Exam Flashcards
(50 cards)
by a governing body to stake-
holders for organizational oversight through
integrity, leadership, and transparency.
Accountability
(including managing risk) by manage-
ment to achieve the objectives of the organization through risk-based decision-making and application of resources.
Actions
by an independent internal audit function to provide clarity and confidence and to promote and facilitate continuous improvement through rigorous inquiry and insightful communication.
Assurance and advice
A considered process that includes
analysis, planning, action, monitoring,
and review, and takes account of
potential impacts of uncertainty on objectives.
Risk-based decision-making
Independent confirmation and confidence.
Assurance
Delegates responsibility and provides resources to management to achieve the objectives of the organization while ensuring legal, regulatory, and ethical expectations are met.
Governing body
Establishes and oversees an independent, objective, and competent internal audit function to provide
clarity and confidence on progress toward the achievement of objectives.
Governing body
Its responsibility is to achieve organizational objectives comprises both first and second line roles.
Management
An organized group of
activities, resources, and people
working toward shared goals.
Organization
Those groups and
individuals whose interests are served
or impacted by the organization.
Stakeholders
Those individuals
who are accountable to stakeholders for the success of the organization.
Governing body
Those individuals, teams,
and support functions assigned to
provide products and/or services to the
organization’s clients.
Management
Those individuals operating independently from manage-
ment to provide assurance and insight
on the adequacy and effectiveness of
governance and the management of risk (including internal control).
Internal audit
helps organizations identify
structures and processes that best assist the achievement
of objectives and facilitate strong governance and risk management
Three Lines Model
The model previously known as the Three Lines
of Defense.
Three Lines Model
Processes designed to provide reasonable confidence over the achievement of objectives.
Internal control
are human undertakings, operating in an increasingly uncertain, complex, interconnected, and volatile
world.
Organization
are most directly aligned with the delivery of products and/or services to clients of the organization, and include the roles of support functions
First line roles
provide assistance with managing risk.
Second line roles
Internal audit provides independent and objective assurance and advice on the adequacy and effectiveness of governance and risk management
Third line roles
It achieves this through the competent application of systematic and
disciplined processes, expertise, and insight. It reports its findings to management and the governing body to promote and facilitate continuous improvement. In doing so, it may consider assurance from other internal
and external providers
Third line roles
Internal audit’s independence from the responsibilities of management is critical to its objectivity, authority,
and credibility.
Third line independence
It is established through: accountability to the governing body; unfettered access to people, resources, and data needed to complete its work; and freedom from bias or interference in the planning and delivery of audit services.
Third line independence
All roles working together collectively contribute to the creation and protection of value when they are aligned with each other and with the prioritized interests of stakeholders.
Creating and protecting value
