1) At lunch during an IIA fraud training conference, an internal auditor discusses with the seven people...
Question:
1) At lunch during an IIA fraud training conference, an internal auditor discusses with the seven people at his table their experiences with auditing fraud and what they can apply from the training. Would discussing this information be considered a violation of the Code of Ethics?
2) The in-charge auditor is conducting a meeting with a VP and her staff at the end of the audit. The VP does not believe one of the findings is factually correct. The VP is upset about it and requests this finding not appear in the final audit report. Would it be appropriate to comply with the VP's request?
3) The in-charge auditor is conducting a meeting with a VP and her staff at the end of the audit. For one of the audit comments, the VP asks if the audit can "write it differently since this is a very sensitive issue." Would it be appropriate to comply with the VP's request?
4) The internal audit performed a follow up review to verify that all corrective actions promised in the initial audit have been implemented. Internal audit found that one material audit issue has not been thoroughly addressed. Management's response is, "We probably could do more to remediate that issue, but it would be cost prohibitive and take resources away from our other projects which we deem to be more important. Also, we believe the corrective actions implemented thus far are good enough." Would it be appropriate for the internal audit to accept management's explanation? (I suggest referring to Attribute Standards 2500 and 2600 in addition to the Code of Ethics.)
5) Internal audit scheduled an audit of a high risk function for April. The management of the function to be audited indicated April is a bad time for the audit. There are known issues which are in the process of being remediated. Management requested that the audit be postponed until January of the following year to give them time to fix the problems. Would you agree to postpone the audit?
6) An internal auditor is assigned to work on an application security audit of NetSuite (an extensive ERP application). The auditor has done several application security audits but has no experience with NetSuite. The audit will be starting in two weeks. Should the auditor be allowed to participate in the audit?
Auditing a business risk appraoch
ISBN: 978-0324375589
6th Edition
Authors: larry e. rittenberg, bradley j. schwieger, karla m. johnston