1, What are the advantages of positioning the CAE on a senior management level within

the organization?

Organization that recognize the importance of placing the internal audit function in a position
that maximizes its effectiveness and ability to evaluate the efficacy of the risk management,
control, and governance processes that are in place often do so through a senior management
position described in the standards as a CAE.

2, What information should be included in an internal audit charter?

In addition to establishing a charter, mission and/or vision, and internal audit plan, the CAE is
responsible for establishing and maintaining independence, objectivity, proficiency, and due
professional care within the internal audit function.

3, According to Interpretation of Standard 2000, the CAE has three specific

management responsibilities. What are they?

a, Achieving the purpose and responsibility included in the internal audit charter.
b, ACE is responsible for establishing an maintaining independence, objectivity, proficiency,
and due to professional care within the internal audit function.
c, Individuals demonstrate conformance with the Code of Ethics and the Standards.

5, What circumstances could cause impairment of internal audit function independence

or internal auditor objectivity? How should an identified impairment be handled?

Impairment to organization independence and individual objectivity may include, but not
limited to, personal conflict of interest, scope limitations, restrictions on access to records,
personnel, and properties, and resource limitations, such as funding.
When there has identified impairment, the internal auditor must repot the import the
impairment or perceived impairment to the CAE who must decide if the internal auditor
needs to be reassigned.

6, Internal audit engagements must be performed with proficiency and due professional
care. What do proficiency and professional care mean?

Proficiency goes into more detail, stating that “internal auditors must possess the knowledge,
skills, and other competencies needed to perform their individual responsibilities. The
internal audit activity collectively must possess or obtain the knowledge, skill, and other
competencies needed to perform its responsibilities.” Furthermore, IIA standard 1220: Due
professional care states that “internal auditor must apply the care and skill expected of a
reasonably prudent and competent internal auditor. Due professional care does not imply
infallibility.”

7, There are multiple approaches a CAE can use to create an annual internal audit plan.
How is a top-down, risk-based approach conducted?

A top-down, risk-based approach to J-SOX compliance is an opportunity for organizations to

enhance their internal control framework and establish a more sustainable, effective, and
cost-efficient compliance process. The top-down risk assessment gives management a greater
awareness of the locations, accounts, and business processes that pose a higher risk to
financial reporting. A successful top-down, risk-based approach identifies the locations,
accounts, and business processes which have a greater likelihood of causing material
financial misstatements. By using this top-down, risk-based approach, testing efforts can be
varied to direct increased levels of testing to higher risk areas and related controls, thereby
reducing the need for more extensive testing and documentation of lower risk areas and
related controls

9, What key elements are taken into consideration when determining how to manage
resources in an internal audit function?
a, Organizational structure and staffing strategy.
b, Right sizing.
c, Staffing Plans/Human resource.
d, Hiring Practices.
e, Strategic sourcing.
f, Training and mentoring.
g, Career planning and professional development.
l, Scheduling.
i, Financial budget.