2: Assurance Engagements

Question 1

Define assurance services.

Answer 1

Assurance services are an objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization.

Question 2

What are the types of assurance services?

Answer 2

Financial
Compliance
Operational
IT

Question 3

Define compliance assurance.

Answer 3

Compliance assurance is the review of financial and operating controls to assess conformance with established laws, standards, regulations, policies, plans, procedures, contracts, and other requirements.

Question 4

Define operational assurance.

Answer 4

Operational assurance is the review of a function or process to appraise the efficiency and economy of operations and their effectiveness.

Question 5

According to COSO, what process is designed to provide reasonable assurance regarding the achievement of objectives?

Answer 5

Internal control.

Question 6

List the three parties involved in an assurance engagement.

Answer 6

Responsible party or auditee
Users
Practitioner

Question 7

What is the basic philosophy of Control Self-Assessment?

Answer 7

Control is the responsibility of everyone in the organization.

Question 8

________ should oversee the processes of risk management and control.

Answer 8

Senior management.

Question 9

List some benefits of a control self-assessment (CSA) program.

Answer 9

A CSA program
Augments the traditional role of the internal audit activity (IAA),
Assists management in risk management and control processes,
Allows the IAA and business units to collaborate to produce better information,
May reduce efforts in gathering information and testing of control processes, and
Increases coverage of assessments of control processes across the organization.

Question 10

What are the three primary approaches of control self-assessment programs?

Answer 10

Workshop facilitation
Survey/questionnaire
Self-certification

Question 11

What are the different formats and focuses of the facilitation approach?

Answer 11

Format
Objective-based: The best way to accomplish a business objective
Risk-based: Listing risks to achieve objective(s)
Control-based: How well the controls in place are working
Process-based: Selected activities that are elements of a chain of processes

Question 12

Who provides varying degrees of assurance about the state of effectiveness of the risk management and control processes of the organization?

Answer 12

Internal and external auditors.

Question 13

List examples of external business relationships.

Answer 13

Service providers
Supply-side partners
Demand-side partners
Strategic alliances
Joint ventures
Intellectual property partners

Question 14

List examples of significant risks of external business relationships (EBRs).

Answer 14

Risks may not be identified, managed, assessed, or monitored.
EBRs may adversely affect the organization’s reputation.
EBRs may have inadequate insurance coverage.
Service levels or products may be unsatisfactory.
Conflicts of interest may arise.
Licensing of intellectual property may result in misuse, theft, or loss of revenue.
The organization may be overcharged for services.
The EBR partner may become insolvent.
The organization’s confidential information may be lost.

Question 15

What is contract auditing?

Answer 15

An engagement to monitor and evaluate significant
Construction contracts and
Operating contracts that involve the provision of goods or services.

Question 16

Typical contracts subject to audit include

Answer 16

Lump-sum contracts,
Cost-plus contracts, and
Unit-price contracts.

Question 17

The internal audit activity helps management and the board ___[1]___, ___[2]___, and ___[3]___ risks, including reputation and economic risks.

Answer 17

1.Identify
2.Assess
3.Manage

Question 18

Explain the traditional vs. the modern views of quality.

Answer 18

The traditional view emphasizes detection of products that do not meet standards. The modern view is that quality is a value-added activity performed throughout all business processes.

Question 19

Total Quality Management is the continuous pursuit of quality in every aspect of organizational activities through

Answer 19

A philosophy of doing it right the first time,
Employee training and empowerment,
Promotion of teamwork,
Improvement of processes, and
Attention to satisfaction of internal and external customers.

Question 20

What is the internal audit activity’s role as it relates to quality auditing?

Answer 20

To provide assurance that the approved quality structures are in place and quality processes are functioning as intended.

Question 21

Quality is best viewed from what perspectives?

Answer 21

Attributes of the product (performance, serviceability, durability, etc.)
Customer satisfaction
Conformity with manufacturing specifications
Value (relation of quality and price)

Question 22

The internal audit activity performs procedures to provide assurance that what basic quality management objectives are reached?

Answer 22

Customer satisfaction
Continuous improvement
Promotion of teamwork

Question 23

What do privacy engagements address?

Answer 23

Security of personal information, especially information stored in computer systems.

Question 24

Information reliability and integrity includes

Answer 24

Accuracy
Completeness
Security

Question 25

List the elements of privacy.

Answer 25

Personal privacy (physical and psychological) Privacy of space (freedom from surveillance) Privacy of communication (freedom from monitoring) Privacy of information (collection, use, and disclosure of personal information by others)

Question 26

Assurance about the organization’s key performance indicators is assessed through what type of audit?

Answer 26

Performance auditing.

Question 27

What is a balanced scorecard?

Answer 27

A report that connects critical success factors with financial and nonfinancial measures.

Question 28

What four categories or measures are found on a typical balanced scorecard?

Answer 28

1.Financial 2.Customer 3.Internal 4.Learning, growth, and innovation

Question 29

Identifying critical success factors by analyzing internal and external factors is called

Answer 29

SWOT analysis.

Question 30

Performance audit engagements involve review of

Answer 30

The business, Control environment, and Key performance indicators against established criteria.

Question 31

An operational audit assesses the

Answer 31

Efficiency and effectiveness of an organization’s operations.

Question 32

What are process (functional) engagements?

Answer 32

Operational audit engagements that follow process-crossing organizational lines, service units, and geographical locations.

Question 33

_____________ programs assist organizations in preventing unintended employee violations, detecting illegal acts, and discouraging intentional employee violations.

Answer 33

Compliance.

Question 34

The chief compliance officer should report directly to

Answer 34

The chief executive officer.

Question 35

What should an ombudsperson do to be more effective?

Answer 35

Report directly to the chief compliance officer or the board. Keep names of informants secret. Provide guidance to informants. Follow up to ensure retaliation has not occurred.

Question 36

Organizational compliance standards and procedures to reduce misconduct include

Answer 36

Business code of conduct, Organizational chart identifying personnel responsible for compliance programs, and Financial incentives that do not reward misconduct.

Question 37

Applicant screening serves the purpose of

Answer 37

Detecting evidence of past wrongdoing, especially that within the organization’s industry.