Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
88 Cards in this Set
- Front
- Back
In order to perform its role in assuring governance, risk, management, and operational effectiveness and efficiency, the IA activity must assure what about itself?(2)!
|
its own efficiency and effectiveness
|
|
What must the CAE periodically do with the information on IA activity's?! |
report it to senior management and the board
|
|
2060 – Reporting to Senior Management and the Board: On which IA charter's items must the CAE periodically report to senior management and the board?(3) |
"- purpose
- authority - responsibility |
|
"
2060 – Reporting to Senior Management and the Board: On which IA's performance must the CAE periodically report to senior management and the board? |
IA's performance relative to its plan
|
|
PA 2060-1 Reporting to Senior Management and the Board: What kind of risk exposures and issues must the reporting to senior management and the board include? |
significant risk exposure and control issues
|
|
PA 2060-1 Reporting to Senior Management and the Board: Which conditions do significant risk exposures and control issues represent? |
conditions that, according to CAE's judgement, could adversely affect the organization and the achievement of its objectives
|
|
2060 – Reporting to Senior Management and the Board: The frequency and content of reporting to senior management and the board does depend nn the importance of what? |
importance of information to be communicated
|
|
2060 – Reporting to Senior Management and the Board: When must incidences of fraud be reported to senior management and the board?(2) |
"when incidences of fraud are
- significant - established with reasonable certainty |
|
"
2060 – Reporting to Senior Management and the Board: On the urgency of which actions does the frequency and content of reporting to senior management and the board depend? |
urgency of the related actions to be taken by senior management or the board
|
|
PA 2060-1 Reporting to Senior Management and the Board: The purpose of reporting is to provide assurance to senior management and the board regarding which aspects of IA? |
"- governance processes
- risk management - control |
|
"
PA 2060-1 Reporting to Senior Management and the Board: Which decision may senior management make regarding reported significant issues because of cost and other considerations? |
decision to assume the risk
|
|
PA 2060-1 Reporting to Senior Management and the Board: What must the CAE if senior management has accepted a level of risk that the organization considers unacceptable? |
discuss the matter with senior management as stated in Standard 2600
|
|
PA 2060-1 Reporting to Senior Management and the Board: What should the CAE understand about senior management's decision to accept a level of risk that the CAE believes being unacceptable to the organization? |
senior management's basis for the decision
|
|
PA 2060-1 Reporting to Senior Management and the Board: What should the CAE identify after senior management's decision to accept a level of risk that the CAE believes being unacceptable to the organization? |
the cause of any disagreement between senior management and CAE
|
|
PA 2060-1 Reporting to Senior Management and the Board: What should the CAE determine after senior management's decision to accept a level of risk that the CAE believes being unacceptable to the organization? |
determine whether management has the authority to accept the risk
|
|
PA 2060-1 Reporting to Senior Management and the Board: What should the CAE preferably do in case of a disagreement with senior management? |
dissolve the disagreement with senior management
|
|
PA 2060-1 Reporting to Senior Management and the Board: What does Standard 2600 direct the CAE and senior management to make if they cannot reach an agreement? |
CAE and management should make a joint presentation about the conflicting positions
|
|
PA 2060-1 Reporting to Senior Management and the Board: For financial reporting matters, with whom should the CAE discuss open issues on which he cannot reach an agreement with senior management? |
discuss open issues with external auditors
|
|
2070 – External Service Provider and Organizational Responsibility for Internal Auditing: When an ESP serves as the internal audit activity, what must the ESP make the organization aware of? |
that the organization has the responsibility for maintaining an effective IA activity
|
|
2070 – External Service Provider and Organizational Responsibility for Internal Auditing: Through which program is the organization's responsibility for maintaing an effective IA activity demonstrated? |
quality assurance and improvement program
|
|
PA 1300 – Quality Assurance and Improvement Program: The primary objective of a QAIP is to promote what? |
promote continuous improvement
|
|
1300 – Quality Assurance and Improvement Program: What must the CAE do with the QAIP?(2) |
develop and maintain
|
|
PA 1300 – Quality Assurance and Improvement Program: Which spectrum of the IA activity prescribed in the IA charter must the QAIP cover? |
entire spectrum of assurance and consulting work to be performed according to IA's charter
|
|
1300 – Quality Assurance and Improvement Program: The QAIP is designed for the evaluation of the IA activity's comformance with what?(2) |
"- definition of IA
- standards |
|
"
1300 – Quality Assurance and Improvement Program: The QAIP is designed for the evaluation of the individual IAs' comformance with what? |
- code of ethics
|
|
It is not an ordinary objective of a quality assurance review to review compliance with what? |
laws and regulations
|
|
1300 – Quality Assurance and Improvement Program: What aspects of the IA activity does the QAIP assess? |
IA activity's efficiency and effectiveness
|
|
1300 – Quality Assurance and Improvement Program: Which opportunities for the IA activity does the QAIP identify? |
opportunities for improvement
|
|
To whom do those conducting quality program assessments ordinarily report? |
CAE
|
|
The IA activity not comply with the Standards when what does not function? |
if the QAIP does not function
|
|
PA 1300 – Quality Assurance and Improvement Program: Which types of assessment does the QAIP include?(2) |
internal and external assessments
|
|
PA 1300 – Quality Assurance and Improvement Program: What do internal assessments include? |
"- ongoing monitoring
- periodic reviews |
|
"
Whose needs do the internal assessments serve? |
those of the CAE
|
|
1311 Internal Assessments: Of which day-to-day activities is the ongoing monitoring an integral part?(3) |
"day-to-day
- supervision - review - measurement |
|
"
1311 Internal Assessments: Into which routine organizational aspects is the ongoing monitoring incorporated to manage the IA activity?(2) |
routine policies and practices
|
|
1311 Internal Assessments: Of what kind of form may periodic reviews within internal assessments be?(2) |
"self-assessments
- assessments by other persons WITHIN the organization |
|
"
PA 1311 Internal Assessments: Which levels of Internal Audit should ongoing monitoring and periodic self-assessments cover?(2) |
"- internal audit activity-level
- individual audit engagement-level |
|
"
PA 1311 Internal Assessments: Which part of the mandatory IPPF guidance should ongoing monitoring and periodic self-assessments cover?(2) |
attribute and performance standards
|
|
PA 1311 Internal Assessments: What kind of quality does ongoing monitoring determine with regard to IA activity processes? |
whether process are delivering quality on an engagement-by-engagement basis
|
|
PA 1311 Internal Assessments: Through which practices is ongoing monitoring primarily achieved? |
"standard working practices
|
|
"
PA 1311 Internal Assessments: Through which engagement elements is ongoing monitoring primarily achieved?(3) |
"- engagement planning
- engagement supervision - engagement report review |
|
"
PA 1311 Internal Assessments: Through which checklists or automation tools is ongoing monitoring primarily achieved? |
checklists and automation tools that provide assurance on compliance with established practices and procedures
|
|
PA 1311 Internal Assessments: Through which procedures and its signoff by engagement supervisors is ongoing monitoring primarily achieved? |
working paper procedures
|
|
PA 1311 Internal Assessments: Through the review of which documents is ongoing monitoring primarily achieved?(2) |
review of reports and supporting documentation
|
|
PA 1311 Internal Assessments: Through the feedback from whom is ongoing monitoring primarily achieved?(2) |
feedback from IA clients and other stakeholders
|
|
PA 1311 Internal Assessments: Through using which measures appropriate and relevant to the IA activity is ongoing monitoring primarily achieved?(2) |
performance measures
|
|
PA 1311 Internal Assessments: Through the assessment of which plan prior to fieldwork is ongoing monitoring primarily achieved? |
assessment of audit engagement plan
|
|
PA 1311 Internal Assessments: What is the most fundamental element of any quality assurance process? |
supervision
|
|
PA 1311 Internal Assessments: Periodic self-assessments focus on evaluating whether the IA activity conforms with what?(2) |
"- IPPF mandatory guidance
- IA activities' charter, policies & procedures etc |
|
"
PA 1311 Internal Assessments: In which part of the QAIP is the effectiveness and efficiancy of the IA activity assessed? |
periodic self-assessment
|
|
PA 1311 Internal Assessments: Through the regular review and approval of what may a periodic self-assessment be conducted? |
review and approval of IA charter and other documents
|
|
PA 1311 Internal Assessments: Through the review of which plan may be self-assessment be conducted? |
review of the annual audit plan
|
|
PA 1311 Internal Assessments: To what should the annual audit plan be related? |
risks
|
|
PA 1311 Internal Assessments: Through the review of what on a sample basis by staff not directly involved in the engagement may the self-assessment be conducted? |
review of workpapers
|
|
PA 1311 Internal Assessments: Through the review of which metrics may the self-assessment be conducted? |
IA performance metrics
|
|
According to Wiley: Which feature of the ongoing internal assessment is unique? |
cost recoveries
|
|
To whom and how often should the CAE report the results of the periodic self-assessment? |
upon completion of the self-assessment to senior management and the board
|
|
1312 – External Assessments: How often and by whom must external assessments be conducted? |
at least once in 5 years by external assessors
|
|
1312 External Assessments: With whom must the CAE discuss the frequency of external assessments and the qualification and independence of the external assessors? |
board
|
|
PA 1300 – Quality Assurance and Improvement Program: Which forms may external assessments take? |
"full external assessment
- internal self-assessment with independent (external) validation |
|
"
According to WIley: To whom does the CAE delegate his responsibility for the administration of the QAIP in large and complex audit environments? |
internal audit executive
|
|
According to Wiley: From which IA functions is the QAIP function independent?(2) |
"- audit function
- consulting function |
|
"
PA 1312 – External Assessments: To whom must the external assessment team communicate the results of the external assessment? |
CAE
|
|
PA 1312 – External Assessments: To what should an external assessment not be limited? |
assessment of QAIP only
|
|
PA 1312 – External Assessments: What can the external assessor use the degree of the QAIP implementation for? |
for establishing the scope of the external assessment
|
|
According to Wiley: Which feature of the external assessment in unique? |
agreement with the ESP on the expected deliverables
|
|
What do external assessments provide to the senior management and the board? |
"- independent evaluation of the IA activity's compliance with the mandatory IPPF guidance and the IA charter
- recommendations for improvement |
|
"
Which areas does an external assessment cover? |
entire spectrum of assurance and consulting work to be performed according to IA's charter
|
|
1320 Reporting on the Quality Assurance and Improvement Program: How is the form, content, and frequency of communicating the QAIP results established? |
through discussions with senior management and the board
|
|
1320 Reporting on the Quality Assurance and Improvement Program: When must the CAE report the results of the periodic internal and external assessments to senior management and the board? |
upon their completion
|
|
1320 Reporting on the Quality Assurance and Improvement Program: How often should the CAE report the results of the QAIP to the board the and senior management? |
at least annually
|
|
1320 Reporting on the Quality Assurance and Improvement Program: The degree of what should the communication of the QAIP results include? |
the degree of the IA activity's conformance with the mandatory guidance of IPPF
|
|
1321 – Use of “Conforms with the International Standards for the Professional Practice of Internal Auditing”: When may IA activity's conformance with the mandatory guidance of IPPF only be declared? |
after completion of an external assessment
|
|
By examining which written program can the quality of the individual engagement planning and documention be reviewed within the scope of the QAIP? |
the written engagement program
|
|
Of how many steps does the process in establishing an effective performance measurement process according to the Practice Guide "Measuring IA Effectiveness and Efficiency" consist? |
4 steps
|
|
The first step in establishing an effective IA performance measurement process is the definition of which IA's aspect?! |
definition of IA's effectiveness
|
|
Besides the definition of IA, the code of ethics, and the Standards, on the internal consensus of what shall the definition of IA's effectiveness be based?! |
internal consensus what constitutes an efficient and effective IA activity
|
|
The second step in establishing an effective IA performance measurement process is the identification of whose needs and expectations?(2) |
internal and external stakeholders
|
|
The third step in establishing an effective IA performance measurement process is the development of what? |
Key performance indicators (KPI)
|
|
KPIs shall measure which accomplishments or behaviors? |
that are valued by the organization
|
|
KPIs are valuable to the IA activity because they allow the CAE to detect which shortcomings and plan which actions |
to detect shortcomings in the IA activity and plan remedial action
|
|
When IAs are evaluating KPIs, they need to answer which two questions? |
"Are these the right measures?(e.g. Do they cover all the objectives? etc)
Are they operating effectively?(e.g. Are the numbers accurate? Etc) |
|
"
May KPIs be quantative or qualitative? |
quantitative and qualitative
|
|
How are KPIs called when they are measuring risks? |
Key risk indicators (KRI)
|
|
What kind of scorecard may be used to develop specific KPIs? |
balanced scorecard
|
|
The fourth step in establishing an effective IA performance measurement process is the monitoring and reporting of which performance? |
performance against KPIs
|
|
What should occasionally be conducted with stakeholders to ensure the quality of the ongoing monitoring? |
in-depth interviews
|
|
The CAE should consider periodically benchmarking the IA activity's KPIs against what? |
KPIs of similar peer organization
|