Questions and Answers of Internal Auditing Assurance

Recommendations should be included in final audit communications to:a. Provide management with options for addressing audit observations.b. Ensure that problems are resolved in the manner suggested
The process of evaluating and escalating observations during an assurance engagement can be relatively complex. It involves several steps and requires a number of professional judgments.a. What
Review the engagement observation that follows and record the specific information that represents the recommendation and each of the following observation attributes: criteria, condition, cause, and
Reported internal audit observations emerge as a result of comparing “what should be” with “what is.” In determining “what should be” during an internal audit engagement, which of the
Must all observations identified by an internal audit team during an assurance engagement be acted upon by management? Explain. What are the implications for the internal audit function if management
Consider the following facts.During its assessment of the accounts payable department, the internal audit function identified the following observations:■ Inadequate segregation of duties over
According to the International Professional Practices Framework(IPPF), an engagement final communication should include, at minimum, which of the following?I. Background information.II. Purpose of
Consider the facts presented below. Using the Observation Evaluation and Escalation Process, assess the facts presented and determine the following:a. What observation(s) is (are) indicated?b. What
Audit report generation is a process that can be performed within the engagement project. This allows for all of the pertinent information that should be accumulated for reporting to occur. Once the
Which of the following would not be considered a primary objective of a closing or exit conference?a. To resolve conflicts.b. To identify concerns for future audit engagements.c. To discuss the
Some internal auditors take the view that the internal audit profession should require that internal audit functions adopt a simple, yet sensible, grading or ranking of their engagement reports to
As indicated in the chapter, if an observation, or a group of observations, is assessed to be material, communication must be formal and include senior management, the organization's independent
During a review of purchasing operations, an internal auditor found that procedures in use did not agree with stated company procedures. However, audit tests revealed that the procedures used
The audit committee chair has asked your boss, the CAE, to explore the possibility of giving an overall annual opinion each year on the organization’s state of internal controls. The CAE has done
A formal engagement communication must:a. Provide an opportunity for the auditee to respond.b. Document the corrective actions required of senior management.c. Provide a formal means by which the
Which of the following does the CAE need to consider when determining the extent of follow-up required?I. Significance of the reported observation.II. Past experience with the manager charged with
An excerpt from an internal audit observation indicates that travel advances exceeded prescribed maximum amounts. Company policy provides travel funds to authorized employees for travel. Advances are
Internal audit reports can be structured to motivate management to correct deficiencies. Which of the following report-writing techniques is most likely to be effective?a. State the procedural
The primary purpose of issuing an interim report during an internal audit is to:a. Provide auditee management the opportunity to act on certain observations immediately.b. Set the stage for the final
Who has primary responsibility for providing information to the audit committee on the professional and organizational benefits of coordinating internal audit assurance and consulting activities with
The primary reason for having written formal audit reports is to:a. Provide an opportunity for engagement client response.b. Document the corrective actions required of senior management.c. Provide a
A follow-up review found that a significant internal control weakness had not been corrected. The CAE discussed this matter with senior management and was informed of management’s willingness to
Which of the following statements best describes the internal audit function’s responsibility for follow-up activities related to a previous engagement?a. Internal auditors should determine if
If an auditor’s preliminary evaluation of internal controls results in an observation that controls may be inadequate, the next step would be to:a. Expand audit work before the preparation of a
Why is an internal audit function well qualified to add value by providing insight through its consulting activities?
Which of the following would be a typical consulting engagement activity performed by the internal audit function?a. Testing compliance with accounts payable policies and procedures.b. Determining
Explain how the internal audit function can maintain its independence while working with management to deploy improved risk management practices and improve the system of internal controls throughout
What are the differences between an assurance engagement and a consulting engagement?
Which of the following is not a required consideration regarding proficiency and due professional care when choosing to perform a consulting engagement?a. Availability of adequate skills and
An internal audit function has agreed to conduct an advisory consulting engagement related to evaluating the efficiency of a process. During this engagement, an internal auditor identifies a control
A large, international bank is considering outsourcing all facets of the human resources (HR) function, including recruiting, benefits, payroll, employee training and development, compensation, and
What are three types of consulting engagements the internal audit function can perform? Give an example of each.
Senior management of an organization has requested that the internal audit function help educate employees about internal control concepts. This work is an example of:a. An assurance engagement.b. A
Describe a situation in which the internal auditor could be accused of having impaired objectivity while providing consulting services.
Emphasis in recent years has been placed on control testing to ensure controls are working effectively and efficiently, but emerging thought leadership indicates that the internal audit value
What is a blended engagement and when is it appropriate?
It would be appropriate for the internal audit function to perform which of the following:a. Design controls for a process.b. Develop a new whistleblower policy.c. Review a new IT application before
Typically, an internal audit charter will determine the nature of services provided by an internal audit function. What are the benefits and drawbacks of developing a charter that does not expressly
What are the three ways potential consulting engagements are identified?
Which of the following is not likely to be a step during a consulting engagement?a. Understanding the objectives of a process.b. Assessing the risks in a process.c. Flowcharting the key steps in a
Why is it important for an internal audit function to assess the relevant risks before agreeing to conduct a consulting engagement? Consider risks to both the organization and the internal audit
How are consulting services addressed in the annual internal audit plan?
The chief operating officer (COO) has requested that the internal audit function advise her regarding a new incentive plan being developed for sales representatives. Which of the following tasks
Can consulting engagements be structured to also provide assurance? Why or why not?
How does the internal audit function choose which consulting engagements to perform?
When conducting a consulting engagement to improve the efficiency of a production process, the internal audit team is faced with a scope limitation because several months of the production data has
For an organization going through an acquisition, would involvement by the internal audit function be considered an assurance or consulting activity? Explain your answer.
What are the three phases of an advisory consulting engagement?
The audit committee has requested that the internal audit function assist with the annual risk assessment process. What type of consulting engagement does this assistance represent?a. An assurance
Describe the key steps an internal audit function should follow if asked to facilitate an enterprise risk assessment.
What steps are involved in:a. Planning an advisory consulting engagement?b. Performing an advisory consulting engagement?c. Communicating advisory consulting engagement outcomes?
A financial services organization is planning on staffing a complex consulting engagement that involves the consolidation of two large banking organizations, including changing many of the processes.
Describe factors that might inhibit the internal audit function from becoming a trusted advisor. Include a discussion of what steps the internal audit function can take to reduce those inhibitors.
Why is it important to create and maintain robust working papers for a consulting engagement?
Internal auditors are working to become trusted advisors to management on risk management techniques. Which of the following would be the best way for internal audit to demonstrate they are truly a
Discuss what skills and training are most important for the internal audit function to be successful at consulting engagements.
How can the CAE educate management regarding the value of consulting services to the organization?
Which of the following areas of culture presents the greatest challenge for internal audit functions who want to become trusted advisors?a. Receiving approval to include consulting services in the
What capabilities must an internal audit function possess to provide value-adding consulting services?
Which of the following best describes internal audit workpapers for consulting engagements?a. Workpapers are not required for consulting engagements.b. Workpaper requirements for consulting
What specific skills are required of an internal auditor performing consulting engagements?
Which auditor will be the most successful in being perceived as a “Trusted Advisor”?a. One who audits using a checklist.b. One who best uses audit sampling techniques.c. One who ensures 100
What are some areas in which outside specialists may be needed to effectively perform consulting engagements? What are some examples of outside specialists who may be asked to assist in consulting
In which of the following scenarios do consulting services provided by the internal audit function prove to be most beneficial?a. An organization that is completely stable and has very little
What are some of the barriers to the internal audit function becoming a trusted advisor? What steps should the internal audit function take to best overcome those barriers?
What is the difference between a blended engagement and a consulting engagement?a. Blended engagements include components of both assurance and consulting services.b. Blended engagements take
Why is it important for internal auditors to become “Trusted Advisors” on risk management techniques?
a. As stated in the chapter, all internal auditors need at least a baseline level of IT audit-related expertise.1. Identify six specific IT-related competencies (that is, knowledge and skills) that
How is “haphazard sampling” defined?
A Business Framework for the Governance and Management of Enterprise IT from the ISACA website (www.isaca.org).a. What does the Executive Summary say about information and IT?b. What is the purpose
A payroll clerk increased the hourly pay rate of a friend and shared the resulting overpayment with the friend. Which of the following controls would have best served to prevent this fraud?a.
The tasks performed during an internal audit assurance engagement should address the following questions:I. What are the reasons for the results?II. How can performance be improved?III. What results
How are internal audit assurance engagements related to senior management’s assertions regarding the organization’s system of internal controls?
When and in what ways do assurance engagement communications occur?
How are assurance engagement observations identified?
What are the steps an internal auditor takes to assess the observations identified during an assurance engagement?
What distinguishes a significant observation from an insignificant observation? What distinguishes a material observation from a significant deficiency?
What information should be included in an assurance engagement audit observation description?
Why is interim and preliminary communication important in an assurance engagement?
What is the purpose of a closing conference?
What information should be included in a well-designed final assurance engagement communication?
What is the difference between providing positive assurance versus negative assurance in an audit report?
What is the difference between final formal communications and final informal communications and when is each appropriate?
What quality characteristics should assurance engagement communications possess? What steps should internal auditors take to ensure that the communications are of high quality?
What actions regarding assurance engagement observations must the internal audit function take after the final engagement communication is disseminated?
What are the six components of modern IT described in this chapter?
The software that manages the interconnectivity of the system hardware devices is the:a. Application software.b. Utility software.c. Operating system software.d. Database management system software.
How has IT enabled opportunities? Provide two examples.
An internet firewall is designed to provide protection against:a. Computer viruses.b. Unauthorized access from outsiders.c. Lightning strikes and power surges.d. Arson.
Risk, Inherent Risk, and Fraud are defined in the textbook Glossary as follows:Risk—The possibility that an event will occur and adversely affect the achievement of objectives. Inherent Risk—The
Cybersecurity is an ever-increasing risk. In fact, leaders in the profession have identified cybersecurity as the number one technology risk, which is consistent with the findings in The IIA’s 2015
What are the potential effects (adverse consequences) of each of the following types of IT risk?a. Development/acquisition and deployment.b. Hardware/software.c. System reliability and information
Which of the following best illustrates the use of EDI?a. Purchasing merchandise from a company’s internet site.b. Computerized placement of a purchase order from a customer to its supplier.c.
Search for the white paper, “The Risk Intelligent IT Internal Auditor” on the Deloitte United States website (www.deloitte.com). Download and read the white paper.a. What characterizes a “Type
What are typical causes of each of the following types of IT risk?a. Selection.b. Availability.c. Access.d. Confidentiality and privacy.
The possibility of someone maliciously shutting down an information system is most directly an element of:a. Availability risk.b. Access risk.c. Confidentiality risk.d. Deployment risk.
Change management controls are a type of IT organization and management controls, which are a subset of IT management-level (general) controls.a. What are change management controls?b. Assume that an
How does The IIA define IT governance?
An organization’s IT governance committee has several important responsibilities. Which of the following is not normally such a responsibility?a. Aligning investments in IT with business
How is each of the following COSO enterprise risk management (ERM) components relevant to IT risk management?a. Objective setting.b. Risk assessment.c. Risk response.d. Information and communication.

Showing 1 - 100 of 602