management - IT |
|
Acronym: Paul Is A Studen |
Proficiency in: - Internal - Audit - Standards, etc |
|
Acronym: Under My Pillow |
Understanding of: - Management - Principals |
|
Acronym: Katie Fixes Information Technology |
Knowledge of: - Fraud and - Information - Technology |
|
Acronym: An Accounting Education Lets Tim Feel Intelligent |
Appreciation of: - Accounting - Economics - Commercial Law - Taxation - Fraud, and - IT |
|
IIA Competency Framework |
- Interpersonal Skills
- Tools and Techniques
- Internal audit standards, theory, and methodology
- Knowledge areas |
|
Implementation Standard 1210.A1 - External Resources |
The CAE must obtain competent advice and assistance if the internal auditors lack the knowledge, skills, or other competencies needed to perform all or part of the engagement |
|
Attribute Standard 1220 - Due Professional Care |
Internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor. Due professional care does not imply infallibility |
|
Implementation Standard 1220.A1 - Considerations in exercising due professional care |
- Extent of work needed to achieve the objectives
- Relative complexity, materiality, or significance of maters to which assurance procedures are applied
- Adequacy and effectiveness of governance, risk management, and control processes
- Probability of significant errors, fraud, or noncompliance
- Cost of assurance in relation to potential benefits |
|
Implementation Standard 1220.A2 - what techniques should be considered |
Technology-based audit and other data analysis techniques |
|
Implementation Standard 1220.A3 - What must internal auditors be alert do |
To the significant risks that might affect objectives, operations, or resources. However, assurance procedures alone, even when performed with due professional care, do not guarantee that all significant risks will be identified |
|
Attribute Standard 1230 - Continued Professional Development |
Internal auditors must enhance their knowledge, skills, and other competencies through continuing professional development |
|
Attribute Standard 1300 - Quality Assurance and Improvement Program |
The CAE must develop and maintain a QA and improvement program that covers all aspects of the internal audit activity |
|
Attribute Standard 1310 - Requirements of the Quality Assurance and Improvement Program |
The QA and improvement program must include both internal and external assessments |
|
Attribute Standard 1320 - Reporting on the Quality Assurance and Improvement Program |
The CAE must communicate the results of the QA and improvement program to senior management and the board |
|
Attribute Standard 1321 - Use of "Conforms with the Int'l Standards for the Professional Practice of Internal Auditing" |
The CAE may state that the internal audit activity conforms with the International Standard for the Professional Practice of Internal Auditing only if the results of the QA and improvement program support this statement (cannot claim to comply with the Standards without a successfully functioning QAIP) |
|
Attribute Standard 1322 - Disclosure of Nonconformance |
When nonconformance with the Definition of Internal Auditing, the Code of Ethics, or the Standards impacts the overall scope or operation of the internal audit activity, the CAE must disclose the nonconformance and the impact to senior management and the board |
|
Attribute Standard 1311 - Internal Assessments |
Internal assessments must include:
- Ongoing monitoring of the performance of the internal audit activity
- Periodic self-assessments by other persons within the organization with sufficient knowledge of internal audit practices |
|
Processes and tools used in ongoing internal assessments |
- Engagement supervision
- Checklists and procedures are being followed
- Feedback from audit customers and other stakeholders
- Selective peer reviews of workpapers by staff not involved in the respective audits
- Project budgets, timekeeping systems, audit plan completion, and cost recoveries
- Analysis of other performance metrics |
|
How often must the results of internal assessments be reported |
At least annually |
|
Attribute Standard 1312 - External Assessments |
- Must be conducted at least once every 5 years by a qualified, independent assessor from outside the organization.
CAE must discuss with the board:
- Form and frequency of external assessments
- Qualifications and independence of the external assessor, including any potential conflict of interest |
|
What do external assessments cover |
The entire spectrum of audit and consulting work performed by the internal audit activity |