Internal Audit Policies and Procedures

avatar
Created by
Jinny D

Cards (14)

  • What does the Performance Standard 2000 - managing the internal audit activity state?
    The chief audit executive must effectively manage the internal audit activity to ensure that it adds value to the organization.
  • How does the internal audit add value to the organisation and its stakeholders?
    • it considers strategies, objectives, and risks;
    • strives to offer ways to enhance governance, risk management and control processes;
    • and objectively provides relevant assurance.
  • How does CAE manage the IA activity strategically?
    Ensure the establishment of a risk-based plan.
    • Manage internal audit changes to implement and support the organization’s strategy.
    • Establish relationships throughout the organization to foster communication and cooperation.
    • Assess and promote an ethical climate and good governance.
    • Develop an appropriate system to measure the efficiency and effectiveness of the internal audit function.
    • report performance to senior management and the board.
  • How does CAE manage the IA activity operationally?
    Manage it in a professional manner - policies and procedures to plan, organise, direct and monitor; administered to best use the resources; staffed appropriately; a risk-based plan is used to identify and prioritise engagements; senior management is informed about the effectiveness of the internal control and risk management frameworks; the quality of the IA work is monitored, assessed, and reported to senior management, and a QAIP is in place.
  • What is the performance standard 2040 - policies and procedures?
    The chief audit executive must establish policies and procedures to guide the internal audit activity.
  • What do the form and content of policies and procedures depend on?
    • the size and structure of the internal audit activity
    • complexity of the IA work
  • What may large or small internal audit activities do regarding the policies and procedures?
    • Large IA activities may have a formal internal audit operations manual that includes policies and procedures.
    • Small IA activities may publish policies and procedures as separate documents or as part of an audit management software program.
  • What can the internal audit manual include?
    • policies and procedures
    • information on the QAIP and other administrative matters.
  • Why are policies and procedures one type of important tool for CAE?
    • ensure that internal audit follows a systematic and disciplined approach.
    • help everyone involved in the IA activity to consistently deliver quality work. 
    • ensure that internal audit is meeting the expectations from the Standards and senior management.
  • How may changes in policies and procedures communicated?
    • in writing
    • during internal audit staff meetings
    • through training
  • Policies and procedures of the IA activity should be reviewed periodically, what should CAE consider when reviewing them?
    • whether policies and procedures include the internal audit charter
    • whether policies and procedures accurately reflect the core principles, the code of ethics, and the standards
  • What is the evidence to demonstrate conformance with "policies and procedures" standard?
    Evidence that policies and procedures have been clearly communicated to internal audit personnel.
  • Examples of internal audit policies may include?
    • The overall purpose and responsibilities of the IA activity.
    • Adherence to the mandatory guidance of the IPPF.
    • Independence and objectivity.
    • Ethics.
    • Protecting confidential information.
    • Record retention.
  • Examples of internal audit procedures may include?
    • Preparing a risk-based audit plan.
    • Planning an audit and preparing the engagement work program.
    • Performing audit engagements.
    • Documenting audit engagements.
    • Communicating results/reporting.
    • Monitoring and follow-up process.