Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Course Modules
Exam Preparation
Resources
Learning objectives
2.1 Overview of internal auditing standards Describe the attribute standards and the performance standards governing internal auditing and the key provisions of the Sarbanes-Oxley Act . (Level1) 2.2 Purpose, authority, and responsibility Determine the purposes and content of an internal audit charter. (Level1) 2.3 Independence and objectivity Explain the importance of independence and objectivity in internal auditing and how they are achieved. (Level1) 2.4 Proficiency and due professional care Identifythe main standards for proficiency and due professional care in internal auditing. (Level1) 2.5 Using outside service providers for internal audit work Outline the main requirements of using outsourced or co-sourced resources in internal auditing. (Level2) 2.6 Managing the internal audit department State the standards for the proper management of the internal audit department, including quality assurance. (Level1) Module summary Print this module
Course Schedule
Course Modules
Exam Preparation
Resources
2. Who is responsible for coordinating the efforts of internal and external auditors? a. b. c. d. The The The The corporate controller chief audit executive partner responsible for the external audit chair of the audit committee of the board of directors
3. In applying the standard on proficiency, which of the following would be an incorrect application of the standard? a. b. c. d. Requiring that all applicants have a professional accounting designation Obtaining university or college transcripts from all applicants Verifying the applicants prior employment history Checking the applicants references
4. An internal auditor may accept fees, gifts, or other items of value (other than promotional items of nominal value) from which of the following without violating the IIA Code of Ethics or Standards? a. b. c. d. A A A A manager of a department to be audited supplier of the internal auditors employer business associate of the internal auditor's employer professional association to which the internal auditor belongs
5. Which of the following would be a violation of an internal auditors independence and/or objectivity? a. Continuing an assurance audit engagement in a division for which the auditor will soon be promoted to supervisor or manager b. Reducing the number of audits carried out during the year due to budgetary constraints c. Participating on a committee that recommends standards for the implementation of a new computerized inventory system d. Reviewing contracts prior to their execution 6. After what period of time may an internal auditor who previously had been supervisor of an operational unit participate in an assurance audit of that unit? a. As soon as the new supervisor has assumed his or her responsibilities b. When sufficient time (perhaps a year) has passed so that the new supervisor has had the opportunity to make changes to the controls over the activities of the unit c. Never, because there is no way to measure a reasonable period of time in which to establish objectivity d. At any time after the completion of the annual external audit following the appointment of the new supervisor
7. What is the appropriate action to be taken by the chief audit executive when faced with an instruction from an operational vice-president to discontinue an audit following an internal auditors questioning of the accounting treatment of certain deferred charges? a. b. c. d. Solutions Bring the matter to the attention of the external auditors Continue with the audit and issue the audit report on the findings Seek advice from The Institute of Internal Auditors Bring the matter to the attention of the CEO and the chair of the audit committee
Course Schedule
Course Modules
Exam Preparation
Resources
3.
a. Correct. There is no reason why all internal auditors need to be accountants; they can come from any one of a number of disciplines including, for example, engineering or general management. b. Incorrect. This should be done to establish that the applicant has a suitable academic background. c. Incorrect. This should be done to verify the background of the applicant. d. Incorrect. This should be done to verify the integrity and suitability of the applicant.
4.
a. Incorrect. Accepting a gift from the manager of a department to be audited could impair or be presumed to impair the auditors objectivity and violates Attribute Standard 1120 as interpreted in Practice Advisory 1120-1. b. Incorrect. Accepting such a gift might impair the auditors objectivity and violates Attribute Standard 1120. c. Incorrect. Accepting such a gift might impair the auditors objectivity and violates Attribute Standard 1120. d. Correct. It is difficult to see how accepting such a gift (for example, a token as thanks for presenting an address on internal auditing to a group of CGAs or members of the IIA) could impair or be presumed to impair an internal auditors objectivity. a. Correct. This would violate Attribute Standard 1120 by posing at least a perceived conflict of interest. b. Incorrect. Management has the right to set the budget for the year and the internal audit department will determine how many assignments can be carried out depending on the resources available. c. Incorrect. This is a consulting activity and does not contravene the Standards. d. Incorrect. This would not impair independence or objectivity. a. Incorrect. The internal auditor may do so only When sufficient time (perhaps a year) has passed so that the supervisor has had the opportunity to make changes to the controls over the activities of that unit. b. Correct. At this point, the auditor would not be considered to lack objectivity (Implementation Standard 1130.A1 Assurance Engagements). c. Incorrect. The Standards permit such audits after one year has passed. d. Incorrect. The timing of the external audit is irrelevant to the objectivity of the internal auditor. a. Incorrect. This would be a violation of confidentially, although the internal auditor should answer any questions from the external auditors truthfully. b. Incorrect. The audit should not continue; management may be aware of the
5.
6.
7.
problem and feel that further work in this area would not be justified on a cost basis. c. Incorrect. This would violate confidentiality; this is not a matter for reference to the IIA. d. Correct. The chief audit executive should bring the matter to the attention of both the CEO and the chair of the audit committee and take instructions from them as to further action, if any.
Course Schedule
Course Modules
Exam Preparation
Resources
Describe the attribute standards and the performance standards governing internal auditing and the key provisions of the SarbanesOxley Act .(Level1)
Required reading
Online reading 2.1-1: Internal Auditings Role in Sections 302 and 404 of the U.S. Sarbanes-Oxley Act of 2002 (Level 1) Reading 2-1, International Standards for the Professional Practice of Internal Auditing, 2012 (Level 1)
LEVEL 1
One of the identifying characteristics of a profession is the existence of a professional framework and set of established standards that govern expectations of performance for both the members of the profession and those who use its services. Standards are typically established by the professional association to which the members of the profession belong. Many professions (such as medicine and law) are able to enforce their standards because membership in the related professional association is a requirement to practice that profession. This same requirement does not exist in internal auditing, as there is no requirement for internal auditors to belong to any professional association. However, the long-established authoritative reference and the largest professional association for internal auditing is the Institute of Internal Auditors (IIA), based in Florida. The International Professional Practices Framework (IPPF) of the IIA consists of both mandatory and strongly recommended guidance. According to the IIA, conformance with the standards is required and essential for the professional practice of internal auditing and is intended to be applicable to both entities and individuals that perform internal auditing. Mandatory guidance consists of the definition of internal auditing, which you will find in the IIA Code of Ethics (Online reading 1.8-2) and the International Standards for the Professional Practice of Internal Auditing , which was revised and effective as of January 1, 2013 (Reading 2-1). Position papers, practice advisories, and practice guides document best practices, help internal auditors implement the standards, and are the strongly recommended guidance components of the IPPF. (Note : Some of this guidance material is included as required reading throughout the course.) The International Standards for the Professional Practice of Internal Auditing (Standards) are principle-focused and provide a framework and guidance for internal auditing. The Standards are principles that apply globally, and serve as a basis for evaluating internal audit and for encouraging improvement. The Standards include an introduction, interpretations, and a glossary of terms. The Standards are considered the most generally accepted internal auditing standards in Canada, the United States, Great Britain, France, and many other countries. They may not be applicable in all situations, however, and internal auditors must be aware of the need to use their judgment in applying the standards to specific situations.
The Attribute and Performance Standards apply to individual internal auditors and all internal audit activities. Chief audit executives are accountable for overall conformance with the Standards . The current version of the Standards includes interpretations, which clarify terms or concepts within the statements. Some of these interpretations were previously issued as Implementation Standards, but are now included with the Attribute and Performance Standards. It is necessary to consider both the standards and the interpretations to understand and apply the standards correctly. The glossary of terms is part of the Standards; it is included as a required reading in this module, and it should be referred to throughout the course. Here is a summary of the Attribute and Performance Standards :
Attribute Standards There are four Attribute Standards. There are also Practice Advisories provided for many of the standards. Practice Advisories contain additional material to assist the internal auditor in interpreting and applying the standards to specific situations. The Attribute Standards address the following areas: 1. purpose, authority, and responsibility 2. independence and objectivity Covered in Performance Standards There are seven Performance Standards. The Performance Standards address the following areas: Covered in
Standards 1. managing the internal audit activity Standards 1000 to 1010 2000 to 2070 Standards 1100 to 1130.C2 2. nature of work Standards 2100 to 2130.C1 Standards 2200 to 2240.C1 Standards 2300 to 2340 Standards 2400 to 2450 Standards 2500 to 2500.C1 Standard 2600
Standards 3. engagement planning 1200 to 1230 Standards 4. performing the engagement 1300 to 1322 5. communicating results 6. monitoring progress
Reading 2-1 sets out the Standards of the IIA. Although the Standards will not always be referred to specifically in the topics of the following modules, parts of Reading 2-1 will be required reading throughout the rest of this course. Strongly recommended guidance includes position papers, practice advisories, and practice guides, many of which are required reading in this course. Finally, Online reading 2.1-1 outlines the legislative requirements of internal controls in the United States under Sections 302 and 404 of the Sarbanes-Oxley Act of 2002 . (Except for Sections 302 and 404, the requirements of the Sarbanes-Oxley Act of 2002 are not examinable.) For MU1 examinations , you need to be proficient in the Attribute and Performance Standards. You do not need to memorize the standard numbers, but you should be able to understand and apply the Attribute Standards and Performance Standards by the end of this course.
Course Schedule
Course Modules
Exam Preparation
Resources
Reading 2-1, Attribute Standards 1000 to 1010 (Level 1) Reading 2-2, Practice Advisory 1000-1: Internal Audit Charter (Level 1)
LEVEL 1
Course Schedule
Course Modules
Exam Preparation
Resources
Explain the importance of independence and objectivity in internal auditing and how they are achieved. (Level 1)
Required reading
Reading 2-1, Attribute Standards 1100 to 1130.C2 (Level 1) Reading 2-3, Practice Advisory 1110-1: Organizational Independence (Level 1) Reading 2-4, Practice Advisory 1111-1: Board Interaction (Level 1) Reading 2-5, Practice Advisory 1120-1: Individual Objectivity (Level 1) Reading 2-6, Practice Advisory 1130-1: Impairment to Independence or Objectivity (Level 1) Reading 2-7, Practice Advisory 1130.A2-1: Internal Audits Responsibility for Other (Non-audit) Functions (Level 1) Online reading 2.3-1, IPPF Practice Guide: Independence and Objectivity (Level 1)
LEVEL 1
The issues of independence and objectivity are covered in this topics readings. Standard 1100 states that the internal audit activity must be independent, and internal auditors must be objective in performing their work. Both independence and objectivity are defined in the interpretation of this standard and in the glossary accompanying the Standards . Independence is extremely important because having independence from the activities audited permits auditors to render the impartial judgments essential to providing assurance. Auditors must be able to carry out their work freely and objectively. Auditors are independent when they are free from conditions that threaten objectivity or the appearance of objectivity. Independence and objectivity are achieved through the following means: The organizational status of the internal audit function (Readings 2-3 and 2-4) The degree of objectivity maintained by internal auditors (Readings 2-5 and 2-6) The authority and responsibility given to internal auditors (Reading 2-7).
Approving the remuneration of the chief audit executive Making appropriate inquiries of management and the chief audit executive to determine whether there are scope or budgetary limitations that impede the ability of the internal audit function to carry out its responsibilities Administrative reporting is the reporting relationship within the management structure that facilitates the dayto-day operations of the internal audit function and includes budgeting and management accounting, human resource administration, internal communications and information flows, and administration of the organizations internal policies and procedures. In some organizations, to reflect the importance of internal auditing, the chief audit executive function is a vice-president or senior vice-president.
Jodi Chang, CGA, provides a variety of consulting services to Big Co., a large organization. Big Co. recently relocated a number of its administrative activities from scattered office locations throughout Vancouver into its new office complex. Jodi was hired by one of the smaller administrative groups to provide strategic support during the move. Her work included cost-benefit analyses, budgeting for the move, and accounting for variances between actual and budgeted costs. During the course of her work, she formed some firm opinions about the efficiency and economy of the overall relocation projects planning and coordination carried out at the corporate level, and some specific criticisms of some of the activities of the group for which she was working. The internal audit department of Big Co. was asked to undertake a review of the effectiveness, efficiency, and economy of the relocation project. Jodi was approached by the audit manager responsible for the audit and asked if she would join the audit team as an outside consultant, partly because of her past audit experience, but mostly because of her specific experience, information, and comments on this relocation project and the small group that she had been advising.
Online reading 2.3-1 provides more in-depth guidance for internal auditors on the increasing importance of managing independence and objectivity in a changing business environment. As internal auditors have
expanded the scope of their activities, and have become more valuable to senior management and the audit committee, this practice guide provides helpful guidance for some of the challenges to auditor independence and objectivity.
Course Schedule
Course Modules
Exam Preparation
Resources
No, Jodi should not accept this assignment. Her objectivity has been affected by the strong opinions she formed during her previous work experience, and she has a personal conflict of interest (Standard 1120). If she took part in the audit, she could neither practically nor ethically ignore the information available to her from her previous assignment. Her strong opinions from the previous work experience would prevent her from performing her internal audit engagement in an unbiased and impartial way. She would not have the appearance of objectivity, and, if she used the information from her previous assignment in the audit, she would lose personal credibility with the department for which she had performed the work. In addition, since Jodi continues to provide a variety of consulting services to this company, she has a personal conflict of interest, which could impair her ability to perform the internal audit engagement objectively.
Course Schedule
Course Modules
Exam Preparation
Resources
Identify the main standards for proficiency and due professional care in internal auditing. (Level 1)
Required reading
Reading 2-1, Attribute Standards 1200 to 1230 (Level 1) Reading 2-8, Practice Advisory 1210-1: Proficiency (Level 1) Reading 2-9, Practice Advisory 1220-1: Due Professional Care (Level 1) Online reading 1.8-2 , The IIA Code of Ethics (Level 1)
LEVEL 1
If the internal audit department of a hydro-electric utility conducted an effectiveness audit of the utilitys management of the risk of breach or failure of any of its major hydro-electric dams, it is unlikely that anyone within the department would have the competence to evaluate the performance of the utilitys dam safety efforts. The department would need to obtain outside services from acknowledged experts in the subject matter of the audit (in this instance, in dam safety). Actual audits of this type use resources from organizations such as the U.S. Army Corps of Engineers, who are internationally renowned as experts in this subject. The audit department staff supplies the auditing methodology; the subject matter experts supply the specific knowledge needed to assess technical performance. The Standards also require that the personnel conducting the audit be appropriately supervised.
To comply with the standard on proficiency, individual internal auditors must meet the following requirements: Comply with the Code of Ethics and the Standards of the IIA. Have the knowledge and skills to perform internal audits in an efficient and effective manner, including sufficient oral and written communication skills. Understand human relations and maintain satisfactory relationships with auditees. Maintain their technical competence through continuing education. Exercise due professional care in performing their audits. The responsibility of the individual internal auditor with respect to knowledge is similar to that of the department: to have expertise in audit methodology and to recognize the limitations of his or her specific
Many natural resource companies in Canada have aboriginal relations departments, which provide advice and manage the companies interactions with the countrys various aboriginal groups. If an internal auditor were to undertake an audit of the effectiveness and efficiency of such a program without prior experience in that area, the auditor would almost certainly be violating the standards regarding knowledge, skills, and disciplines. The rapid growth of knowledge provides an obligation for professionals in all fields to maintain their technical competence through continuing education.
Course Schedule
Course Modules
Exam Preparation
Resources
Outline the main requirements of using outsourced or co-sourced resources in internal auditing. (Level 2)
Required reading
Reading 2-10, Practice Advisory 1210.A1-1: Obtaining External Service Providers to Support or Complement the Internal Audit Activity (Level 2) Reading 2-11, The Role of Internal Auditing in Resourcing the Internal Audit Activity (Level 2) Reading 2-12, The Outsourcing Relationship (Level 2)
LEVEL 2
Question: Should external auditors do internal audit work for the same company?
A specific concern arises when a company outsources its internal audit work to the same public accounting firm that carries out its external audit. For many years, the public accounting profession has maintained that the performance of consulting services to audit clients does not impair the independence of the auditor. In the United States, the American Institute of Certified Public Accountants drew up ethical guidelines that address the issue of the independence of auditors providing both internal and external audit services to the same client. Despite the guidelines, the reality of the conflict that could exist when the same public accounting firm provides both internal and external audit services arose as a major factor in the controversy surrounding the business failure of Enron (and ultimately the accounting firm of Arthur Andersen). Following these (and other) incidents of the late 1990s and early 2000s, the United States government passed the Sarbanes-Oxley Act of 2002 (SOX), which severely restricts the range of non-audit services that may be provided to public companies by their auditors, and limits outsourcing of internal audit services. In Canada, Bill 198, which became law in 2005, deals with virtually all of the same issues as Sarbanes-Oxley, including auditor independence. This has resulted in a reduction of full outsourcing of internal audit services and it has become more common for audit projects to be cosourced. Cosourcing occurs when a project team includes members of the organizations internal audit department and outside personnel; the latter usually act as subject matter experts with respect to the subject areas of the specific internal audit engagement.
The Institute of Internal Auditors has responded to the increased use of outsourced resources in two ways. In December 1997, it issued Statement 18 on the use of outside service providers. This statement recognizes the use of outside providers (including public accounting firms) and provides guidelines for their use. The main responsibilities of the chief audit executive are to assess the competence and objectivity of the outside service provider and to assess the scope and adequacy of the work performed.
Course Schedule
Course Modules
Exam Preparation
Resources
State the standards for the proper management of the internal audit department, including quality assurance. (Level 1)
Required reading
Reading 2-1, Attribute Standards 1300 to 1322 (Level 1) Reading 2-1, Performance Standards 2000 to 2070 (Level 1)
LEVEL 1
Quality assurance
The Attribute Standards require that the chief audit executive (CAE) develop and continually maintain quality assurance and improvement programs. These programs include the results of both internal and external assessments of the internal audit activities. If internal audit activities are carried out in full compliance with the Standards , the audit reports may contain the statement that the audit conforms with the International Standards for the Professional Practice of Internal Auditing. If full compliance is not achieved and the noncompliance affects the overall scope or operation of the internal audit activity, this fact must be disclosed to the CEO and the board. The Standards require the internal audit department to develop and implement a quality assurance program that includes both periodic internal and external quality assessments as well as ongoing internal monitoring. External assessments must be performed at least once every five years by a qualified, independent reviewer or review team from outside the organization. Failure to obtain such an external assessment within five years of the enactment of the requirement would be an example of noncompliance with the Standards , which would prevent the internal audit department from stating that their audits were conducted in accordance with the IIA Standards .
Management standards
The chief audit executive (CAE) is responsible for properly managing the internal audit activity so that it adds value to the organization. The CAE should ensure that the audit work meets the expectations of the internal audit department charter and those of the board and senior management. In addition, processes should be in place to employ the resources of the department effectively and efficiently and to ensure that work performed complies with the International Standards for the Professional Practice of Internal Auditing. There are seven supporting standards in the area of management of the internal audit department, as stated in Standards 2010-2070: The first three, Standards 2010-2030, deal with the need to plan the work of the department. Note the emphasis on risk-based assessment as a crucial process in effectively planning audit work schedules in Standard 2010. Standard 2040 requires that there be written policies and procedures to guide the audit staff. These are needed to ensure consistency of evaluation across the organization. Standard 2050 notes that the internal auditors cannot always determine the approach and methods used by the external auditors, but they can be aware of them and aim to carry out their audits so that the external auditors can rely on the work of the internal auditors, thus reducing
the amount of substantive work they would otherwise carry out themselves. It may be appropriate for the internal audit department to carry out some work to assist the external auditors in their annual audit. Standard 2060 requires the chief audit executive to report to senior management and the board on the internal audit's purpose, authority, responsibility, and performance relative to its plan. Such reporting must also discuss significant risk exposures and control issues, including fraud risks, governance issues, and other matters as requested. Standard 2070 requires an external service provider, who is providing internal audit services, to inform the client organization that the responsibility for maintaining effective internal auditing resides with the organization, not with the external service provider. The interpretation of this standard suggests that this responsibility can be demonstrated through a quality assurance and assessment program.
Course Schedule
Course Modules
Exam Preparation
Resources
Module 2 summary
Internal auditing standards
This module introduces the Attribute Standards and Performance Standards for the practice of internal auditing. You should be able to apply the Attribute Standards and the first of the Performance Standards after studying this module. The standards on independence, objectivity, proficiency, and due professional care are covered. The module concludes with a look at using external service providers for some or all of the internal audit function. You will recognize when and how to refer to other professionals and experts.
Describe the attribute standards and the performance standards governing internal auditing and the key provisions of the Sarbanes-Oxley Act .
According to Attribute Standard 1000, [t]he purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent with the Definition of Internal Auditing, the Code of Ethics, and the Standards and approved by senior management and the board. The internal audit activity must be independent and internal auditors must be objective in performing their work. (Standard 1100) Engagements must be performed with proficiency and due professional care. (Standard 1200) There must be a quality assurance program in place to monitor the effectiveness of the internal audit activity. Such a quality assurance program must include internal and external quality assessments and internal monitoring. The chief audit executive must effectively manage the internal audit activity to ensure it adds value to the organization. The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach. (Standard 2100) Internal auditors must develop and document a plan for each engagement, including the engagements objectives, scope, timing, and resource allocations. (Standard 2200) Internal auditors must identify, analyze, evaluate, and document sufficient information to achieve the engagements objectives. (Standard 2300) Internal auditors must communicate the engagement results. The chief audit executive must establish and maintain a system to monitor the disposition of results communicated to management. (Standard 2500) When the chief audit executive concludes that management has accepted a level of risk that may be unacceptable to the organization, the chief audit executive must discuss the matter with senior management. If the chief audit executive determines that the matter has not been resolved, the chief audit executive must communicate the matter to the board. (Standard 2600)
This charter must be approved by senior management and the board. The charter must establish the position of the internal audit activity within the organization, set out the scope of its activities, and guarantee access to personnel and records.
Explain the importance of independence and objectivity in internal auditing and how they are achieved.
The standards for the practice of internal auditing require that the auditor be independent of the activities audited and be objective in issuing an opinion on those activities. The independence and objectivity of the internal auditor are enhanced by the following: The organizational status of the internal audit department (The chief audit executive must report functionally to the board.) The authority and responsibility given to internal auditors The degree of objectivity maintained by internal auditors Internal auditors must be objective when performing consulting engagements. Consulting engagements may enhance the auditors understanding of business processes or issues, which may be helpful in performing assurance engagements. Impairments to independence or objectivity should be brought to the attention of the management of the engagement client. Management must be responsible for accepting and implementing recommendations. Internal auditors must take care to ensure that they do not inappropriately assume management responsibilities.
Identify the main standards for proficiency and due professional care in internal auditing.
There are three main standards related to proficiency and due professional care: Internal auditors and internal audit departments must possess the knowledge, skills, and competencies needed to perform their individual responsibilities. Internal auditors must apply the care and skills expected of a reasonably prudent and competent internal auditor. Internal auditors must enhance their knowledge, skills, and competencies through continuing professional development.
Outline the main requirements of using outsourced or co-sourced resources in internal auditing.
Outsourcing arose from a belief that management would be better able to focus on core competencies and strategic plans and turn over (or outsource) ancillary activities to organizations with internal audit expertise. Outsourcing provides specialized techniques and expertise, as well as greater flexibility, compared to in-house staff. Major public accounting firms have all established internal audit support practices. These firms will contract to provide a complete internal audit service to their clients or provide specialized cosourced resources for specific audit engagements.
Advantages include the following: Access to expertise not available in-house Access to leading-edge practices Increased subject matter and geographical coverage Potential cost reductions Greater flexibility Disadvantages include the following: Consultants may be unfamiliar with the company, corporate culture, or specific industry. For routine, non-specialized assignments, costs will usually be greater than using internal staff. It may be difficult to respond to urgent management requests if the company relies too heavily on external contractors. Responsibilities of the chief audit executive when outside service providers are used include the following: The chief audit executive must assess their competency, independence, and objectivity in relationship to the specific engagement to be performed. The chief audit executive must agree on the scope of work with the outside service provider before work commences. The chief audit executive must ensure that the work done by the outside service provider complies with the appropriate professional standards. In addition, an external service provider of internal audit services must inform the client organization of its responsibility for maintaining an effective internal audit activity. This can be demonstrated with a quality assessment program.
State the standards for the proper management of the internal audit department, including quality assurance.
The chief audit executive must perform the following: Establish risk-based plans to determine priorities for the internal audit activity that are consistent with the organizations goals. Communicate the departments plans and resource requirements to senior management and the board for review and approval. Ensure that the resources are appropriate, sufficient, and effectively deployed to achieve the approved plan. Establish policies and procedures to guide the internal audit activity. Share information and coordinate activities with other providers of assurance and consulting activities to ensure proper coverage and minimize duplication of efforts. Report periodically to the board relative to the approved plan. Establish a quality assurance and improvement program including both internal and external assessments. Communicate the results of external assessments to the board.
Course Schedule
Course Modules
Exam Preparation
Resources
Module 2: Self-test
1. Multiple choice a. In which of the following areas would an internal auditor be required by IIA Practice Advisory 1210 to have proficiency when carrying out an audit of corporate governance processes? 1. 2. 3. 4. Computerized management information systems Management and financial accounting Internal auditing standards, procedures, and techniques Fundamentals of commercial law
b. Under which of the following situations would the type of annual bonus offered to the internal auditor be acceptable under the IIA standards concerning his or her objectivity? 1. The bonus is based on dollar recoveries from financial audits. 2. The bonus is based on expected future savings from audit recommendations. 3. The bonus is determined by the chief executive officer and approved by the audit committee of the board. 4. The bonus is based on the number of complaints received by the CEO about the work of the audit department. c. An internal auditor suspects that a cashier is lapping receipts (that is, covering up temporary or permanent misappropriation by delaying recording transactions). What is the first action that the internal auditor should take? 1. Immediately suspend the cashier, pending a fraud investigation. 2. Implement better controls over receipts and bank deposits so that such an activity is no longer possible. 3. Confront the cashier with his or her suspicions. 4. Report the matter to senior management. d. In drawing up a charter for a newly created internal auditing department, what is the most appropriate organizational status for the department? 1. The CAE should be a member of the audit committee of the board of directors. 2. The CAE should report to the controller. 3. The CAE should report to the president with guaranteed access to the audit committee of the board of directors. 4. The CAE should report to the partner responsible for the companys external audit with access to the companys administrative vicepresident, who would act as a liaison to senior management and the board of directors. e. The chief audit executive (CAE) provides a report at each quarterly meeting of the audit committee of the board. Senior management has requested that a copy of this report be provided to senior managers prior to the audit committee meeting so that issues can be resolved before the actual meeting where possible. How should the CAE react to this request? 1. The CAE should provide the report as requested.
2. The CAE should provide the report to management only after the audit committee meeting. 3. The CAE should not provide the report to management because this is an unacceptable limitation on the independence of the internal auditor. 4. The CAE should provide the report for information only, and consider any attempts by management to resolve issues prior to the committee meeting as unwarranted interference with the independence of the audit function. f. The definition of internal auditing and the IIA Standards set out which of the following as included in the nature of work of internal auditing? 1. Assessing effectiveness, efficiency, and economy of operations 2. Evaluating financial and operational controls 3. Evaluating and improving risk management, control, and governance processes 4. Performing financial, compliance, and operational audits Solution 2. CASE STUDY T2-1: Kenny Incorporated You have just been promoted to chief audit executive at Kenny Incorporated on the retirement of the previous incumbent. You are acutely aware of the importance of auditor independence and objectivity to the internal audit function. In your previous role as senior internal auditor, you were aware of several activities carried out by internal auditors that you believed could impair the actual or perceived objectivity and independence of your department. You have decided to write a memo to the controller on the matter. Your specific concerns relate to the following activities:
1. The bank statements of the corporation are reconciled each month as a regular assignment by one of the internal auditors. The corporate controller believes this strengthens internal controls because the internal auditor is not involved in the receipt and disbursement of cash. 2. An internal auditor evaluates all budget-to-actual variances each month, along with the associated explanations provided by the corporate controllers staff after consultation with the individuals involved. After completing the review, the auditor sends a memo to the appropriate staff indicating the action needed to address the variances. 3. The internal auditors are frequently asked to make accounting entries for nonroutine complex transactions before the transactions are recorded. The employees in the accounting department are not adequately trained to handle such transactions. In addition, this serves as a means of maintaining internal control over such transactions. 4. One of the auditors has recently been involved in the design, testing, and training of a new accounts receivable system. The auditor was asked to design the system because of her strong accounting and systems background and her knowledge of internal controls.
Required
Solution
Course Schedule
Course Modules
Exam Preparation
Resources
Self-test 2 Solution 1
a. 1. Incorrect. This would be useful for some audits, but would not likely be required in an 2. Incorrect. This is required only when working extensively with financial records and 3. Correct . This is required for all internal audit engagements as set out in the first 4. Incorrect. The internal auditor should have an appreciation of the fundamentals of
commercial law, but need not be proficient in it. paragraph of Practice Advisory 1210-1. reports, which would not apply to this engagement. audit of governance processes.
b. 1. Incorrect. This might cause the auditor to bias the work plan towards financial audits based on the potential for cost recovery rather than other organizational priorities. 2. Incorrect. This might also bias the internal auditors selection of audit work. 3. Correct. This would not compromise the auditors objectivity. 4. Incorrect. Auditors should not be provided with incentives that might cause them to avoid conflict, even when such conflict is necessary for them to carry out their work in a professional manner. c. 1. 2. 3. 4. d. 1. Incorrect. The audit committee should be made up of non-executive members of the board of directors. 2. Incorrect. Usually reporting at the level of the controller would be inadequate to provide full independence, both when auditing financial controls and other operational areas. 3. Correct. This would provide the organizational status to enhance the independence and objectivity of the internal auditor. 4. Incorrect. The internal auditor should not report to the external auditor; in addition, the auditor should have direct access to the audit committee or to the board of directors. e. 1. Correct. The internal auditor should report both to senior management and to the audit committee. 2. Incorrect. The reports of the internal auditor should be discussed with management before they are issued. 3. Incorrect. This does not in any way compromise the auditors independence. 4. Incorrect. The Standards state that the auditor should discuss the reports with management before they are issued. f. 1. Incorrect. These are assessed in operational auditing, but are not part of the definition or the Standards . 2. Incorrect. These are part of the work of internal auditors, but are not part of the definition. 3. Correct. These are set out in the definition and in Performance Standard 2100. Incorrect. The internal auditor has no line responsibility. Incorrect. The auditor cannot implement controls only recommend them. Incorrect. This would be unwise without confirming the suspicions. Correct. This is the first thing that the auditor should do.
4. Incorrect. Although internal auditors do these types of audits, they are not part of the definition.
Course Schedule
Course Modules
Exam Preparation
Resources
Self-test 2 Solution 2
CASE STUDY T2-1: Kenny Incorporated MEMORANDUM
DATE: TO: FROM: RE: October 10, 20X1 Controller Chief Audit Executive Independence and objectivity
In order to preserve our independence and objectivity, which are essential to our value to the organization, it is important that the internal audit staff maintain an impartial, unbiased, and objective attitude in the performance of our work. The IIA International Standards for the Professional Practice of Internal Auditing define objectivity as an unbiased mental attitude that requires internal auditors to perform engagements in such a manner that they have an honest belief in their work product and that no significant quality compromises are made. Objectivity requires internal auditors not to subordinate their judgment on audit matters to that of others. Objectivity does not exist whenever internal audit staff audit the work that they or other members of the internal audit department have performed. I would be grateful, therefore, if you could reassign the following activities to members of your department, effective as soon as possible: 1. The preparation of bank reconciliations is an internal control over cash. In order to maintain objectivity, the internal auditor should not perform duties that would be evaluated as part of an independent verification of the effectiveness and efficiency of internal controls as this would violate Implementation Standard 1130.A1. This duty should be reassigned by the corporate controller while maintaining effective segregation of incompatible responsibilities. 2. Objectivity is impaired when an internal auditor makes managerial decisions such as directing actions in response to adverse variances. The audit department could be called upon to audit this process and there would be at least an apparent conflict of interest. 3. Internal auditors should not be involved in the record-keeping process. Auditors, therefore, should not make accounting entries as part of regular processing of transactions, even if these transactions are non-routine and complex, as this could put them in a position of auditing their own work in violation of Implementation Standard 1130.A1. Auditors should only recommend accounting entries arising from observations during an audit. 4. Objectivity is impaired if an internal auditor is called upon to evaluate a system for which the auditor played a significant role in developing the design and implementation. (This would violate Implementation Standard 1130.A1.) Testing of the internal controls of the system does not impair objectivity as this is part of assessing the effectiveness and efficiency of the controls.