CIA_LS_P1_S1.9710580.. - Raven Global Training

advertisement
THE IIA’S CIA LEARNING SYSTEMTM
Overview
Internal Audit
Reviews the effectiveness and efficiency of operations; compliance with
laws, regulations, policies, and procedures; achievement of operational/
organizational objectives; reliability of information; and safeguarding of
assets
Compliance
Audit
Strictly tests
adherence to
laws,
regulations,
standards, and
policies and
procedures
www.LearnCia.com
Financial
Audit
Regulatory
Audit
Government
Audit
Provides an
attestation solely
on the financial
reports and
statements
generated by an
organization
Reviews
compliance with
specific
regulations
Focuses on
compliance with
programs,
performance
audits, budget
reviews, and
management
audits
Part 1, Overview
Part 1 1 – 1
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Section Topics
1. Define purpose, authority,
and responsibility of the
internal audit activity
2. Maintain independence
and objectivity
3. Determine availability of
required knowledge, skills,
and competencies
4. Develop and/or procure
necessary knowledge,
skills, and competencies
collectively required by
internal audit activity
www.LearnCia.com
5. Exercise due
professional care
6. Promote continuing
professional
development
7. Promote quality
assurance and
improvement of the
internal audit activity
8. Abide by and
promote compliance
with The IIA’s Code of
Ethics
Part 1, Section 1
Part 1 1 – 2
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Internal Auditing, Defined
“An independent, objective assurance and
consulting activity designed to add value and
improve an organization’s operations. It helps an
organization accomplish its objectives by
bringing a systematic, disciplined approach to
evaluate and improve the effectiveness of risk
management, control, and governance
processes.”
www.LearnCia.com
Part 1, Section 1, Introduction
Part 1 1 – 3
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
International Professional Practices
Framework (IPPF)
Code of Ethics
International Standards for the
Professional Practice of Internal
Auditing (Standards)
Mandatory
Definition of Internal Auditing
Practice Advisories
Practice Guides
Position Papers
www.LearnCia.com
Part 1, Section 1, Introduction
Not mandatory
(but endorsed and
recommended by
The IIA)
Part 1 1 – 4
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
During an internal audit, the Standards establish all of
the following EXCEPT
A. basic auditing principles.
B. evaluation criteria for audit performance.
C. considerations on how to plan and perform the
engagement.
D. a framework for a broad range of valueadded internal audit activities.
Answer: C. Approach and methodology (but not detailed
processes and procedures) are covered in the Practice
Advisories.
www.LearnCia.com
Part 1, Section 1, Introduction
Part 1 1 – 5
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Categories of Standards
Attribute
•
•
Performance
Apply to all internal
audit services and
internal auditors,
individually
(organizations;
parties performing
internal audit
activities)
Provide guidance
for the quality of the
internal audit
programs
www.LearnCia.com
•
•
•
Apply to all
internal audit
services and
internal auditors
Describe the
nature of internal
audit activities
Provide quality
criteria for
performance
evaluation
Part 1, Section 1, Introduction
Implementation
•
•
Expand
Attribute and
Performance
Standards
Apply to
specific
engagements
Part 1 1 – 6
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Defining characteristics such as independence and
objectivity or due professional care are covered in
A. Attribute Standards.
B. Performance Standards.
C. Implementation Standards.
D. Practice Guides and Position Papers.
Answer: A. Attribute Standards describe
the characteristics of organizations and
parties performing internal audit activities.
www.LearnCia.com
Part 1, Section 1, Introduction
Part 1 1 – 7
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Types of Internal Audit Activity
Assurance Services
“An objective examination
of evidence for the purpose
of providing an independent
assessment on governance,
risk management, and
control processes for the
organization”
www.LearnCia.com
Consulting Services
“Advisory and related client
service activities, the nature
and scope of which are agreed
to by the client and which are
intended to add value and
improve an organization’s
governance, risk management,
and control processes without
the internal auditor assuming
management responsibility”
Part 1, Section 1, Introduction
Part 1 1 – 8
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Which of the following characteristics differentiates
the internal auditor’s activity during assurance and
consulting engagements?
A.
B.
C.
D.
Compliance with applicable Standards
Conformance to applicable Standards
Assessment or advisory role
Internal or external expertise
Answer: C
www.LearnCia.com
Part 1, Section 1, Introduction
Part 1 1 – 9
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
IIA Guidance and Materials
Practice Advisories
Strongly endorsed and
recommended guidance
on best practices for
performance of the
Standards
Practice Guides
Detailed processes and
procedures, such as tools
and techniques,
programs, and step-bystep approaches
Position Papers
Statements to assist a
wide range of interested
parties
www.LearnCia.com
Part 1, Section 1, Introduction
Part 1 1 – 10
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Internal Audit Activity, Defined
“A department, division, team of consultants, or
other practitioner(s) that provides independent,
objective assurance and consulting services
designed to add value and improve an
organization’s operations”
Helps accomplish organizational objectives through a systematic,
disciplined approach
Evaluates and improves the effectiveness of risk management, control, and
governance processes
Requires top-level support (e.g., the board and senior management)
communicated throughout the organization
www.LearnCia.com
Part 1, Section 1, Topic 1
Part 1 1 – 11
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
All of the following are reasonable responsibilities for the
chief audit executive EXCEPT
A. overseeing the service contract with a consultant.
B. waiving a regulatory agency’s recommendation on a
risk management or control issue.
C. developing the audit charter and securing approval by
the board.
D. reporting to senior management and the board
on internal audit activities.
Answer: B. This is a management decision, not an
internal audit decision.
www.LearnCia.com
Part 1, Section 1, Topic 1
Part 1 1 – 12
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Internal Audit Charter, Defined
“A formal
document that
defines the
internal audit
activity’s purpose,
authority, and
responsibility”
www.LearnCia.com
Establishes the internal audit
activity’s position within the
organization
Authorizes access to records,
personnel, and physical
properties relevant to the
performance of engagements
Defines the scope of internal
audit activities
Part 1, Section 1, Topic 1
Part 1 1 – 13
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Typical Audit Charter Elements
Mission and scope of the internal auditing
department
Accountability of the CAE to management and an
audit committee
Independence of the internal auditing function
Responsibilities of the CAE and internal auditing
staff
Range of authority of the CAE and internal auditing
staff
Applicable standards of audit practice
www.LearnCia.com
Part 1, Section 1, Topic 1
Part 1 1 – 14
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Types of Engagements
Assurance
Consulting
Formal—Engagements planned
and subject to written agreement
Informal—Various routine
activities
Special—Participation in a merger,
acquisition, or conversion
“Blended”
www.LearnCia.com
Emergency—Participation in
disaster recovery or special
business events
Part 1, Section 1, Topic 1
Part 1 1 – 15
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Which of the following items is appropriate to
include in an internal audit activity charter?
A. Authorization and access
B. Levels of staff proficiency
C. Inquiry and observation processes employed
D. Activity objectives for external service
providers
Answer: A
www.LearnCia.com
Part 1, Section 1, Topic 1
Part 1 1 – 16
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Key Documents
Basic documents to
support the purpose,
authority, and
responsibility of the
internal audit
department and
internal audit activities
Internal audit charter
Function and
responsibility (F and R)
statement
Statement of policy
(corporate audit policy or
policy statement
missions)
Audit manual (policies
and procedures)
Staff job descriptions
www.LearnCia.com
Part 1, Section 1, Topic 1
Part 1 1 – 17
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Marketing the Audit Function
Brochures
Promote the audit function and explain the features and
benefits
Newsletters
Highlight important aspects of internal audit activities
Publications
Provide softer human interest stories
Audit department open
house
Facilitate introductions and/or dialogue
Advisory board of
operating managers
chaired by CAE
Facilitate an exchange of information on related topics
Client training
Educate client personnel and/or internal auditing new
hires
Engagement documents
and meetings
Structure an internal audit activity as a problem-solving
partnership
www.LearnCia.com
Part 1, Section 1, Topic 1
Part 1 1 – 18
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Identify whether the statement is related to the purpose,
authority, or responsibility of the internal audit activity.
Answers:
Responsibility
1. Ensure that staff possesses
sufficient expertise to fulfill the
engagement charter.
Authority
2. Maintain access with the
appropriate governing authority.
Purpose
3. Add value and improve
operations.
www.LearnCia.com
Part 1, Section 1, Topic 1
Part 1 1 – 19
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Internal Audit Activity Purpose, Authority,
and Responsibility
•
•
•
•
Attribute Standard 1000
Attribute Standard 1130
Performance Standard 2400
Performance Standard 2420
www.LearnCia.com
Part 1, Section 1, Topic 1
Part 1 1 – 20
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Independence and Objectivity, Defined
Independence
Independence
“The freedom from
conditions
that from
“…
the freedom
threaten objectivity
or
conditions
that
the appearance
of or
threaten
objectivity
objectivity”
the
appearance of
objectivity ...”
www.LearnCia.com
Objectivity
“An unbiased mental
attitude that allows
internal auditors to
perform engagements in
such a manner that they
have an honest belief in
their work product and
that no significant quality
compromises are made”
Part 1, Section 1, Topic 2
Part 1 1 – 21
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Independence and Organizational Reporting
Board of Directors
Functional
reporting
Senior Management
Audit Committee
Administrative
reporting
Functional
reporting
CAE and Internal Audit Function
www.LearnCia.com
Part 1, Section 1, Topic 2
Part 1 1 – 22
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Functional Reporting
Administrative Reporting
Provides independence and authority
Facilitates day-to-day operations
Examples:
• Approve:
–
–
–
–
Internal audit activity’s charter.
Internal audit risk assessment and
related audit plan.
All decisions regarding performance
evaluation, appointment/removal of
CAE.
Annual compensation and salary
adjustment of CAE.
Examples:
• Budgeting and management
accounting
• Human resource administration
• Internal communications and
information flows
• Administration of the internal
audit activity’s internal policies
and procedures
• Receive communications from CAE.
• Make appropriate inquiries of
management and CAE.
www.LearnCia.com
Part 1, Section 1, Topic 2
Part 1 1 – 23
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Alignment to Ensure Organizational Independence
Have regular and direct communication
with the board.
Report to an individual at the senior
management level with sufficient
authority to promote independence and
to ensure broad audit coverage.
Report directly to the audit committee (or
its equivalent).
www.LearnCia.com
Part 1, Section 1, Topic 2
Part 1 1 – 24
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Which action best exemplifies internal auditing
objectivity?
A. Strategic synergies
B. Win-win conflict resolution
C. Periodic communication with the engagement
client
D. Independent mental attitude
Answer: D. An internal auditor must have an
unbiased and impartial mindset in regard to all
engagements.
www.LearnCia.com
Part 1, Section 1, Topic 2
Part 1 1 – 25
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Policies to Promote Objectivity
Internal auditors should:
Have no operational responsibility for the activity
under review.
Have had no authority or responsibility during the
past year or a reasonable time frame.
Abide by the Code of Ethics.
Not subordinate their judgment to that of others.
Not compromise the quality of their work or
objectivity of their judgment.
Avoid potential conflicts of interest and bias.
Have an independent review of engagement results.
www.LearnCia.com
Part 1, Section 1, Topic 2
Part 1 1 – 26
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Additional Best Practices to Maintain Objectivity
CAE
Internal
Auditor
www.LearnCia.com
• Periodic query of internal
auditing staff
• Periodic staff assignment
rotation
• Refusal of material fees, gifts, or
entertainment—consideration of
what is “reasonable”
Part 1, Section 1, Topic 2
Part 1 1 – 27
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Identify which of the following items exemplify potential
impairments. Respond “yes,” “no,” or “probable.”
Answers:
No
1. Accepting a breakfast invitation
Yes
2. An executive demanding the rescheduling of an
audit
Probable
3. A designer passport travel ID case
Yes
4. Denial of facility access
Potential impairments should be reported to the CAE.
www.LearnCia.com
Part 1, Section 1, Topic 2
Part 1 1 – 28
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Reinforcing Activity 1-1
Part 1, Section 1, Topic 2
Maintain Independence and Objectivity
www.LearnCia.com
Part 1, Section 1, Topic 2
Part 1 1 – 29
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Engagement Staffing Options
In-house auditing
Establishing a dedicated audit team with requisite
resources
Total out-sourcing
Out-sourcing 100% of the internal audit activity to an
external provider, usually on an ongoing basis
Co-sourcing
A combination of internal staffing and external outsourcing; external providers provide supplementary
specialist skills
Subcontracting
(staff augmentation)
Securing a specific individual to perform a specific
engagement or part of an engagement
Secondment
Borrowing an employee from another part of the
organization to work in the audit activity for a
specified period of time
www.LearnCia.com
Part 1, Section 1, Topic 3
Part 1 1 – 30
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Requisite Knowledge, Skills, and Competencies
Examples
Knowledge
Information
Knowledge required to
perform technical audits
Skills
Proficiency
Language/communication
skills
Competencies
Performance
www.LearnCia.com
Part 1, Section 1, Topic 3
Interpersonal skills/audit
tools and techniques
Part 1 1 – 31
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Internal Audit Designated Competencies
Interpersonal Skills
Tools and Techniques
Competency
Categories
Internal Audit
Standards, Theory,
and Methodology
www.LearnCia.com
Knowledge Areas
Part 1, Section 1, Topic 3
Part 1 1 – 32
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Who is ultimately responsible for ensuring that the
internal audit activity is staffed appropriately?
A. Audit committee
B. Chief audit executive (CAE)
C. Board
D. Human resources
Answer: B. The CAE is responsible for
determining levels of education and experience
for the organization’s IA positions.
www.LearnCia.com
Part 1, Section 1, Topic 3
Part 1 1 – 33
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Identify the employment term described in the
example.
Answers:
Job specifications
Job description
Performance
appraisal
Career path
www.LearnCia.com
1. Requiring CIA certification for an
internal audit position
2. List of requisite knowledge, skills,
and competencies
3. Evaluation and feedback at the
end of an engagement
4. Progressive promotions of an
internal auditor
Part 1, Section 1, Topic 3
Part 1 1 – 34
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
How to Evaluate Staff Proficiency
4
3
2
1
Conduct a staffing analysis.
Obtain and review information pertaining to
specialized skills required by the IA activity.
Review staff and management job
descriptions.
Review the education and background
of the IA activity’s staff.
www.LearnCia.com
Part 1, Section 1, Topic 3
Part 1 1 – 35
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
The CAE must hire an outside service provider to
support the internal audit activity with statistical
analysis responsibilities. This best describes
A. co-sourcing.
B. out-sourcing.
C. joint venture.
D. alliance.
Answer: A. In co-sourcing, an external provider
supplements the internal audit function; in outsourcing, an outside firm is paid to handle the
responsibility.
www.LearnCia.com
Part 1, Section 1, Topic 4
Part 1 1 – 36
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Co-sourcing and Out-sourcing
Advantages
+ Frees internal resources
+ Provides flexibility
+ Can improve efficiency and
effectiveness
+ Can reduce expenses
+ Can expand coverage
+ May improve quality and/or
timeliness
+ Can provide additional skill
sets
www.LearnCia.com
Disadvantages
– Can cost more
– Results in a loss of in-house
capabilities and process
control
– Can undermine morale
– Requires a learning curve,
oversight, and coordination
– Has potential for privacy and
confidentiality issues
– Can undermine career
pathing
Part 1, Section 1, Topic 4
Part 1 1 – 37
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
CAE Responsibilities for Outside Service Providers
Determine the competence.
Assess the relationship with the organization.
Ensure that independence and objectivity are
maintained.
Review necessary information (e.g., work objectives,
scope, access).
Document matters in an engagement letter or
contract.
Reference compliance with The IIA’s Standards (as
applicable).
www.LearnCia.com
Part 1, Section 1, Topic 4
Part 1 1 – 38
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
What Is Fraud?
“Any illegal act
characterized by
deceit, concealment
or violation of trust”
www.LearnCia.com
Examples:
• Acceptance of bribes or kickbacks
• Diversion of a potentially profitable
transaction
• Embezzlement
• Intentional concealment/misrepresentation
of events, transactions, or data
• Bogus claims submitted for services or
goods
• Intentional failure to act
• Unauthorized or illegal use of confidential
or proprietary information
• Unauthorized or illegal manipulation of IT
networks or operating systems
• Theft
Part 1, Section 1, Topic 4
Part 1 1 – 39
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Information Technology Considerations
“Internal auditors must have sufficient
knowledge of key information technology
risks and controls and available
technology-based audit techniques to
perform their assigned work. However,
not all internal auditors are expected to
have the expertise of an internal auditor
whose primary responsibility is
information technology auditing.”
(Standard 1210.A3)
www.LearnCia.com
Part 1, Section 1, Topic 4
Part 1 1 – 40
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Characteristics of Due Professional Care
What is due professional
care?
What are the
implications?
• Calls for the application of the
care and skill expected of a
reasonably prudent and
competent internal auditor in
the same or similar
circumstances.
• Requires internal auditors to
act responsibly.
• Exercised when internal audits
are performed in accordance
with the Standards.
• Internal auditors must be
independent, competent, and
objective.
• Audit work must be planned
and supervised.
• Audit reports must be
objective, clear, concise,
constructive, and timely.
• Internal auditors must follow up
on reported audit findings.
www.LearnCia.com
Part 1, Section 1, Topic 5
Part 1 1 – 41
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Which of the following statements exemplifies due
professional care in an assurance engagement?
A. Understanding the performance goals of the
client
B. Recognizing the needs of management
C. Being alert to significant risks that affect
objectives, goals, and strategies
Answer: C
www.LearnCia.com
Part 1, Section 1, Topic 5
Part 1 1 – 42
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
How does due professional care in a consulting
engagement differ from that in an assurance
engagement?
A. More applicable standards
B. Increased client needs and expectations
C. Fewer potential benefits derived from the
engagement
Answer: B. Many of the same considerations
apply. However, the needs and expectations
of clients have increased significance.
www.LearnCia.com
Part 1, Section 1, Topic 5
Part 1 1 – 43
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Reinforcing Activity 1-2
Part 1, Section 1, Topic 5
Exercise Due Professional Care
www.LearnCia.com
Part 1, Section 1, Topic 5
Part 1 1 – 44
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
What Is Continuing Professional Development?
Description
The means to
maintain,
improve, and
broaden the
knowledge,
skills, and
competence
required in a
profession
www.LearnCia.com
General Examples
•
•
•
•
•
•
•
•
•
Occupational assignments
Mentoring
Networking
Training
Research projects
Collective wisdom
Formal education
Conferences
Membership/activity in
professional societies
• Certification and recertification
Part 1, Section 1, Topic 6
The IIA Offerings
• Seminars
• Conferences
• Web-based
training
• Vision University
Part 1 1 – 45
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Certification
Description
Achieved By
The systematic
• Graduation from
measurement of
accredited or
characteristics that
approved training
results in recognition
• Completion of a
of meeting suggested
specified amount or
knowledge and other
type of work
minimum requirements
experience
• Acceptable exam
performance
www.LearnCia.com
The IIA Certifications
• Certified Internal
Auditor® (CIA)
• Certification in Control
Self-Assessment (CCSA)
• Certified Government
Auditing Professional
(CGAP)
• Certified Financial
Services Auditor (CFSA)
Part 1, Section 1, Topic 6
Part 1 1 – 46
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Quality Assurance and Improvement Program (QA&IP)
• Helps provide reasonable assurance to stakeholders
that the internal audit activity:
– Performs in accordance with its charter and is consistent
with the Definition of Internal Auditing, the Code of Ethics,
and the Standards.
– Operates in an effective and efficient manner.
– Is perceived as adding value and improving operations.
• Includes appropriate supervision, periodic internal
assessments, ongoing monitoring of quality
assurance, and periodic external assessments.
www.LearnCia.com
Part 1, Section 1, Topic 7
Part 1 1 – 47
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
QA&IP Internal and External Assessments
Periodic internal assessment
• Ongoing internal evaluations of
the internal audit activity
coupled with periodic selfassessments and/or reviews
• Conducted by persons within
the organization’s internal audit
activity
• Supervised by the direction of
the CAE
www.LearnCia.com
Periodic external assessment
• Evaluation of the internal audit
activity compliance with the
Standards, the use of best
practices, and internal audit
activity efficiency and
effectiveness
• Conducted by a qualified
independent reviewer or review
team from outside the organization
Part 1, Section 1, Topic 7
Part 1 1 – 48
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Identify whether the statement describes internal
or external periodic quality assessments or both.
Answers:
Internal or
external
1. Usually incorporated into routine policies and
practices
2. Provides an opinion about conformance to the
Standards
Internal
3. CAE involvement precludes total objectivity
External
4. Conducted at least once every five years
Internal
www.LearnCia.com
Part 1, Section 1, Topic 7
Part 1 1 – 49
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Scope of Internal Assessments
• Routine and continuous
supervision and testing of
performance of audit/
consulting work
• Ongoing measurements
and analyses of
performance metrics
• Periodic validations of
compliance with applicable
laws, regulations,
standards
• Periodic validations of
compliance with Standards
and Code of Ethics
www.LearnCia.com
• Evaluation of adequacy of internal
audit activity’s charter, goals,
objectives, policies, procedures
• Assessment of contribution to
organization’s governance, risk
management, and control
processes
• Evaluation of effectiveness of
continuous improvement activities
and adoption of best practices
• Whether auditing activity adds
value and improves organization’s
operations
Part 1, Section 1, Topic 7
Part 1 1 – 50
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
QA&IP Internal Performance Measures
Board/Audit Committee
Management &
Audit Clients
International
Professional Practices
Framework
Internal Audit
Process
Corporate and Internal
Audit Strategies
Laws and Regulations
Innovation and Capabilities
www.LearnCia.com
Part 1, Section 1, Topic 7
Part 1 1 – 51
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Discussion Question
Which of the following are acceptable teams to perform
external quality assessment reviews? (Select all that apply.)
I. A team that is totally independent of the organization yet
knowledgeable in standards of audit performance
II. Internal auditors from a subsidiary organization
III. A self-assessment with independent validation by an
independent reviewer
IV. A peer review team made of members from at least three
different organizations
Answer: I, III, and IV. External reviewers must be independent
of the organization whose internal audit activity is the subject
of the assessment. “Independent of the organization” means
not a part of or under the control of the organization to which
the internal auditing activity belongs.
www.LearnCia.com
Part 1, Section 1, Topic 7
Part 1 1 – 52
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Scope of External Assessments
• Conformance with the Definition of
Internal Auditing, the Code of
Ethics, and the Standards and with
the internal audit activity’s charter,
plans, policies, procedures,
practices, and applicable legislative
and regulatory requirements
• Expectations of the internal audit
activity expressed by the board,
senior management, and
operational managers
• Integration of the internal audit
activity into the organization’s
governance process, including the
attendant relationships between
and among the key groups involved
in that process
www.LearnCia.com
• Tools and techniques
employed by the internal
audit activity
• Mix of knowledge,
experience, and disciplines
within the staff, including
staff focus on process
improvement
• Determination as to whether
or not the audit activity adds
value and improves the
organization’s operations
Part 1, Section 1, Topic 7
Part 1 1 – 53
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Reporting the Results of QA&IP
Internal assessments
External assessments
The CAE should share results,
necessary action plans, and their
successful implementation with
stakeholders such as:
• Senior management.
• The board.
• External auditors.
• Preliminary results should be
discussed with the CAE during
and at the conclusion of the
process.
• Final results should be
communicated in a formal report
to:
www.LearnCia.com
– The CAE or other official who
authorized the review.
– Appropriate members of senior
management and the board.
Part 1, Section 1, Topic 7
Part 1 1 – 54
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Compliance/Conformity to the Standards
Compliance is
conformity and
“adherence to
policies, plans,
procedures, laws,
regulations,
contracts, or other
requirements.”
Statement may be used only if
validated by assessments of the
QA&IP.
Assessments should include
recommendations for compliance
improvement.
Compliance may be expressed in
one of three ways.
• “In compliance with the Standards”
• “In conformity to the Standards”
• “In accordance with the Standards”
www.LearnCia.com
Part 1, Section 1, Topic 7
Part 1 1 – 55
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Reinforcing Activity 1-3
Part 1, Section 1, Topic 7
Promote Quality Assurance and
Improvement of the Internal Audit Activity
www.LearnCia.com
Part 1, Section 1, Topic 7
Part 1 1 – 56
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
The IIA’s Code of Ethics, Defined
Principles:
“Principles relevant to the
profession and practice of internal
auditing and Rules of Conduct that
describe behavior expected of
internal auditors. The Code of
Ethics applies to both parties and
entities that provide internal audit
services. The purpose of the Code
of Ethics is to promote an ethical
culture in the global profession of
internal auditing.”
www.LearnCia.com
Integrity
Objectivity
Confidentiality
Competency
Part 1, Section 1, Topic 8
Part 1 1 – 57
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
Reinforcing Activity 1-4
Part 1, Section 1, Topic 8
Abide By and Promote Compliance
With The IIA’s Code of Ethics
www.LearnCia.com
Part 1, Section 1, Topic 8
Part 1 1 – 58
V3.0
THE IIA’S CIA LEARNING SYSTEMTM
End of Section 1
Questions?
www.LearnCia.com
Part 1, Section 1
Part 1 1 – 59
V3.0
Download
Related flashcards

Management

42 cards

Management

61 cards

Canadian Hockey League

15 cards

Create Flashcards