Professional Documents
Culture Documents
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 1 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 2
CIA 2, SU 1 CIA 2, SU 1
Nature of Work
• Performance Standard 2100: Nature of Work
o The internal audit activity must evaluate and contribute
to the improvement of the organizations governance, risk
management, and control processes using a systematic,
disciplined, and risk based approach. Internal audit
Introduction to Internal credibility and value are enhanced when auditors are
proactive and their evaluations offer new insights and
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 3 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 4
CIA 2, SU 1 CIA 2, SU 1
Nature of Work Nature of Work
• These processes are closely related: • According to IG 2100, Nature of Work, an understanding of
o Governance The combination of processes and the processes previously listed is necessary.
structures implemented by the board to inform, direct,
manage, and monitor the activities of the organization • The CAE then interviews the board, and senior management
toward the achievement of its objectives. about the responsibilities of each stakeholder for these
o Risk Management A process to identify, assess, processes.
manage, and control potential events or situations to • An understanding of the business is also necessary.
provide reasonable assurance regarding the
achievement of the organizations objectives.
o Control Any action taken by management, the board,
and other parties to manage risk and increase the
likelihood that established objectives and goals will be
achieved. (The IIA Glossary)
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 5 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 6
CIA 2, SU 1 CIA 2, SU 1
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 7 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 8
CIA 2, SU 1 CIA 2, SU 1
Reporting Multiple-Choice Question
• Reporting to senior management and the board provides The internal audit activity is responsible for implementing
Risk management
assurance about
1.
2. Governance
o Governance 3. Control
o Risk management
A. 1 only.
o Control
B. 2 only.
• Periodic reports also are made on internal audits purpose, C. 3 only.
authority, responsibility, and performance. D. None of the answers are correct.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 9 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 10
CIA 2, SU 1 CIA 2, SU 1
Multiple-Choice Answer
The internal audit activity is responsible for implementing
1. Risk management
2. Governance
3. Control
A. 1 only.
B. 2 only.
Internal Audit
C. 3 only.
D. None of the answers are correct.
Administrative Activities
1.2
The internal audit activity is responsible for evaluating and contributing to the
improvement of governance, risk management, and control processes. But
management is responsible for implementing those processes.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 11 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 12
CIA 2, SU 1 CIA 2, SU 1
Overview Budgeting
• The chief audit executive (CAE) is responsible for • The CAE is responsible for creating the operating and
management of internal audit activity resources in a financial budget.
manner that ensures fulfillment of its responsibilities.
• Generally, the CAE, audit managers, and the internal audit
• Management oversees the day to day operations of the activity work together to develop the budget annually.
internal audit activity, including the following administrative
activities: • The budget is then submitted to management and the
o Budgeting and management accounting board for their review and approval.
o Human resource administration, including personnel
evaluations and compensation
o Internal communications and information flows
o Administration of the internal audit activitys policies
and procedures
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 13 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 14
CIA 2, SU 1 CIA 2, SU 1
• Internal auditors need a diverse set of skills to perform their B. All internal audit activities must have a detailed policies and procedures manual.
jobs effectively. C. Formal administrative and technical manuals may not be needed by all internal audit activities.
D. A small internal audit activity may be managed informally through close supervision and
• Effective interviewing methods are structured interviews memoranda.
and behavioral interviewing.
o Structured interviews use a set of job related
questions with standardized answers
o Behavioral interviews determine how candidates
handled past situations
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 15 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 16
CIA 2, SU 1 CIA 2, SU 1
Multiple-Choice Answer
Policies and procedures must be established to guide the internal audit activity. Which of the
following statements is false with respect to this requirement?
A. The form and content of written policies and procedures depend on the size of the internal
audit activity.
B. All internal audit activities must have a detailed policies and procedures manual.
C. Formal administrative and technical manuals may not be needed by all internal audit activities.
Stakeholder
D. A small internal audit activity may be managed informally through close supervision and
memoranda. Relationships
The form and content of policies and procedures are dependent upon the size and
structure of the internal audit activity and the complexity of its work (Inter. Std.
1.3
2040). Thus, all internal audit activities are not required to have a detailed policies
and procedures manual.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 17 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 18
CIA 2, SU 1 CIA 2, SU 1
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 19 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 20
CIA 2, SU 1 CIA 2, SU 1
Relationships with
Role of the Audit Committee Management
• The most important function of the audit committee is to • According to Sawyers Guide for Internal Auditors, 6th
promote the independence of the internal and external edition, internal auditors are responsible for performing
auditors by protecting them from managements influence. their mission, maintaining their objectivity, and ensuring the
• Other functions include internal audit activitys independence.
o Selecting or removing the CAE and setting his or her • They also should develop and maintain good working
compensation relationships with management.
o Approving the internal audit charter • Good relationships are developed by communicating
o Reviewing and approving the internal audit activitys effectively, resolving conflicts constructively, and using
work plan participative auditing methods.
o Resolving disputes between the internal audit activity o Participative auditing is a collaboration between the
and management internal auditor and management during the auditing
o Communicating with the CAE, who attends all audit
process. The objective is to minimize conflict and build a
committee meetings shared interest in the engagement.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 21 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 22
CIA 2, SU 1 CIA 2, SU 1
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 23 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 24
CIA 2, SU 1 CIA 2, SU 1
Definitions
• Business ethics are an organizations policies and standards
established to ensure certain kinds of behavior by its
members.
• Individual ethics are the principles of conduct expected to
be followed by individuals.
Ethical Climate
1.4
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 25 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 26
CIA 2, SU 1 CIA 2, SU 1
o Conflicts of interest
excuse unethical behavior when following orders.
o Entertainment and gift expenses • External Factors
o Relations with customers and suppliers o Competitive pressures may result in unethical
o Social responsibility
compromises in the interest of survival.
o The advantage obtained by a competitors wrongdoing is
an excuse for imitation of that behavior.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 27 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 28
CIA 2, SU 1 CIA 2, SU 1
Criteria for Evaluating Ethical
Behavior Code of Ethics
• The following questions aid in defining an ethical issue: • An organizations code of ethics is the established general
o Would my behavior be acceptable if people I respect value system the organization wishes to apply to its
were aware of it? members activities by
o What are the consequences of this behavior for myself, 1. Communicating organizational purposes and beliefs and
other employees, customers, and society? 2. Establishing uniform ethical guidelines for members.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 29 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 30
CIA 2, SU 1 CIA 2, SU 1
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 31 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 32
CIA 2, SU 1 CIA 2, SU 1
Role of the Internal Audit Role of the Internal Audit
Activity Activity
• Governance practices reflect the organizations culture and • Other internal audit activity roles include
largely depend on it for effectiveness. o Recommending resolution of ethics complaints,
• Because of their skills and position in the organization, o Determining the disposition of ethics violations,
auditors should actively support the ethical culture. o Fostering a healthy ethics climate,
• The minimum internal audit activity role is assessor of o Administering the business conduct policy, and
o The ethical climate and o Reporting on compliance.
o The effectiveness of processes to achieve legal and
ethical compliance.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 33 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 34
CIA 2, SU 1 CIA 2, SU 1
A. Fully evaluate the comprehensiveness of the code and compliance with it and report the results A. Fully evaluate the comprehensiveness of the code and compliance with it and report the
to the board. results to the board.
B. Fully evaluate organizational practices for compliance with the code and report to the board. B. Fully evaluate organizational practices for compliance with the code and report to the board.
C. Review employee activities for compliance with provisions of the code and report to the board. C. Review employee activities for compliance with provisions of the code and report to the board.
D. Perform tests on various employee transactions to detect potential violations of the code of D. Perform tests on various employee transactions to detect potential violations of the code of
conduct. conduct.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 41 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 42
CIA 2, SU 1 CIA 2, SU 1
Multiple-Choice Answer
An internal audit activity is often requested to coordinate its work with that of the external
auditors. Which of the following activities is most likely to be restricted to the external auditor?
A. Evaluating the system of controls over cash collections and similar transactions.
B. Attesting to the fairness of presentation of cash position.
C. Evaluating the adequacy of the organizations overall system of internal controls.
Other Topics
D. Reviewing the system established to ensure compliance with laws, regulations, and contracts.
Professional standards place sole responsibility for the attest function on the
external auditors. Only the external auditors have the necessary independence to
1.6
permit the provision of assurance to external parties. Unlike circumstances in
which the external auditors use the work of other independent auditors, the
responsibility cannot be shared with the internal auditors.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 43 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 44
CIA 2, SU 1 CIA 2, SU 1
Strategic Role of the Internal
Governance Audit Activity
• The IIA Glossary defines governance as the combination of processes and structures
implemented by the board to inform, direct, manage, and monitor the activities of • The internal audit activity plays an important strategic role
the organization toward the achievement of its objectives. in the governance function of an organization.
• Internal auditors evaluate and improve governance processes as part of their
assurance function. • That role includes providing leadership, assessing the
adequacy of performance measurement systems, making
• Performance Standard 2110: Governance appropriate recommendations, and assessing the
o The internal audit activity must assess and make appropriate recommendations
to improve the organizations governance process for: achievement of corporate objectives.
• Making strategic and operational decisions.
• Overseeing risk management and control.
• Promoting appropriate ethics and values within the organization.
• Ensuring effective organizational performance management and
accountability.
• Communicating risk and control information to appropriate areas of the
organization.
• Coordinating the activities of and communicating information among the
board, external and internal auditors, other assurance providers, and
management.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 45 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 46
CIA 2, SU 1 CIA 2, SU 1
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 47 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 48
CIA 2, SU 1 CIA 2, SU 1
Performance Measurement
Internal Audit Performance Systems and Corporate
Measurements Objectives
• Provided below is an example from the Practice Guide using • An important element of corporate governance is the
a balanced scorecard approach to measuring internal audit establishment of performance objectives. Internal auditors
effectiveness and efficiency: can use them as standards to measure performance.
• Internal auditors can add value to an organization by
assessing the adequacy of the performance measurement
system and the achievement of corporate objectives.
• Internal auditors may gather relevant information during
multiple engagements. The results of these engagements
provide a basis for assessing whether the current system is
adequate.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 49 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 50
CIA 2, SU 1 CIA 2, SU 1
A. Corporate control mechanisms include internal and external mechanisms. A. Corporate control mechanisms include internal and external mechanisms.
B. The compensation scheme for management is part of the corporate control mechanisms. B. The compensation scheme for management is part of the corporate control mechanisms.
C. The dilution of shareholders wealth resulting from employee stock options or employee stock C. The dilution of shareholders wealth resulting from employee stock options or employee stock
bonuses is an accounting issue rather than a corporate governance issue. bonuses is an accounting issue rather than a corporate governance issue.
D. The internal auditor of a company has more responsibility than the board for the companys D. The internal auditor of a company has more responsibility than the board for the companys
corporate governance. corporate governance.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 51 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 52
CIA 2, SU 1 CIA 2, SU 1
Change Management
• Change management is important to all organizations.
• An appropriate balance between change and stability is
necessary for an organization to thrive.
• Organizational change is conducted through change agents,
who may include managers, employees, and consultants
1.7
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 53 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 54
CIA 2, SU 1 CIA 2, SU 1
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 55 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 56
CIA 2, SU 1 CIA 2, SU 1
Resistance Models for Planned Change
• Organizational and procedural changes often are resisted by • Kurt Lewins process model consists of three stages:
the individuals and groups affected. 1. Unfreezing is the diagnosis stage. It involves choosing a
o This response may be caused by simple surprise, inertia, change strategy, preparing employees for the change,
or fear of failure. and offsetting resistance.
• Resistance may arise from 2. Change is the intervention in (altering of) the status quo.
o Misunderstandings or lack of needed skills
3. Refreezing makes the change relatively permanent so
o Bad timing
that old habits will not reassert themselves. It is the
o Dissolution of tightly knit work groups follow up stage.
• Methods of coping with employee resistance include
o Prevention through education and communication
o Participation in designing and implementing a change
o Facilitation and support through training and counseling
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 57 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 58
CIA 2, SU 1 CIA 2, SU 1
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 59 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 60
CIA 2, SU 1 CIA 2, SU 1
Multiple-Choice Question Multiple-Choice Answer
An organization has embarked on a program of process innovation and core process redesign. To An organization has embarked on a program of process innovation and core process redesign. To
counter resistance, it has adopted an organizational development (OD) approach that includes counter resistance, it has adopted an organizational development (OD) approach that includes
A. Inducing employees to share organizational purposes and values. A. Inducing employees to share organizational purposes and values.
B. Incremental change of subsystems. B. Incremental change of subsystems.
C. Focusing each divisions attention on its own objectives. C. Focusing each divisions attention on its own objectives.
D. Manipulating information and events. D. Manipulating information and events.
The objectives of OD are to (1) deepen the sense of organizational purpose and
values and align individuals with them; (2) promote interpersonal trust,
communication, cooperation, and support; (3) encourage a problem solving
approach; (4) develop a satisfying work experience; (5) supplement formal
authority with authority based on expertise; (6) increase personal responsibility;
and (7) encourage willingness to change.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 61 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 62
CIA 2, SU 1 CIA 2, SU 1
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 63 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 64
CIA 2, SU 1 CIA 2, SU 1
Core Internal Audit Activity Legitimate Internal Audit Activity
Roles in ERM Roles Given Safeguards
• Giving assurance on the risk management process. • Facilitating identification and evaluation of risks.
• Giving assurance that risks are correctly evaluated. • Coaching management in responding to risks.
• Evaluating risk management processes. • Coordinating ERM activities.
• Evaluating the reporting of key risks. • Consolidating the reporting on risks.
• Reviewing the management of key risks. • Maintaining and developing the ERM framework.
• Championing establishment of ERM.
• Developing an ERM strategy for board approval.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 65 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 66
CIA 2, SU 1 CIA 2, SU 1
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 67 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 68
CIA 2, SU 1 CIA 2, SU 1
Responsibility for Organizational
Role in Risk Management Risk Management
• Implementation Standard 2120.A1 • Risk management is a key responsibility of senior
o The internal audit activity must evaluate risk exposures
relating to the organizations governance, operations, and management and the board.
information systems regarding the: o Boards have an oversight function. They determine that
• Achievement of the organizations strategic objectives. risk management processes (RMPs) are in place,
• Reliability and integrity of financial and operational adequate, and effective.
information.
• Effectiveness and efficiency of operations and programs. o Management ensures that sound RMPs are in place and
• Safeguarding of assets. functioning.
• Compliance with laws, regulations, policies, procedures, o The internal audit activity may be directed to examine,
and contracts.
evaluate, report, or recommend improvements.
• Implementation Standard 2120.A2
o The internal audit activity must evaluate the potential for the
occurrence of fraud and how the organization manages fraud
risk.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 69 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 70
CIA 2, SU 1 CIA 2, SU 1
Risk management is a key responsibility of senior management and the board. To achieve its business objectives, management
ensures that sound risk management processes are in place and functioning. Boards have an oversight role to determine that
appropriate risk management processes are in place and that these processes are adequate and effective. The internal audit
activity should have a process for planning, auditing, and reviewing risk management issues. It also evaluates risk management
during assurance and advisory reviews of an area or process. After communications with the board and senior management,
the CAE considers their risk appetite, risk tolerance, and risk culture. Moreover, (1) management should be alerted to new risks
or those not sufficiently mitigated, (2) recommendations and action plans for risk exposure should be provided, and (3)
sufficient information should be obtained to evaluate risk management effectiveness (IG 2120).
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 71 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 72
CIA 2, SU 1 CIA 2, SU 1
Attribute Standards 1300 and
1310
• Attribute Standard 1300: Quality Assurance and
Improvement Program
Quality Assurance and o The chief audit executive must develop and maintain a
quality assurance and improvement program that covers
Improvement Program all aspects of the internal audit activity.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 73 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 74
CIA 2, SU 1 CIA 2, SU 1
• IG 1300, Quality Assurance and Improvement Program, addresses activity conducts internal and external assessments.
the CAEs responsibilities for the QAIP: o The elements of internal assessments are ongoing
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 79 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 80
CIA 2, SU 1 CIA 2, SU 1
Attribute Standards 1320,
External Assessments 1321, and 1322
• External assessments provide an independent and objective • Attribute Standard 1320: Reporting on the Quality Assurance and Improvement Program
o The chief audit executive must communicate the results of the quality assurance and
evaluation of the internal audit activitys compliance with improvement program to senior management and the board. Disclosure should
include:
the Standards and Code of Ethics. • The scope and frequency of both the internal and external assessments.
• An external assessment may be a full assessment by a • The qualifications and independence of the assessor(s) or assessment team,
including potential conflicts of interest.
qualified, independent external assessor or assessment • Conclusions of assessors.
team. • Corrective action plans.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 81 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 82
CIA 2, SU 1 CIA 2, SU 1
Importance of Reporting
Reporting Results Noncomformance
• Senior management and the board must be kept informed • The internal audit activity is a crucial part of a complex
about the extent to which the internal audit activity organizations governance processes. Senior management
achieves the degree of professionalism required by The IIA. and the board must be informed when an assessment
• This excerpt from the Interpretation of Standard 1320 discovers significant nonconformance.
addresses the frequency of reporting on the QAIP:
To demonstrate conformance with the Code of Ethics and
the Standards, the results of external and periodic internal
assessments are communicated upon completion of such
assessments and the results of ongoing monitoring are
communicated at least annually.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 83 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 84
CIA 2, SU 1 CIA 2, SU 1
Multiple-Choice Question Multiple-Choice Answer
When is initial use of the conformance phrase by internal auditors appropriate? When is initial use of the conformance phrase by internal auditors appropriate?
A. After an internal review completed within the past 5 years. A. After an internal review completed within the past 5 years.
B. After an external review completed within the past 10 years. B. After an external review completed within the past 10 years.
C. After an internal review completed within the past 10 years. C. After an internal review completed within the past 10 years.
D. After an external review completed within the past 5 years. D. After an external review completed within the past 5 years.
The chief audit executive may state that the internal audit activity conforms with the International Standards for the
Professional Practice of Internal Auditing only if the results of the quality assurance and improvement program support this
statement (Attr. Std. 1321). The internal audit activity conforms with mandatory guidance when it achieves the outcomes
described in the Code of Ethics and the Standards. The results of the quality assurance and improvement program include the
results of both internal and external assessments. All internal audit activities will have the results of internal and external
assessments. All internal audit activities will have the results of internal assessments. Internal audit activities in existence for at
least 5 years will also have the results of external assessments (Inter. Std. 1321). Thus, to use the phrase, the chief audit
executive of an internal audit activity in existence for at least 5 years must have the results of an external assessment within
that period.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 85 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 86
CIA 2, SU 1 CIA 2, SU 1