Which of the following documents specifies the purpose authority and responsibility of the internal audit function within an organization?

Successfully reported this slideshow.

Your SlideShare is downloading. ×

CIA Part 1 - Section I - Foundations of Internal Auditing - A. Purpose, Authority, and Responsibility

CIA Part 1 - Section I - Foundations of Internal Auditing - A. Purpose, Authority, and Responsibility

CIA Part 1 - Section I - Foundations of Internal Auditing - A. Purpose, Authority, and Responsibility

CIA Part 1 - Section I - Foundations of Internal Auditing - A. Purpose, Authority, and Responsibility

More Related Content

Slideshows for you

More from Tariq Al-Basha

Featured

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

CIA Part 1 - Section I - Foundations of Internal Auditing - A. Purpose, Authority, and Responsibility

1. 1. Q1 A B C D Q2 A B C D Q3 A B C D Q4 A B C D Q5 Mandatory Guidance Public Exposure Requirements of IPPF Guidance Mandatory Guidance: Definition of Internal Auditing Mandatory Guidance: Core Principles for the Professional Practice of Internal Auditing CIA Part 1 - Section I - Foundations of Internal Auditing A. Purpose, Authority, and Responsibility Tariq Al-Basha, MSc, CMA®, FMVA®, CMSA®, CBCA™, CRE The Mission of Internal Audit I, II, and IV only. II and IV only. Which of the following is a Core Principle for the Professional Practice of Internal Auditing? Promote an ethical culture in the internal audit profession. Is appropriately positioned and adequately resourced. Develop consistency in internal audit practices. Maintain confidentiality. IV. A new definition in the IPPF Glossary. Internal auditing is a dynamic profession. Which of the following best describes the scope of internal auditing as it has developed to date? II and IV only. The Mission of internal auditing is to Perform the preliminary work of external financial statement audit. Provide an opinion about the accuracy and completeness of the quarterly financial statements. Enhance and protect organizational value. Find errors and fraud within the company. Which of the following types of IPPF guidance require(s) public exposure? I, II, III, and IV. III only. II, III, and IV only. I. A new Implementation Guide. II. A new standard. III. A new Supplemental Guide for auditing cybersecurity. Which of the following is “mandatory guidance” in The IIA’s IPPF? II, III, and IV only. I, II, III, and IV. I. Implementation Guidance. II. Code of Ethics. III. The Core Principles for the Professional Practice of Internal Auditing. IV. Standards.
2. 2. A B C D Q6 A B C D Q7 A B C D Q8 A B C D Q9 A B C D Q10 A B C D The proper organizational role of internal auditing is to Perform studies to assist in the attainment of more efficient operations. Serve as an appraisal function to examine and evaluate activities as a service to the organization. Serve as the investigative arm of the board of directors. Assist the external auditor in order to reduce external audit fees. Accepting the concept that internal auditing should be an integral part of an organization can involve a major change of attitude on the part of top management. Involving top management in deciding which audit findings will be reported. Negotiating with top management to provide them with rewards, such as favorable audits. Educating top managers about the benefits and communicating with them on a regular basis. Persuading top managers to accept the idea of internal audits by contacting company shareholders and regulatory agencies. Which of the following would be the best way for internal auditors to convince management regarding the need for and benefits of internal auditing? Mandatory Guidance: Benefits of Internal Auditing Internal auditing involves evaluating the effectiveness and efficiency with which resources are employed. From a modern internal auditing perspective, which one of the following statements represents the most important benefit of an internal auditing activity to management? Assurance that fraudulent activities will be detected. Assurance that there is reasonable control over day-to-day operations. Assurance that published financial statements are correct. Assurance that the organization is complying with legal requirements. The benefits from internal auditing include all of the following except Employees benefit because the internal audit activity can help them effectively perform their jobs. Management benefits because the internal audit activity is able to help them identify and minimize risks. Society benefits from internal auditing because the internal auditor promotes the efficient and effective use of resources. The external auditor benefits because the internal audit activity is able to provide an opinion about the accuracy and completeness of the annual financial statements. Internal auditing has evolved to evaluating all risk management, control, and governance systems. Internal auditing involves evaluating compliance with laws, regulations, and contracts. Promoting an ethical culture in the profession of internal auditing. Reducing the occurrence of fraud. Protecting organizational value. Respecting the value and ownership of information received and not disclosing information without appropriate authority. Internal auditing has evolved to verifying the existence of assets and reviewing the means of safeguarding assets. Which of the following is a part of the Mission of Internal Audit?
3. 3. Q11 A B C D Q12 A B C D Q13 A B C D Q14 A B C D Q15 A B C D Internal Audit Activity Vs Financial Statements/Financial Reporting Fostering improved organizational processes and operations. Establishing the basis for the measurement of internal audit performance. Providing a framework for performing and promoting a broad range of value-added internal auditing services. Guiding the ethical conduct of internal auditors. Management may be concerned about its reputation in the financial markets. The Standards state that internal auditors should be involved with reviewing quarterly financial statements. Management may be concerned about potential penalties that could occur if quarterly financial statements that are made public are misstated. One of the purposes of the International Standards for the Professional Practice of Internal Auditing as stated in the Introduction to the current version of the Standards is to Establish the independence of the internal audit activity and emphasize the objectivity of internal auditing. Establish the basis for evaluating internal auditing performance. Encourage the professionalization of internal auditing. Encourage external auditors to make more extensive use of the work of internal auditors. Which of the following actions will help an organization improve the public’s perception of their financial reporting? I, II and III. I and III only. I and II only. II and III only. I. Keeping external and internal auditing work separated to maintain independence. II. Increased adoption of audit committees composed of outside directors. III. Requiring internal auditors to report all significant observations of illegal activity to the audit committee. The purposes of the Standards include all of the following except Management often requires the internal audit activity's involvement with quarterly financial statements that are made public or used internally. Management may perceive that having quarterly financial information examined by the internal auditors enhances its value for internal decision-making. Which one of the following is generally not a reason for such involvement? As used by the internal auditing profession, the Standards refers to all of the following except Criteria which dictate the minimum level of ethical actions to be taken by internal auditors. Criteria by which the performance of an internal audit activity can be evaluated. Statements intended to represent the practice of internal auditing as it should be. Criteria that are applicable to all types of internal audit activities. Mandatory Guidance: The Code of Ethics Mandatory Guidance: Outlining of the Standards and its objectives.
4. 4. Q16 A B C D Q17 A B C D Q18 A B C D Q19 A B C D Q20 A B C D Internal Audit Activity Which of the following would not be an appropriate responsibility for an internal audit activity? Designing and implementing appropriate controls. Undertaking research on factors impacting the organization's share price. Reviewing the implementation of organizational policies. Assessing management's performance against the achievement of the organization's mission. This kind of management attitude will most probably have an adverse effect on the internal audit activity's Analyze financing alternatives and present the alternatives to the audit committee. Employees are currently working double shifts and receiving large amounts of overtime pay. Demand for all of the organization's products is currently high, but management worries about demand fluctuations with changes in the economy and technological developments by competitors. Management is concerned with such issues as whether it is efficiently using its resources, whether it is expanding too rapidly or not rapidly enough, whether employee morale is decreasing, and whether future expansion should be financed internally or through debt. Of the following management requests, which is within the normal scope of work of the internal audit activity (IAA) as stated in the Standards? In some cultures and organizations, managers insist that an internal audit activity (IAA) is not needed to provide a critical assessment of the organization's operations. Operating budget variance. Performance appraisals. Effectiveness. Policies and procedures. Relieve overburdened management of the responsibility for establishing effective controls. Evaluate and improve the effectiveness of control processes. Safeguard resources entrusted to the organization. A major reason for establishing an internal audit activity (IAA) is to Ensure the reliability and integrity of financial and operational information. The authority of the internal audit activity is limited to that granted by The audit committee and the chief financial officer. The board and the controller. Management and the board. Senior management and the Standards. A manufacturer has been expanding rapidly and is considering adding a new production line. Talk with banks to identify financing alternatives and negotiate contract alternatives that will be presented to management for evaluation. Undertake a make-or-buy decision analysis to determine whether the organization should subcontract for part of its manufacturing versus adding capacity. Report the recommendation to management for approval. Perform an independent evaluation of management's planning process as a basis for making recommendations.
5. 5. Q1 D Q2 C Q3 C Q4 B Q5 B Q6 C Q7 B Q8 B Q9 D Q10 C Q11 A Q12 B Q13 D Q14 C Q15 D Q16 C Q17 C Q18 C Q19 C Q20 A Public Exposure Requirements of IPPF Guidance Public Exposure Requirements of IPPF Guidance A new standard A new definition in the IPPF Glossary A new Implementation Guide A new Supplemental Guide Requires Public Exposure Requires Public Exposure Do Not Require Public Exposure Do Not Require Public Exposure A new standard requires public exposure of 90 days. The Glossary is a part of the Standards. Thus, new definitions or changes to the definitions require 90-day public exposure. The Implementation Guides do not require public exposure prior to issuance; they only require internal IIA committee approval. Supplemental Guides do not require public exposure; they only require internal IIA committee approval. Explanation Guiding the ethical conduct of internal auditors. A. Purpose, Authority, and Responsibility Designing and implementing appropriate controls. The Mission of Internal Audit Answers Establish the basis for evaluating internal auditing performance. II and III only. Serve as an appraisal function to examine and evaluate activities as a service to the organization. Evaluate and improve the effectiveness of control processes. Enhance and protect organizational value. Perform an independent evaluation of management's planning process as a basis for making recommendations. Management and the board. Effectiveness. Assurance that there is reasonable control over day-to-day operations. Educating top managers about the benefits and communicating with them on a regular basis. Is appropriately positioned and adequately resourced. The Standards state that internal auditors should be involved with reviewing quarterly financial statements. Criteria which dictate the minimum level of ethical actions to be taken by internal auditors. The external auditor benefits because the internal audit activity is able to provide an opinion about the accuracy and completeness of the annual financial statements. II and IV only. Internal auditing has evolved to evaluating all risk management, control, and governance systems. II, III, and IV only. Protecting organizational value. A new core principle A new definition of Internal Auditing Requires Public Exposure Requires Public Exposure
6. 6. Overview Overview Mandatory Guidance: The Code of Ethics Mandatory Guidance: Definition of Internal Auditing The Definition of Internal Auditing states the fundamental purpose, nature, and scope of internal auditing. [1] Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. [2] It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Definition [1] The primary role of the internal audit activity is to assist the management of a company in its responsibility of maintaining effective controls by evaluating the effectiveness of those controls. [2] In this role, it serves as an appraisal function that adds value to operations. Primary Role [10] Promotes organizational improvement. 10 Core Principles that provide guidance for the IAA [1] Demonstrates integrity [2] Demonstrates competence and due professional care [3] Is objective and free from undue influence (independent) [4] Aligns with the strategies, objectives, and risks of the organization. [5] Is appropriately positioned and adequately resourced. [6] Demonstrates quality and continuous improvement. [7] Communicates effectively. [8] Provides risk-based assurance. [9] Is insightful, proactive, and future-focused. 4 sources of Mandatory Guidance [1] Core Principles for the Professional Practice of Internal Auditing [2] Definition of Internal Auditing [3] Code of Ethics [4] International Standards for the Professional Practice of Internal Auditing (Standards) Mandatory Guidance: Core Principles for the Professional Practice of Internal Auditing [1] The Core Principles, taken as a whole, articulate internal audit effectiveness. [2] For an internal audit activity to be considered effective, all Principles should be present and operating effectively. [3] How an internal auditor, as well as an internal audit activity, demonstrates achievement of the Core Principles may be quite different from organization to organization, but failure to achieve any of the Principles would imply that an internal audit activity was not as effective as it could be in achieving internal audit’s mission. Core Principles [1] The Mission of Internal Audit articulates what internal audit aspires to accomplish within an organization. [2] Its place in the New IPPF is deliberate, demonstrating how practitioners should leverage the entire framework to facilitate their ability to achieve the Mission. [3] To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. The Mission of Internal Audit Mandatory Guidance “Mandatory guidance” refers to standards and principles from The IIA that must be followed. “Mandatory” means that it is a requirement, not a suggestion. Overview The mission describes the goals of the internal audit activity within the organization and encompasses all of the remaining elements of the IPPF.
7. 7. Overview [1] The Code of Ethics states the principles and expectations governing behavior of individuals and organizations in the conduct of internal auditing. [2] It describes the minimum requirements for conduct and behavioral expectations rather than specific activities. Mandatory Guidance: The Standards The Standards are principle-focused and provide a framework for performing and promoting internal auditing. The Standards are mandatory requirements consisting of: [1] Statements of basic requirements for the professional practice of internal auditing and for evaluating the effectiveness of its performance. The requirements are internationally applicable for organizations and individuals. [2] Interpretations, which clarify terms or concepts within the statements. [3] Glossary Terms. It is necessary to consider both Statements and Interpretations to understand and apply the Standards correctly. The Standards employs terms that have been given specific meanings included in the Glossary. Overview Mandatory Guidance: Introduction to the Standards The Standards provide a guide for the practice of internal auditing. Specific Standards may apply to individual internal auditors, the IAA as a whole, or the Chief Audit Executive (CAE). Most of the Standards are tested on the CIA exam, but initially it is important just to understand the structure of the Standards. Introduction Mandatory Guidance: Outlining of the Standards and its objectives. Internal auditing is conducted in diverse legal and cultural environments; for organizations that vary in purpose, size, complexity, and structure; and by persons within or outside the organization. While differences may affect the practice of internal auditing in each environment, conformance with The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards) is essential in meeting the responsibilities of internal auditors and the internal audit activity. Outlining Standards [1] Guide adherence with the mandatory elements of the International Professional Practices Framework. [2] Provide a framework for performing and promoting a broad range of value-added internal auditing services. [3] Establish the basis for the evaluation of internal audit performance. [4] Foster improved organizational processes and operations. The purpose of the Standards is to: The Standards employ terms as defined specifically in the Glossary. To understand and apply the Standards correctly, it is necessary to consider the specific meanings from the Glossary. Furthermore, the Standards use the word “must” to specify an unconditional requirement and the word “should” where conformance is expected unless, when applying professional judgment, circumstances justify deviation. Employing the Standards The Standards comprise two main categories: Attribute and Performance Standards. [1] Attribute Standards address the attributes of organizations and individuals performing internal auditing. [2] Performance Standards describe the nature of internal auditing and provide quality criteria against which the performance of these services can be measured. Attribute and Performance Standards apply to all internal audit services. 2 Main Categories of the Standards
8. 8. Implementation Standards Conformance to Standards Attribute Standards 3) Proficiency and Due Professional Care (1200). 4) Quality Assurance and Improvement Program (1300). The primary components of the Attribute Standards are: Mandatory Guidance: Types of Standards 1) Attribute Standards 2) Performance Standards 3) Implementation Standards Types of Standards Mandatory Guidance: Attribute Standards Attribute Standards (1000–1300) are concerned with the characteristics of the organization and the parties performing the auditing activities. 1) Purpose, Authority, and Responsibility (1000). 2) Independence and Objectivity (1100). Implementation Standards expand upon the Attribute and Performance Standards by providing the requirements applicable to assurance (.A) or consulting (.C) services. Assurance services involve the internal auditor’s objective assessment of evidence to provide opinions or conclusions regarding an entity, operation, function, process, system, or other subject matters. The nature and scope of an assurance engagement are determined by the internal auditor. Generally, three parties are participants in assurance services: In such a case, if the internal audit activity indicates conformance with the Standards and inconsistencies exist between the Standards and other requirements, internal auditors and the internal audit activity must conform with the Standards and may conform with the other requirements if such requirements are more restrictive. Go with the More Restrictive Requirements When performing consulting services the internal auditor should maintain objectivity and not assume management responsibility. Consulting Services Mandatory Guidance: Additional Notes on the Standards The Standards apply to individual internal auditors and the internal audit activity. All internal auditors are accountable for conforming with the standards related to individual objectivity, proficiency, and due professional care and the standards relevant to the performance of their job responsibilities. Chief audit executives are additionally accountable for the internal audit activity’s overall conformance with the Standards. Accountability & Responsibility If internal auditors or the internal audit activity is prohibited by law or regulation from conformance with certain parts of the Standards, conformance with all other parts of the Standards and appropriate disclosures are needed. If the Standards are used in conjunction with requirements issued by other authoritative bodies, internal audit communications may also cite the use of other requirements, as appropriate. [1] the person or group directly involved with the entity, operation, function, process, system, or other subject matter—the process owner [2] the person or group making the assessment—the internal auditor, and [3] the person or group using the assessment— the user. Assurance Services Consulting services are advisory in nature and are generally performed at the specific request of an engagement client. The nature and scope of the consulting engagement are subject to agreement with the engagement client. Consulting services generally involve two parties: [1] the person or group offering the advice—the internal auditor, and [2] the person or group seeking and receiving the advice—the engagement client.
9. 9. Purpose, Authority, and Responsibility (1000) Independence and Objectivity (1100) Proficiency and Due Professional Care (1200) Performance Standards Managing the Internal Audit Activity (2000) Nature of Work (2100) Engagement Planning (2200) Performing the Engagement (2300) Communicating Results (2400) Monitoring Progress (2500) When the CAE believes that senior management has accepted a level of residual risk that may be unacceptable to the organization, the CAE must discuss the matter with senior management. If the decision regarding residual risk is not resolved, the CAE and senior management must report the matter to the board for resolution. Resolution of Management’s Acceptance of Risks (2600) Mandatory Guidance: Implementation Standards 6) Monitoring Progress (2500). 7) Resolution of Management’s Acceptance of Risks (2600). The primary components of the Performance Standards are: The CAE must effectively manage the internal audit activity to ensure that it adds value to the organization. The internal audit activity must evaluate and contribute to the improvement of risk management, control, and governance processes using a systematic and disciplined approach. Internal auditors must develop and record a plan for each engagement, including the scope, objectives, timing, and resource allocations. Internal auditors must identify, analyze, evaluate, and record sufficient information to achieve the engagement’s objectives. Internal auditors must communicate the engagement results. The CAE must establish and maintain a system to monitor the disposition of results communicated to management. Furthermore, the program must provide assurance that the internal audit activity conforms to the Mandatory Guidance. Quality Assurance and Improvement Program (1300) Mandatory Guidance: Performance Standards Performance Standards (2000–2600) describe the internal audit activities and criteria against which the performance of these services can be evaluated. 1) Managing the Internal Audit Activity (2000). 2) Nature of Work (2100). 3) Engagement Planning (2200). 4) Performing the Engagement (2300). 5) Communicating Results (2400). The purpose, authority, and responsibility of the IAA must be formally defined in the internal audit charter, consistent with the Mission of Internal Audit and the mandatory elements of the IPPF (the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the Standards, and the Definition of Internal Auditing), and approved by the board. The IAA must be independent and the internal auditors must be objective in performing their work. The engagement must be performed with proficiency and due professional care. The Chief Audit Executive (CAE, the head of the IAA) must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity and continuously monitors its effectiveness. This program includes periodic internal and external quality assessments and ongoing internal monitoring. Each part of the program must be designed to help the internal auditing activity add value and improve the organization’s operations.
10. 10. Implementation Standards Purpose, Authority, and Responsibility of the IAA 1000.C1 The nature of consulting services must be defined in the internal audit charter. The chief audit executive must periodically review the internal audit charter and present it to senior management and the board for approval. Standard 1000 – Purpose, Authority, and Responsibility The internal audit charter is a formal document that defines the internal audit activity’s purpose, authority, and responsibility. The internal audit charter establishes the internal audit activity’s position within the organization, including the nature of the chief audit executive’s functional reporting relationship with the board; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities. Final approval of the internal audit charter resides with the board. Interpretation The nature of assurance services provided to the organization must be defined in the internal audit charter. If assurances are to be provided to parties outside the organization, the nature of these assurances must also be defined in the internal audit charter. 1000.A1 Implementation Guides assist internal auditors in applying the Standards. Supplemental Guidance provides detailed guidance for conducting internal audit activities. Implementation Guidance They collectively address internal auditing’s approach, methodologies, and consideration, but do not detail processes or procedures. These include topical areas, sector-specific issues, as well as processes and procedures, tools and techniques, programs, step-by-step approaches, and examples of deliverables. Supplemental Guidance A. Purpose, Authority, and Responsibility of the IAA The purpose, authority, and responsibility of the internal audit activity is the foundation on which the IAA is built as it performs its work. The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent with the Mission of Internal Audit and the mandatory elements of the International Professional Practices Framework (the Core Principles for the Professional Practice of Internal Auditing, the Code of Ethics, the Standards, and the Definition of Internal Auditing). Implementation Standards apply to the two specific types of engagements: assurance (.A) or consulting (.C). For example, Standard 1000 (Purpose, Authority, and Responsibility) consists of implementation standards 1000.A1 or 1000.C1, which are for assurance (A) and consulting (C), respectively. Recommended Guidance 1) Implementation Guidance 2) Supplemental Guidance Types of Recommended Guidance

Which document defines the purpose authority and responsibility of internal audit function?

What is the responsibility and authority of an internal auditor?

What are the responsibilities of the internal audit function in a company?

Who is responsible for the achievement of the purpose and responsibility included in the internal audit charter?