New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
business
internal auditing assurance
Internal Auditing Assurance & Advisory Services 4th Edition Urton L. Anderson, Michael J. Head, Sridhar Ramamoorti, Cris Riddle, Mark Salamasick, Paul J. Sobel - Solutions
In governance, what are the key responsibilities of:a. The board of directors?b. Senior management?c. Risk owners?
What role does the internal audit function play in governance?
Which of the following would be considered a first line of defense in the Three Lines of Defense model?a. An accounts payable supervisor conducting a weekly review to ensure all payments were issued by the required payment date.b. A divisional compliance and ethics officer conducting a review of
Discuss how regulations help to improve governance. Explain how some regulations may have unintended consequences regarding governance.
In addition to the internal audit function, what other internal functions may provide independent assurance to the board or senior management?
Which of the following would be considered a second line of defense in the Three Lines of Defense model?a. An accounts payable supervisor conducting a weekly review to ensure all payments were issued by the required payment date.b. A divisional compliance and ethics officer conducting a review of
The King Code of Corporate Governance for South Africa is widely considered one of the most progressive governance codes in the world. Search the internet for the latest version (King IV), which focuses on Assurance. Under Principle 15 there is information about internal audit. Choose a recommended
Companies in industries that are heavily regulated may be subject to audits by the regulator’s auditors. While not specifically covered in the Three Lines of Defense model, such auditors would most likely be considered:a. Part of the first line of defense.b. Part of the second line of defense.c.
What are the three lines of defense in the Three Lines of Defense model?
What is a combined assurance model? Why do some organizations use such models?
Which of the following is not a role of the internal audit function in best practice governance activities?a. Support the board in enterprise wide risk assessment.b. Ensure the timely implementation of audit recommendations.c. Monitor compliance with the corporate code of conduct.d. Discuss areas
What are some key U. S. regulations that have been written in response to adverse business events?
Which of the following statements regarding corporate governance is not correct?a. Corporate control mechanisms include internal and external mechanisms.b. The compensation scheme for management is part of the corporate control mechanisms.c. The dilution of shareholders’ wealth resulting from
Which of the following represents the best governance structure? Operating Management a. Responsibility for risk b. Oversight role c. Responsibility for risk d. Oversight role Executive Management Oversight role Advisory role Responsibility for risk Advisory role Oversight role Advisory
What types of business events tend to drive new legislation and guidance?a. Economic downturns.b. Fraud or other corporate wrongdoing.c. Elections or other political changes.d. Economic growth.
Describe the difference between risk-taking philosophy, risk appetite, and acceptable variation in performance. Give examples of each.
COSO provides a variety of guidance relevant to the internal audit profession. The purpose of this case is to become more familiar with COSO and its guidance. Visit www.coso.org and answer the following questions.A. Based on the statement on COSO’s home page, what is the organization dedicated
How does COSO define risk? How does ISO define risk?
According to COSO ERM, which of the following is not an inherent challenge that arises as part of establishing strategy and business objectives?a. Ensuring culture is clearly articulated by the board.b. Possibility of strategy not aligning.c. Implications from the strategy chosen.d. Risk to
Which of the following external events will most likely impact a defense contractor that relies on large government contracts for its success?a. Economic event.b. Natural environment event.c. Political event.d. Social event.
How does effective ERM help achieve strategy?
What are the five fundamental points embedded in the COSO and ISO definitions of risk?
In the United States, COSO published its Enterprise Risk Management – Aligning Risk with Strategy and Performance (COSO ERM, or ERM framework) in 2017. In 2004, COSO identified a need for a robust framework to help companies effectively identify, assess, and manage risk. The resulting risk
Which of the following is not an example of a risk-sharing strategy?a. Outsourcing a noncore, high-risk area.b. Selling a nonstrategic business unit.c. Hedging against interest rate fluctuations.d. Buying an insurance policy to protect against adverse weather.
Define inherent risk and residual risk. Which of the two types of risk should have a greater impact on the annual internal audit plan?
According to COSO, what are the fundamental concepts emphasized in its definition of enterprise risk management (ERM)?
An organization tracks a website hosting anonymous blogs about its industry. Recently, anonymous posts have focused on potential legislation that could have a dramatic effect on this industry. Which of the following may create the greatest risk if this organization makes business decisions based on
The ISO 31000 risk management framework includes five components, the first of which is “mandate and commitment.” Explain what mandate and commitment means. Discuss why mandate and commitment is critical to risk management success.
How does COSO define mission, vision, and core values?
Which of the following risk management activities is out of sequence in terms of timing?a. Identify, assess, and prioritize risks.b. Develop risk responses/treatments.c. Determine key organizational objectives.d. Monitor the effectiveness of risk responses/treatments.
For an organization that has not implemented ERM, describe steps the internal audit function can take to initiate an ERM program without impairing the function’s independence and/or objectivity.
How does COSO define strategy and business objectives?
Who is responsible for implementing ERM?a. The chief financial officer.b. The chief audit executive.c. The chief compliance officer.d. Management throughout the organization.
Risk assessment most commonly focuses on two criteria—impact and likelihood. As an organization’s risk assessment process evolves, what other criteria might be valuable to consider and why?
Which of the following is not a potential value driver for implementing ERM?a. Financial results will improve in the short run.b. There will be fewer surprises from year to year.c. There will be better information available to make risk decisions.d. An organization’s risk appetite can be aligned
One of your classmates, I. M. Motivated, consistently carries a very heavy class load. In addition to his already heavy class load, he is contemplating applying for an internal audit internship at a local company. Discuss the opportunities and risks that are relevant to his decision.
How does COSO define risk appetite?
Which of the following is the best reason for the CAE to consider the organization’s strategic plan in developing the annual internal audit plan?a. To emphasize the importance of the internal audit function to the organization.b. To ensure that the internal audit plan will be approved by
It may be easier for some to understand ERM by thinking about five “everyday questions” that can be used to apply risk management thinking:a. What are we trying to accomplish (what are our objectives)?b. What could stop us from accomplishing them (what are the risks, how bad could they be, and
What is inherent risk? What is residual risk?
When senior management accepts a level of residual risk that the CAE believes is unacceptable to the organization, the CAE should:a. Report the unacceptable risk level immediately to the chair of the audit committee and the independent outside audit firm partner.b. Resign his or her position in the
What are COSO’s five categories of risk response?
The CAE is asked to lead the enterprise risk assessment as part of an organization’s implementation of ERM. Which of the following would not be relevant with respect to protecting the internal audit function’s independence and the objectivity of its internal auditors?a. A cross-section of
In what forms might risk information be communicated?
An internal audit engagement was included in the approved internal audit plan. This is considered a moderately high-risk audit based on the internal audit function’s risk model. It is currently on a two-year audit cycle. Which of the following will likely have the greatest impact on the scope and
What are typical ERM responsibilities of:a. The board of directors?b. Management?c. The chief risk officer?d. Financial executives?e. The internal audit function?f. The independent outside auditors?
When assessing the risk associated with an activity, an internal auditor should:a. Determine how the risk should best be managed.b. Provide assurance on the management of the risk.c. Update the risk management process based on risk exposures.d. Design controls to mitigate the identified risks.
What are the 11 risk management principles identified in ISO 31000?
One of the challenges of ERM in an organization that has a centralized structure is that:a. It may be difficult to raise awareness of the impact of work actions on other employees or work areas.b. Employees in these structures are inherently less risk averse.c. Managers have less incentive to
What are the five components of the ISO 31000 risk management framework?
The function of the chief risk officer is most effective when he or she:a. Manages risk as a member of senior management.b. Shares the management of risk with line management.c. Shares the management of risk with the CAE.d. Monitors risk as part of the ERM team.
What five activities are included in the ISO 31000 risk management process?
In exhibit 4-3, why are some of the balls representing risks clustered together while some are not? Governance Controls & Management-Oversight Controls Process-Level Controls Transaction-Level Controls Residual Risk Should Be
Enterprise risk management:a. Guarantees achievement of business objectives.b. Requires establishment of risk and control activities by internal auditors.c. Involves the identification of events with negative impacts on business objectives.d. Includes selection of best risk response for the
What are some ERM assurance activities the internal audit function may perform? What are some ERM consulting activities the internal audit function may perform if appropriate safeguards are implemented? What ERM activities should the internal audit function not perform?
What is a business process? What are operating processes?
In assessing organizational risk in a manufacturing organization, which of the following would have the greatest long-range impact on the organization?a. Advertising budget.b. Production scheduling.c. Inventory policy.d. Product quality.
How would an oil exploration and production company differ from a global retail company like Wal-Mart in terms of how it organizes business processes?
What is a project and how is it different from a business process?
Internal auditors often prepare process maps and reference portions of these maps to narrative descriptions of certain activities. This is an appropriate procedure to:a. Determine the ability of the activities to produce reliable information.b. Obtain the understanding necessary to test the
What is a business process?a. How management plans to achieve the organization’s objectives.b. The set of connected activities linked with each other for the purpose of achieving an objective or goal.c. A group of interacting, interrelated, or interdependent elements forming a complex whole.d. A
What are five of the most important business processes and business risks for a large automobile manufacturer like Toyota?
Select a company that has undergone an initial public offering within the last five years and obtain the prospectus (these are usually available on the company’s website, EDGAR for companies listed on the U. S. stock exchanges, or other information services).A. What is the business strategy and
What are the management and support processes that are common to most organizations?
If internal audit resources are limited to conducting only one audit at a divisional location, should a high-risk process that was audited last year at this location be audited in lieu of a moderately risky process that was last audited four years ago? Explain.
CPI’s internal audit function uses the Assessment area in TeamMate+ to develop its annual risk-based internal audit plan. The planning process begins with the internal audit function’s understanding of the organization, which is documented in Assessment using the Dimension viewer. The Primary
What is included in an organization’s business model?
If a risk appears in the bottom right of quadrant II in the above risk control map, it means that:a. There is an appropriate balance between risk and control.b. The controls may be excessive relative to the risk.c. The controls may be inadequate relative to the risk.d. There is not enough
The objectives of Sargon Products’ purchasing process are to obtain the right goods, at the right price, at the right time. What are the significant risks to achievement of these objectives?
Statement on Standards for Attestation Engagements (SSAE) 16, Reporting on Controls at a Service Organization, is an auditing standard for service organizations. SSAE 16 was issued in April 2010, and became effective in June 2011. SSAE 16 is largely an American standard, but it mirrors
What is the difference between a top-down and bottom-up approach to understanding business processes?
If a risk appears in the middle of quadrant IV in the above risk control map, it means that:a. There is an appropriate balance between risk and control.b. The controls may be excessive relative to the risk.c. The controls may be inadequate relative to the risk.d. There is not enough information to
Think about the sales and cash receipts process of a men’s or women’s clothing store where you shop.a. What are the key objectives of this process?b. What are the key risks that threaten the achievement of those objectives? Key risks are those that have the highest significance (that is,
How does an organization determine the key objectives of a business process?
Which of the following circumstances would concern the internal auditor the most?a. A risk in the lower left corner of quadrant I.b. A risk in the lower right corner of quadrant II.c. A risk in the upper left corner of quadrant III.d. A risk in the upper right corner of quadrant IV.
Payswell Company, a small manufacturer, has been in business for 10 years. Senior management is thinking about outsourcing the company’s payroll process.a. What are three important objectives of a payroll process?b. What are the key risks that threaten the achievement of those objectives?c. What
What are two commonly used methods for documenting processes? Describe each.
Which of the following are business processes?I. Strategic planning.II. Review and write-off of delinquent loans.III. Safeguarding of assets.IV. Remittance of payroll taxes to the respective tax authorities.a. I and III.b. II and IV.c. I, II, and IV.d. I, II, III, and IV.
What are the two common factors used when assessing risks?
Which of the following symbols in a process map will most likely contain a question?a. Rectangle.b. Diamond.c. Arrow.d. Oval.
After a risk assessment is completed, the next steps involve linking the risks to what two things?
What must the CEO and CFO of a publicly traded company do to comply with the U. S. Sarbanes-Oxley Act of 2002?
In the United States, Sarbanes-Oxley legislation put responsibility for the design, maintenance, and effective operation of internal control squarely on the shoulders of senior management, specifically, the CEO and the CFO. To comply with this legislation, the SEC requires the CEO and CFO of
After business risks have been identified, they should be assessed in terms of their inherent:a. Impact and likelihood.b. Likelihood and probability.c. Significance and severity.d. Significance and control effectiveness.
What are the four responses an organization can take toward a risk?
In a risk by process matrix, a process that helps to manage a risk indirectly would be shown to have:a. A key link.b. A secondary link.c. An indirect link.d. No link at all.
What is the difference between a key link and a secondary link?
A major upgrade to an important information system would most likely represent a high:a. External risk factor.b. Internal risk factor.c. Other risk factor.d. Likelihood of future systems problems.
How can the risk factor approach be used to identify areas of high risk in an organization?
Which of the following is true regarding business process outsourcing?a. Outsourcing a core, high-risk business process reduces the overall operational risk.b. Outsourced processes should not be included in the internal audit universe.c. The independent outside auditor is required to review all
What are the two basic types of factors typically used when following the risk factor approach? What other factors are commonly considered?
A company has recently outsourced its payroll process to a third party service provider. An audit team was scheduled to audit payroll controls in the annual audit plan prepared prior to the outsourcing. What action should the audit team take, considering the outsourcing decision?a. Cancel the
What two axes are typically used in a risk control map? Explain what the two parallel dashed lines in exhibit 5-16 signify.Exhibit 5-16 Critical RISK SIGNIFICANCE Low Low 1 Critical CONTROL EFFECTIVENESS 2 RISK SIGNIFICANCE Moderate 9 Low 5 High
When conducting an assurance engagement, once the objectives are known, what are the three primary steps involved in determining the tests to perform to assess whether the risks threatening the objectives are effectively managed?
Which flowcharting symbol indicates the start or end of a process?a. Arrow.b. Diamondc. Oval.d. Rectangle.
How does a control manage a specific risk?a. It reduces the likelihood of the event giving rise to the risk.b. It reduces the impact of the event giving rise to the risk.c. It reduces either likelihood or impact or both.d. It prevents the occurrence of the event.
What practices should organizations follow to ensure effective risk management and control of outsourced business processes?
Which of the following best describes an internal auditor’s purpose in reviewing the organization’s existing governance, risk management, and control processes?a. To help determine the nature, timing, and extent of tests necessary to achieve engagement objectives.b. To ensure that weaknesses in
An audit report contains the following observations:a. A service department’s location is not well suited to allow adequate service to other units.b. Employees hired for sensitive positions are not subjected to background checks.c. Managers do not have access to reports that profile overall
Controls mitigate risks that threaten objectives and thus provide reasonable assurance that objectives will be achieved. Risks encompass both threats of bad things happening and threats of good things not happening. Some controls are visible and therefore can be photographed.A. Choose one or two
Showing 1000 - 1100
of 1134
1
2
3
4
5
6
7
8
9
10
11
12
Step by Step Answers
Get 50% OFF
Claim Now
