Answer (D) is correct. According to the definition of internal auditing, “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” Thus, it helps the organization to maintain effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement (Standard 2120).
Answer (D) is correct. According to the definition of internal auditing, “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Answer (D) is correct. According to the Glossary published by The IIA as part of the Standards, an assurance service is “an objective examination of evidence for the purpose of providing an independent assessment on risk management, control, or governance processes for the organization. Examples may include financial, performance, compliance, system security, and due diligence engagements.”
Answer (C) is correct. The independence of the internal audit activity is enhanced when the board concurs in the appointment or removal of the CAE (PA 1110-1), but the length of the CAE’s employment is less significant than defining the purpose, authority, and responsibility of the internal audit activity (Standard 1000)
Answer (B) is correct. “Effectiveness of risk management, control, and governance processes is present if management directs processes in such a manner as to provide reasonable assurance that the organization’s objectives and goals will be achieved. In addition to accomplishing the objectives and planned activities, management directs by authorizing activities and transactions, monitoring resulting performance, and verifying that the organization’s processes are operating as designed” (PA 2100-1).
Answer (D) is correct. The internal audit activity evaluates and contributes to the improvement of risk management, control, and governance processes using a systematic and disciplined approach (Standard 2100). According to PA 2100-1, internal auditors evaluate the whole management process of planning, organizing, and directing to determine whether reasonable assurance exists that objectives and goals will be achieved. These evaluations, in the aggregate, provide information to appraise the overall management process. All business systems, processes, operations, functions, and activities within the organization are subject to the internal auditors’ evaluations. The comprehensive scope of work of internal auditing should provide reasonable assurance that management’s Risk management system is effective. System of internal control is effective and efficient. Governance process is effective by establishing and preserving values, setting goals, monitoring activities and performance, and defining the measures of accountability.
Answer (C) is correct. The purpose, authority, and responsibility of the internal audit activity should be formally defined in a charter, consistent with the Standards, and approved by the board (Standard 1000). Furthermore, PA 1000-1 states that the CAE should seek approval of the charter by senior management. The charter should establish the internal audit activity’s position within the organization; authorize access to records, personnel, and physical properties relevant to the performance of engagements; and l audit activities.
Answer (B) is correct. Safeguarding assets is an operational activity and is therefore beyond the scope of the internal audit activity, which evaluates and contributes to the improvement of risk management, control, and governance processes. However, internal auditors should evaluate risk exposures relating to governance, operations, and information systems regarding the safeguarding of assets. Based on the risk assessment, they should evaluate the adequacy and effectiveness of controls encompassing governance, operations, and information systems. This evaluation extends to safeguarding of assets (Standards 2110.A2 and 2120.A1).
Answer (A) is correct. Senior management’s role is to oversee the establishment, administration, and assessment of the system of risk management and control processes. Among the responsibilities of the organization’s line managers is the assessment of the control processes in their respective areas. Internal auditors provide varying degrees of assurance about the effectiveness of the risk management and control processes in select activities and functions of the organization (PA 2130-1).
Answer (A) is correct. The CAE forms an overall opinion about the adequacy and effectiveness of the control processes. The expression of such an opinion by the CAE will be based on sufficient audit evidence obtained through the completion of audits and, if appropriate, reliance on the work of other assurance providers. The CAE communicates the opinion to senior management and the board annually (PA 2130-1).
Total Questions: | |
Correct Answers: | |
Wrong Answers: | |
Percentage: |
|