Professional Documents
Culture Documents
1 Assurance Engagements
2.2 Risk and Control Self Assessment
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 1 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 2
CIA 2, SU 2 CIA 2, SU 2
Financial, Compliance,
Operational, and IT Auditing
• According to the Introduction to the Standards, Assurance
services involve the internal auditors objective assessment of
evidence to provide opinions or conclusions regarding an entity,
operation, function, process, system, or other subject matter.
• The following overview of assurance services is based on various
publications of The IIA:
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 3 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 4
CIA 2, SU 2 CIA 2, SU 2
Financial, Compliance, Three Objectives of Internal
Operational, and IT Auditing Control
• Operational assurance is the review of a function or process • Internal control is a process effected by an entitys board,
to appraise the efficiency and economy of operations and management, and other personnel that is designed to
the effectiveness with which those functions achieve their provide reasonable assurance regarding the achievement of
objectives. the following objectives:
1. Operations objectives relate to the effectiveness and
• IT assurance is the review and testing of IT (for example, efficiency of operations, e.g., achievement of
computers, technology infrastructure, IT governance, operational and financial performance goals, and the
mobile devices, and cloud computing) to assure the integrity safeguarding of assets against loss.
of information. 2. Reporting objectives relate to internal and external
o Traditionally, IT auditing has been done in separate financial and nonfinancial reporting and may include the
projects by IT audit specialists, but increasingly it is reliability, timeliness, and transparency of such
reporting.
being integrated into all audits.
3. Compliance objectives relate to adherence to applicable
laws and regulations.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 5 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 6
CIA 2, SU 2 CIA 2, SU 2
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 7 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 8
CIA 2, SU 2 CIA 2, SU 2
Risk Example
• Risk is determined by judging the inherent risk of the
activity, the risk that internal controls may not prevent or
detect noncompliance, and the potential consequences of
noncompliance.
• The level of assurance is determined by considering the
quality, extent, and costs of internal controls.
Notes:
• As customer privacy concerns have become more important, the entity has determined that its
assurance activities related to customer privacy need to be increased.
• Compliance with employment law has not previously been an issue. However, due to recent
changes in the law, the entity is considering increasing assurance activities.
• Due to the balance between risk and assurance activities, the entity does not know whether it
should increase or decrease assurance activities.
• The level of assurance activities for fraudulent financial reporting is high. The entity therefore is
considering using some resources for those assurance activities elsewhere.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 9 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 10
CIA 2, SU 2 CIA 2, SU 2
A. One. A. One.
B. Two. B. Two.
C. Three. C. Three.
D. The entire organization. D. The entire organization.
Three parties are involved in an assurance engagement. They are the process
owner (the party directly involved with the process or system), the internal auditor
(the assessor), and the user of the assessment. For an assurance service, the
internal audit activity determines the nature and scope of the engagement and
objectively assesses the evidence gathered. The evidence and its evaluation form
the basis for expressing an opinion or stating a conclusion about the subject
matter of the engagement.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 11 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 12
CIA 2, SU 2 CIA 2, SU 2
Risk and Control Self-
Assessment (CSA)
• Control self assessment (CSA) increases awareness of risk
and control throughout the organization.
• CSAs basic philosophy is that control is the responsibility of
everyone in the organization.
Risk and Control Self- • CIA candidates should understand
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 13 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 14
CIA 2, SU 2 CIA 2, SU 2
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 15 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 16
CIA 2, SU 2 CIA 2, SU 2
How Internal Auditors Use
CSA Key Features
• Internal auditings investment in CSA programs may be significant. • CSA includes self assessment surveys and facilitated workshops.
• It may • An organization that uses self assessment will have a formal,
o Sponsor, design, implement, and own the process;
documented process that allows management and work teams
o Conduct the training;
who are directly involved in a business unit, function, or process
o Supply the facilitators, scribes, and reporters; and
to participate in a structured manner for the purpose of
o Coordinate the participation of management and work
teams. o Identifying risks and exposures,
• Through a CSA program, the internal audit activity and the o Assessing the control processes that mitigate or manage
business units and functions collaborate to produce better those risks,
information about how well the control processes are working
and how significant the residual risks are. o Developing action plans to reduce risks to acceptable levels,
• The internal audit activity often finds that it may reduce the effort and
spent in gathering information about control procedures and o Determining the likelihood of achieving the business
eliminate some testing. objectives.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 17 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 18
CIA 2, SU 2 CIA 2, SU 2
Outcomes Approaches
• People in the business units become trained and • The three primary approaches of CSA programs are
experienced in assessing risks and associating control o Facilitation,
processes with managing those risks and improving the o Survey (questionnaire), and
chances of achieving business objectives.
o Self certification.
• Internal auditors become involved in and knowledgeable
about the self assessment process by serving as facilitators, • The variety of approaches used for CSA processes in
scribes, and reporters for the work teams and as trainers in organizations reflects the differences in industry, geography,
risk and control concepts supporting the CSA program. structure, organizational culture, degree of employee
empowerment, dominant management style, and the
• Managements responsibility for the risk management and manner of formulating strategies and policies.
control processes of the organization is reinforced, and
managers will be less tempted to abdicate those activities to
specialists, such as auditors.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 19 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 20
CIA 2, SU 2 CIA 2, SU 2
Facilitation Approach Facilitation Approach
• Objective Based Format • Control Based Format
o Focuses on the best way to accomplish a business o Focuses on how well the controls in place are working.
objective.
o During the workshop, the work team assesses how well
o The workshop begins by identifying the controls
the controls mitigate risks and promote the achievement
presently in place to support the objective and then
determines the residual risks remaining. of objectives.
• Risk Based Format • Process Based Format
o Focuses on listing the risks to achieving an objective. o Focuses on selected activities that are elements of a
o The workshop begins by listing all possible barriers, chain of processes.
obstacles, threats, and exposures that might prevent o This type of workshop usually covers the identification
achieving an objective and then examines the control of the objectives of the whole process and the various
procedures to determine whether they are sufficient to intermediate steps.
manage the key risks.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 21 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 22
CIA 2, SU 2 CIA 2, SU 2
A risk based format focuses on listing the risks to achieving an objective. The
workshop begins by listing all possible barriers, obstacles, threats, and exposures
that might prevent achieving an objective and, then, examining the control
procedures to determine if they are sufficient to manage the key risks. The aim of
the workshop is to determine significant residual risks. This format takes the work
team through the entire objective risks controls formula.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 25 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 26
CIA 2, SU 2 CIA 2, SU 2
External Business
Relationships (EBRs)
• Organizations have multiple external (extended) business
relationships.
• EBRs may involve service providers, supply side partners,
demand side partners, strategic alliances and joint ventures,
Audits of Third Parties and intellectual property partners.
and Contract Auditing • EBR partners may offer lower costs, better operational
efficiency, special expertise, new technology, a known
brand, or economies of scale.
2.3 • The internal audit activity helps management and the board
identify, assess, and manage risks, including reputation risks
as well as economic risks.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 27 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 28
CIA 2, SU 2 CIA 2, SU 2
Auditing EBRs Cycle for an EBR Audit
• Before auditing an EBR, the internal auditors first must 1. Understanding the organization, its environment, its
determine whether the EBR partner has agreed to the audit. processes, and the nature of each EBR.
• Internal auditors need to understand all elements of an EBR: 2. Assessing risks and controls.
o Initiating the EBR
3. Performing the audit.
o Contracting for and defining the EBR
o Procurement 4. Reporting.
o Managing and monitoring the EBR 5. Monitoring progress.
o Discontinuing the EBR
• The internal auditors need to understand the expectations
of the parties and the processes for managing and
monitoring the EBR.
• The CAE decides whether to audit (1) each EBR separately,
(2) certain EBRs, or (3) the total EBR process.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 29 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 30
CIA 2, SU 2 CIA 2, SU 2
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 31 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 32
CIA 2, SU 2 CIA 2, SU 2
Multiple-Choice Question Multiple-Choice Answer
An internal auditor is conducting an audit of a contract to build a new branch office. The auditor An internal auditor is conducting an audit of a contract to build a new branch office. The auditor
should consider whether the should consider whether the
1. Materials used in construction meet specified contractual standards. 1. Materials used in construction meet specified contractual standards.
2. Contractor has established a fraud hotline. 2. Contractor has established a fraud hotline.
3. Construction is on schedule. 3. Construction is on schedule.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 33 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 34
CIA 2, SU 2 CIA 2, SU 2
Quality Auditing
• The internal audit activitys role is to provide assurance that
the approved quality structures are in place and quality
processes are functioning as intended.
Quality Auditing
2.4
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 35 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 36
CIA 2, SU 2 CIA 2, SU 2
Traditional vs. Modern Views Total Quality Management
of Quality (TQM)
• The traditional view of quality emphasized the detection of • TQM can increase revenues and decrease costs significantly.
products that do not meet standards. • Quality is best viewed from multiple perspectives: attributes
• The modern view is that quality is a value added activity of the product, customer satisfaction, conformity with
performed throughout all processes, from product design to manufacturing specifications, and value.
raw materials acquisition and final inspection. • TQM is a comprehensive approach.
• TQM emphasizes the suppliers relationship with the
customer and identifies customer needs.
• Given the organization wide scope of TQM and of the
internal audit activity, the role of the internal auditors is to
evaluate the entire quality function.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 37 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 38
CIA 2, SU 2 CIA 2, SU 2
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 39 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 40
CIA 2, SU 2 CIA 2, SU 2
Information Security Auditing
• Information security auditing is an expansion of the
assurance services performed by auditors.
• The creation of organization wide computer networks with
the potential for access by numerous outside parties has
Security and Privacy greatly increased risk. Thus, risk management and control
processes may be inadequate.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 41 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 42
CIA 2, SU 2 CIA 2, SU 2
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 43 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 44
CIA 2, SU 2 CIA 2, SU 2
Evaluation of a Privacy
Privacy Auditing Framework
• The amount of personal information stored on computers • Protection of personal information prevents such negative
organizational consequences as legal liability and loss of
has greatly increased. reputation.
• The security risks involved have increased because of the • The following are various definitions of privacy:
interconnections among computers permitted by the o Personal privacy (physical and physiological)
Internet. o Privacy of space (freedom from surveillance)
o Privacy of communication (freedom from monitoring)
• Privacy engagements address the security of personal o Privacy of information (collection, use, and disclosure of
information, especially information stored in computer personal information by others)
systems. An example is healthcare information in the files of • Personal information is any information that can be associated
insurers and providers. with a specific individual or that might be combined with other
information to do so.
• The board is ultimately accountable for identifying principal risks,
implementing controls, and managing privacy risk, e.g., by
establishing and monitoring a privacy framework.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 45 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 46
CIA 2, SU 2 CIA 2, SU 2
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 49 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 50
CIA 2, SU 2 CIA 2, SU 2
Multiple-Choice Answer
Which of the following is part of the boards role in protecting against privacy threats?
The board is ultimately accountable for ensuring that the principal risks of the
organization have been identified, and the appropriate control processes have
2.7
been implemented to mitigate those risks. This includes establishing the necessary
privacy framework for the organization and monitoring its implementation.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 51 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 52
CIA 2, SU 2 CIA 2, SU 2
Performance Auditing SWOT Analysis
• A performance audit may provide assurance about the • An organization identifies its critical success factors by
organizations key performance indicators. means of an analysis that addresses internal factors
• Internal auditors assess an organizations ability to measure (strengths and weaknesses) and external factors
its performance, recognize deficiencies, and take corrective (opportunities and threats). This process is SWOT analysis.
actions. • Strengths and weaknesses are internal resources or a lack
• A balanced scorecard is useful for performance of resources.
measurement. • Opportunities and threats arise from factors external to the
• It is a report that connects critical success factors organization, such as government regulations, advances in
determined in a strategic analysis with financial and technology, and demographics changes.
nonfinancial measures of the elements of performance.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 53 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 54
CIA 2, SU 2 CIA 2, SU 2
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 55 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 56
CIA 2, SU 2 CIA 2, SU 2
Operational Audit Program Evaluation and
Engagements Review Technique (PERT)
• An operational audit assesses the efficiency and • PERT was developed to control large scale, complex
effectiveness of an organizations operations. projects. PERT diagrams are free form networks showing
o Process (functional) engagements are operational audit each activity as a line between events.
engagements that follow process crossing organizational • A PERT network consists of two components:
lines, service units, and geographical locations. o Events moments in time representing the start or
o Program results engagements are intended to obtain finish of an activity; depicted as circles
information about the costs, outputs, benefits, and o Activities tasks to be accomplished; depicted as lines
effects of a program. They attempt to measure the
accomplishment and relative success of the undertaking.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 57 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 58
CIA 2, SU 2 CIA 2, SU 2
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 59 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 60
CIA 2, SU 2 CIA 2, SU 2
Critical Path Method (CPM) vs.
Expected Duration PERT
• A major advantage of PERT is that activity times can be • CPM uses a network approach like PERT, but it has two
expressed probabilistically. distinct differences:
o Three estimates are made: optimistic, most likely, and o PERT uses probabilistic time estimates, but CPM is a
pessimistic. deterministic method.
o The usual weighting of the estimates is 1:4:1. o PERT considers only the time required to complete a
project. CPM incorporates cost amounts.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 61 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 62
CIA 2, SU 2 CIA 2, SU 2
• A crash estimate assumes all available resources are to represent in graphic form problems related to
applied. transportation, assignment, and transshipment.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 63 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 64
CIA 2, SU 2 CIA 2, SU 2
Multiple-Choice Question Multiple-Choice Answer
Managerial performance may be measured in many ways. For example, an internal nonfinancial Managerial performance may be measured in many ways. For example, an internal nonfinancial
measure is measure is
Feedback regarding managerial performance may take the form of financial and
nonfinancial measures that may be internally or externally generated. Moreover,
different measures have a long term or short term emphasis. Examples of internal
nonfinancial measures are product quality, new product development time, and
manufacturing lead time (cycle time).
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 65 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 66
CIA 2, SU 2 CIA 2, SU 2
Compliance
• Compliance is defined as adherence to policies, plans,
procedures, laws, regulations, contracts, or other
requirements.
• Internal auditors assess compliance in specific areas as part
of their role in organizational governance.
o They also follow up and report on managements
Compliance Auditing response to regulatory body reviews.
• Caution: Internal auditors are encouraged to consult legal
2.8 counsel in all matters involving legal issues. Requirements
may vary significantly in different jurisdictions.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 67 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 68
CIA 2, SU 2 CIA 2, SU 2
Compliance Programs
• The internal audit activitys responsibilities with regard to • Compliance programs assist organizations in preventing
compliance are addressed in two Implementation unintended employee violations, detecting illegal acts, and
Standards. discouraging intentional employee violations.
• The internal audit activity must evaluate risk exposures • They also help
relating to governance, operations, and information systems o Prove insurance claims
with regard to o Determine director and officer liability
o Compliance (Implementation Standard 2120.A1) and
o Create or enhance corporate identity
o The adequacy and effectiveness of controls responding
o Decide the appropriateness of punitive damages
to these risks (Implementation Standard 2130.A1).
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 69 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 70
CIA 2, SU 2 CIA 2, SU 2
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 71 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 72
CIA 2, SU 2 CIA 2, SU 2
Applicant Screening and
Communication Monitoring and Reporting
• Applicant Screening • Monitoring and auditing systems for detecting illegal or
o Due care should be used to avoid delegating authority to unethical behavior and employee hotlines should be used.
those with a tendency to engage in illegal activities. The best approach is to coordinate multiple monitoring and
auditing systems.
• Communication
o Standards and procedures, including readily available
• Attorney client and attorney work product privileges
ethics related documents, should be communicated protect certain information disclosed to (or produced by) an
effectively, preferably in an interactive format and on attorney from being used by an adverse party in a legal
multiple occasions. proceeding. An attorney monitoring the hotline is best able
to protect the privileges.
• An on site official may be assigned to receive and
investigate complaints.
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 73 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 74
CIA 2, SU 2 CIA 2, SU 2
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 75 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 76
CIA 2, SU 2 CIA 2, SU 2
Multiple-Choice Question Multiple-Choice Answer
Which of the following is an effective tool for uncovering unethical or illegal activity in an Which of the following is an effective tool for uncovering unethical or illegal activity in an
organization? organization?
Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 77 Copyright © 2017 Gleim Publications, Inc. All rights reserved. Duplication prohibited. Reward for information exposing violators. Contact copyright@gleim.com. 78
CIA 2, SU 2 CIA 2, SU 2