Upgrade to remove ads
Only $35.99/year

Internal Audit Chapter 9

Terms in this set (14)

What are the Key Elements in Planning?
- Proper goals and objectives

- Work schedules

- Staffing and budgets

- Activity reports

- Communication of plan to board & management

- Details in planning
Communication and Approval:
After the internal audit plan has been established, it is incumbent upon the CAE to present it to senior management and the board (typically the audit committee) to be approved. Resource requirements, significant interim changes, and the potential implications of resource limitations should all be included in the communication to senior management and the board (IIA Standard 2020: Communication and Approval).
Resource Management:
A significant consideration in implementing an internal audit function's plan is how to allocate resources.
Policies and Procedures:
The standard regarding the implementation of policies and procedures simply states, "the chief audit executive must establish policies and procedures to guide the internal audit activity" (IIA Standard 2040: Policies and Procedures).
Coordinating Assurance Efforts:
According to IIA Standard 2050: Coordination and Reliance, "The chief audit executive should share information and coordinate activities, and consider relying on the work of other internal and external assurance and consulting service providers to ensure proper coverage and minimize duplication of efforts."
Reporting to the Board and Senior Management:
The CAE has the responsibility to "report periodically to senior management and the board on the internal audit activity's purpose, authority, responsibility, and performance relative to its plan, and on its conformance with the Standards. Reporting must also include significant risk and control issues, including fraud risks, governance issues, and other matters that require the attention of senior management and/or the board" (IIA Standard 2060: Reporting to Senior Management and the Board).
Governance:
Is defined as "a process conducted by the board of directors to authorize, direct, and oversee management toward the achievement of the organization's objectives."
Risk Management:
Is a participatory process designed to identify, document, evaluate, communicate, and monitor the most significant uncertainties facing an organization requiring risk mitigation or exploitation of opportunities to successfully achieve business objectives. In other words, risk management is a process conducted by management to understand and deal with uncertainties (that is, risk and opportunities) that could affect the organization's ability to achieve its business objectives.
What are the five Risk Responses?
- Avoiding

- Reducing

- Sharing

- Accepting risks

- Exploiting opportunities
Internal Audit Role in ERM:
According to IIA Standard 2120: Risk Management, "The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes."
Control:
IIA Standard 2130: Control states, "The internal audit function must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement."
Quality Assurance:
Is the process of assuring that an internal audit function adheres to a set of standards defining the specific elements that must be present to ensure that the function operates appropriately.
Performance Measures:
- Provide the criteria against which the internal audit function judges its performance in key areas.

- Provide a gauge for how well the internal audit function is accomplishing its mission/goals.
What are the six steps in Managing an Internal Audit Function?
- Plan Development

- Plan Execution

- Risk Assessment

- Resources

- Reporting

- Monitoring
Sets with similar terms