Internal Auditing - Ch9 - Internal Audit Function

The flashcards below were created by user acelaker on FreezingBlue Flashcards.

  1. In addition to establishing a charter, mission and/or vision, and internal audit plan
    the CAE is responsible for establishing and maintaining independence, objectivity, proficiency, and due professional care within the internal audit function
  2. Independence
    Organization Independence states, "The chief audit executive must report to a level within the organization that allows the internal audit activity to fulfill its responsibilities

    the internal audit activity must be free from interference in determining the scope of internal auditing, performing work, and communicating results
  3. Objectivity
    Internal auditors must have an impartial, unbiased attitude and avoid any conflict of interest.”

    Individual Objectivity
  4. Impairment
    If independence or objectivity is impaired in fact or appearance, the details of the impairment must be disclosed to appropriate parties

    • Impairment to organizational independence and individual objectivity may include, but is not limited to:
    • Personal conflict of interest,
    • Scope limitations,
    • Restrictions on access to records,
    • Personnel, and properties, and
    • Resource limitations, such as funding.
  5. Proficiency and Due Professional Care
    engagements must be performed with proficiency and due professional care.

    • Proficiency:
    • internal auditors must possess the knowledge, skills, and other competencies needed to perform 

    • Due Professional Care:
    • internal auditors must apply the care and skill expected of a reasonably prudent and competent internal auditor
  6. Planning
    A comprehensive internal audit plan includes both the assurance services and consulting services necessary to assess how effectively the organization is managing the risks that threaten its business objectives.

    maximum effectiveness is achieved when the risk assessment process is completed annually at the beginning of, or prior to, an organization's fiscal year.

    • Should Include:
    • nEstablishment of goals,
    • nEngagement schedules,
    • nStaffing schedules, and
    • nFinancial budgets.
  7. Communication & Approval
    After the internal audit plan has been established, the CAE must present it for approval to: Senior management, and The board (typically the audit committee).

    should include:Resource requirements, Significant interim changes, and The potential implications of resource limitations
  8. Resource Management
    • nA significant consideration in implementing an internal audit function's plan is how to
    • allocate resources.

    nIt is the CAE's responsibility to "ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan.”

    • nRight sizing is an important concept in the staffing and scheduling of an internal audit
    • function.

    • nIt is important to achieve and maintain a balance of knowledgeable and skilled staff
    • to complete the internal audit plan, without putting undue stress on the staff by creating oppressive work­loads, while simultaneously maintaining a reasonable financial budget.

    Staff development is of particular importance for an internal audit function due to the requirements placed on it regarding proficiency and due professional care This is done primarily through ongoing training and mentoring, as well as continued professional education
  9. Coordinating Assurance Efforts
    The most common form of such collaboration is with the independent outside auditors.

    Coordination outlines the circumstances under which the internal audit function can use work performed by the independent outside auditors.

    Coordinating efforts is important because of the increase in effectiveness and efficiencies that can be gained

    In the three lines of defense model, the organizational layers the avenues through which they gain assurance tat risks facing them are mitigated to a level within their risk appetite.
  10. Reporting
    The CAE has the responsibility to "report periodically to senior management and the board on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan. Reporting must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board"
  11. Governance
    Governance requires the internal audit function to "assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives:

    Promoting appropriate ethics and values within the organization;

    Ensuring effective organizational performance management and accountability;

    Communicating risk and control information to appropriate areas of the organization; and

    Coordinating the activities of and communicating information among the board, [independent outside] and internal auditors, and management."
  12. Risk Management
    Generally defined, risk management is a participatory process designed to identify, document, evaluate, communicate, and monitor the most significant uncertainties facing an organization requiring risk mitigation or exploitation of opportunities to successfully achieve business objectives.

    Risk management is most effective when senior management is actively engaged in the process in a way in which contributors step back from their specific area/department (silo) and consider the risks confronting the organization as a whole.
  13. internal audit function should not assume management roles:
    Set the organization's risk appetite,

    Make decisions on appropriate risk responses, or

    Assume ownership (be accountable for) the risk management processes.
  14. Control
    the internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement."
  15. Quality Assurance & Improvement
    Quality assurance is the process of assuring that an internal audit function operates according to a set of standards defining the specific elements that must be present to ensure that the findings of the internal audit function are legitimate
Card Set
Internal Auditing - Ch9 - Internal Audit Function
Internal Auditing - Ch9 - Internal Audit Function
Show Answers