CIA Part 2 Study Guide
Who is ordinarily responsible for guiding governance processes? - ✔✔The board
Who is ordinarily responsible for leading risk management and control processes? - ✔✔Senior
management
Compliance i
...
CIA Part 2 Study Guide
Who is ordinarily responsible for guiding governance processes? - ✔✔The board
Who is ordinarily responsible for leading risk management and control processes? - ✔✔Senior
management
Compliance is defined as - ✔✔adherence to policies, plans, procedures, laws, regulations,
contracts, or other requirements
Types of Internal Audit Engagements - ✔✔Assurance services and Consulting services
Reporting to senior management and the board provides assurance about - ✔✔Governance, Risk
management, and Control
Who establishes policies and procedures for the IAA? - ✔✔The CAE
Policies and procedures for a large, mature IAA are - ✔✔formal in a manual
Policies and procedures for a small or less mature IAA are - ✔✔Separate documents or an audit
management software program (less formal)
Who and how often should Internal audit policies and procedures be reviewed? - ✔✔CAE or an
internal audit manager periodically reviews
Who is responsible for hiring a proper IAA? - ✔✔The CAE
Effective interviewing methods - ✔✔Structured (eliminates individual bias) or Behavioral (how
candidates handled past situations)
CAE independence and report structure with the board and senior management. - ✔✔CAE must
have direct and unrestricted access to senior management and the board. Reports
administratively to senior management and functionally to the board.
The most important function of the audit committee is - ✔✔promote the independence of
internal and external auditors by protecting them from management's influence.
What is participative auditing? - ✔✔Collaboration between the internal auditor and management
during the auditing process. Objective is to minimize conflict and build a shared interest.
The CAE must ensure that internal audit resources are - ✔✔appropriate, sufficient, and
effectively deployed to achieve the approved plan.
Appropriate refers to - ✔✔mix of knowledge, skills, and other competencies to perform the plan
Sufficient refers to - ✔✔quantity of resources needed to accomplish the plan
Resources are effectively deployed when - ✔✔optimizes the achievement of the approved plan
Resource planning considers - ✔✔1. The audit universe
2. Relevant risk levels
3. IA plan
4. Coverage Expectations
5. Estimate of unanticipated activities
When selecting the appropriate audit staff, the CAE must consider - ✔✔1. Complexity of the
engagement
2. Experience levels of the auditors
3. Training needs of the auditors
4. Available Resources
The Three Lines of Defense in Effective Risk Management and Control - ✔✔Stakeholders =
[Show More]
