1-Foundations Of Internal Auditing

Question 1

What are two types of guidance outlined by the International Professional Practices Framework (IPPF?)

Answer 1

1. Mandatory Guidance

2. Recommended Guidance

Question 2

What is the
Mission of Internal Audit?
(know word-for-word)

Answer 2

To enhance and protect organizational value

risk-based and objective
assurance,
advice, and
insight.

Question 3

What are the elements of Mandatory Guidance?

Answer 3

1-Core Principles for the Professional Practice of Internal Auditing
2-Definition of Internal Auditing
3-Code of Ethics
4-International Standards for the Professional Practice of Internal Auditing (Standards)

Question 4

What are the purposes of the Standards?

Answer 4

1-Guide adherence with the mandatory elements of the International Professional Practices Framework.
2-Provide a framework for performing and promoting a broad range of value-added internal auditing services.
3-Establish the basis for the evaluation of internal audit performance.
4-Foster improved organizational processes and operations.

Question 5

What are the Standards?

Answer 5

Guide adherence with mandatory elements of IPPF
Framework for performing and promoting value added IA services
Establish basis for evaluating performance
Foster improved organizational process and operations

Question 6

What are the three types of Standards?

Answer 6

1-Attribute Standards- attributes for the org and individual IAs
2-Performance Standards- criteria to measure IA services against
3-Implementation Standards- requirements for assurance and consulting services

Question 7

What are the two types of Recommended Guidance?

Answer 7

1) Implementation Guidance

2) Supplemental Guidance

Question 8

What are Implementation Guides?

Answer 8

Implementation Guides assist internal auditors in applying the Standards.

IGs collectively address internal auditing’s approach, methodologies, and consideration, but do not detail processes or procedures.

Question 9

What is Supplemental Guidance?

Answer 9

Supplemental Guidance provides detailed guidance for conducting internal audit activities. These include topical areas, sector-specific issues, as well as processes and procedures, tools and techniques, programs, step-by-step approaches, and examples of deliverables.

Question 10

What is the definition of internal auditing? (know word-for-word)

Answer 10

independent, objective
assurance and consulting activity
add value and improve an organization’s operations
accomplish its objectives by bringing a
systematic, disciplined approach
evaluate and improve the effectiveness of
risk management, control, and governance processes.

Question 11

What writes the Internal Audit Charter and who approves it?

Answer 11

The charter should be written by (and periodically reviewed by) the CAE and approved by senior management and the board or audit committee.

Question 12

What are the seven sections in the Internal Audit Charter?

Answer 12

Purpose and Mission
Standards for the Professional Practice of Internal Auditing
Authority
Independence and Objectivity
Scope of Internal Audit Activities
Responsibility
Quality Assurance and Improvement Program

Question 13

What is the definition of assurance services?

Answer 13

Objective examination of evidence
Entity, operation, function, process, system or other
Nature and scope determined by internal auditor
Three parties involved: Process owner (OPI), internal auditor and the user of the process

Question 14

What is the definition of consulting services?

Answer 14

“Advisory and related client services, the nature and scope of which are agreed upon with the client and which are intended to add value and improve an organization’s operations. Examples include counsel, advice, facilitation, process design and training.” (from the IIA Glossary)

Question 15

What consulting services may internal auditors perform?

Answer 15

The Standards state that internal auditors can only perform consulting services specifically defined in the internal audit charter.

Question 16

What is the difference between assurance and consulting engagements?

Answer 16

In an assurance engagement, the auditor provides an assessment and states an opinion about whether or not something within the company is operating or performing correctly. The auditor should be objective in the investigation and independent in the decision.

In a consulting engagement, the auditor provides advice or makes a suggestion.

Question 17

What is the Code of Ethics?

Answer 17

“The Code of Ethics states the principles and expectations governing the behavior of individuals and organizations in the conduct of internal auditing. It describes the minimum requirements for conduct, [sic] and behavioral expectations rather than specific activities.” (from the Code of Ethics)

Question 18

What are the four principles in the Code of Ethics?

Answer 18

Integrity
Objectivity
Confidentiality
Competency

Question 19

What are the Rules of Conduct related to integrity?

Answer 19

Internal auditors:

1. 1. Shall perform their work with honesty, diligence, and responsibility.
2. 2. Shall observe the law and make disclosures expected by the law and the profession.
3. 3. Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization.
4. 4. Shall respect and contribute to the legitimate and ethical objectives of the organization.

Question 20

What are the Rules of Conduct related to objectivity?

Answer 20

Internal auditors:

2. 1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization.
3. 2. Shall not accept anything that may impair or be presumed to impair their professional judgment.
4. 3. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.

Question 21

What are the Rules of Conduct related to confidentiality?

Answer 21

Internal auditors:

3. 1. Shall be prudent in the use and protection of information acquired in the course of their duties.
4. 2. Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.

Question 22

What are the Rules of Conduct related to competency?

Answer 22

Internal auditors:

4. 1. Shall engage only in those services for which they have the necessary knowledge, skills, and experience.
5. 2. Shall perform internal auditing services in accordance with the International Standards for the Professional Practice of Internal Auditing.
6. 3. Shall continually improve their proficiency and the effectiveness and quality of their services.

Question 23

What is independence?

Answer 23

“Independence is the freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner. To achieve the degree of independence necessary to effectively carry out the responsibilities of the internal audit activity, the chief audit executive has direct and unrestricted access to senior management and the board. This can be achieved through a dual-reporting relationship. Threats to independence must be managed at the individual auditor, engagement, functional, and organizational levels.” (from Standard 1100)

Question 24

What is objectivity?

Answer 24

“Objectivity is an unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work product and that no quality compromises are made.Objectivity requires that internal auditors do not subordinate their judgment on audit matters to others. Threats to objectivity must be managed at the individual auditor, engagement, functional, and organizational levels.” (from Standard 1100)

Question 25

What does organizational independence mean?

Answer 25

Organizational Independence means that the internal audit activity must not have any current or previous relationships with the departments that it audits.

Organizational independence can be achieved through a properly designed Internal Audit Charter.

Question 26

What are examples of functional reporting?

Answer 26

Approving the internal audit charter;
Approving the risk based internal audit plan;
Approving the internal audit budget and resource plan;
Receiving communications from the chief audit executive on the internal audit activity’s performance relative to its plan and other matters;
Approving decisions regarding the appointment and removal of the chief audit executive;
Approving the remuneration of the chief audit executive; and
Making appropriate inquiries of management and the chief audit executive to determine whether there are inappropriate scope or resource limitations.
(from Standard 1110)

Question 27

What are examples of administrative reporting?

Answer 27

Budgeting and management accounting.
Human resource administration, including personnel evaluations and compensation.
Internal communications and information flows.
Administration of the internal audit activity’s policies and procedures.
(from PA 1110-1)

Question 28

Who does the CAE report to?

Answer 28

The CAE should report to an audit committee, or its equivalent, for any functional and engagement issues.

For administrative issues, the CAE should report to the CEO (or a similar position).

Question 29

What is individual objectivity?

Answer 29

“Internal auditors must have an impartial, unbiased attitude and avoid any conflict of interest.”

(from Standard 1120)

Question 30

What are common impairments?

Answer 30

A personal conflict of interest.
A scope limitation, including a restriction of access to records, personnel, or properties.
Resource limitation, which includes funding limitations.
Situations where the auditor is assessing operations for which they were previously responsible.
Assurance engagements for functions over which the CAE previously had responsibility.
Consulting engagements in areas where assurance engagements are also performed.

Question 31

What is a conflict of interest?

Answer 31

A situation in which an internal auditor, who is in a position of trust, has a competing professional or personal interest. Such competing interests can make it difficult to fulfill his or her duties impartially. A conflict of interest exists even if no unethical or improper act results. A conflict of interest can create an appearance of impropriety that can undermine confidence in the internal auditor, the internal audit activity, and the profession. A conflict of interest could impair an individual’s ability to perform his or her duties and responsibilities objectively. (from Standard 1120)

Question 32

May auditors assess operations that they were previously responsible for?

Answer 32

Internal auditors must refrain from assessing specific operations for which they were previously responsible. Objectivity is presumed to be impaired if an auditor provides assurance services for an activity for which the auditor had responsibility within the previous year.
(from PA 1130)

Question 33

May auditors provide consulting for operations that they were previously responsible for?

Answer 33

Yes, internal auditors may provide consulting services relating to operations for which they had previous responsibilities.

Question 34

What must be done if independence is impaired in fact or in appearance?

Answer 34

“The details of the impairment must be disclosed to appropriate parties.” (from Standard 1130)

Question 35

What responsibilities does the CAE have to report independence and objectivity issues to the board?

Answer 35

1-The CAE will confirm at least annually to the board that the IAA is organizationally independent. The CAE will need to make certain that the IAA maintains its organizational independence at all times.

2-The CAE will disclose to the board any interference with the IAA determining the scope of work, performing the work, or communicating the results.

Question 36

List the four elements of the International Professional Practices Framework’s (IPPF’s) mandatory guidance.

Answer 36

Core Principles
Definition of Internal Auditing
Code of Ethics
The Standards

Question 37

List and define the three different Standards under the International Professional Practices Framework’s (IPPF’s) mandatory guidance.

Answer 37

Attribute Standards:
Govern the responsibilities, attitudes, and actions of internal activity and the people who serve as internal auditors

Performance Standards:
Govern the nature of internal auditing and provide quality criteria for evaluating the internal audit function’s performance

Implementation Standards:
Expand upon Attribute and Performance Standards to provide the requirements applicable to the services

Question 38

Internal auditing evaluates and improves which three processes?

Answer 38

Governance processes
Risk management processes
Control processes

Question 39

Define assurance services.

Answer 39

An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization.

Question 40

Define consulting services.

Answer 40

Advisory activities intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility.

Question 41

The nature and scope of assurance services are determined by

Answer 41

The internal auditor.

Question 42

The nature and scope of consulting services are determined by

Answer 42

Agreement between the internal auditor and engagement client.

Question 43

The ________ defines the internal audit activity’s purpose, authority, and responsibility.

Answer 43

Internal audit charter.

Question 44

What are the four principles of The IIA’s Code of Ethics?

Answer 44

Integrity
Objectivity
Confidentiality
Competency

Question 45

The IIA’s Code of Ethics applies to both _____ (1) and _____ (2) that perform internal audit services.

Answer 45

1-Entities

2-Individuals

Question 46

What are the four rules of conduct relating to integrity?

Answer 46

Internal auditors
1-Shall perform their work with honesty, diligence, and responsibility
2-Shall observe the law and make disclosures expected by the law and the profession
3-Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the procession of internal auditing or to the organization
4-Shall respect and contribute to the legitimate and ethical objectives of the organization

Question 47

What are the three rules of conduct relating to objectivity?

Answer 47

Internal auditors
1-Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization.
2-Shall not accept anything that may impair or be presumed to impair their professional judgment.
3-Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.

Question 48

What are the two rules of conduct relating to confidentiality?

Answer 48

Internal auditors
1-Shall be prudent in the use and protection of information acquired in the course of their duties.
2-Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.

Question 49

What are the three rules of conduct relating to competency?

Answer 49

Internal auditors
1-Shall engage only in those services for which they have the necessary knowledge, skills, and experience.
2-Shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing.
3-Shall continually improve their proficiency and the effectiveness and quality of their services.

Question 50

The ______ defines the scope of internal audit activities.

Answer 50

Internal audit charter.

Question 51

Who is responsible for approving the internal audit charter?

Answer 51

The entity’s board of directors.

Question 52

Who is responsible for retaining the internal audit charter?

Answer 52

The chief audit executive (CAE).

Question 53

Which elements of the IPPF need to receive public exposure prior to becoming official.

Answer 53

The mandatory guidance from the IPPF:
Core principles
Definition
Code of Ethics
Standards

Question 54

Name the 10 Core Principles for the Professional Practice of Internal Auditing

Answer 54

Demonstrates Integrity
Demonstrates competence and due professional care
Objective and Independent
Aligns with strategies, objectives and risks of org
Positioned and resources
Quality and improvement (QAIP)
Communicates effectively
Risk based assurance
Insight, proactive, future-focused
Org improvement

Question 55

What are the primary components of the Attribute Standards

Answer 55

Purpose, Authority and Responsibility (outlined in the charter and approved by the board)
Independence and Objectivity
Proficiency and Due Professional Care
Quality Assurance and Improvement Program (does IIA conform to the Mandatory Guidance and add value to the org)

Question 56

What are the primary components of the Performance Standards?

Answer 56

Managing the Internal Audit Activity
Nature of Work
Engagement Planning
Performing the Engagement
Communicating Results
Monitoring Progress
Resolution of Management's Acceptance of Risks

Question 57

What are the 7 parts of the internal audit charter?

Answer 57

Purpose and Mission
Standards for the Professional Practice of IA (from IPPF)
Authority
Independence and Objectivity
Scope of the IAA
Responsibility
Quality Assurance and Improvement Program