Internal Audit Policies and Procedures

    avatar
    Created by
    Jinny D

    Cards (14)

    • What does the Performance Standard 2000 - managing the internal audit activity state?
      The chief audit executive must effectively manage the internal audit activity to ensure that it adds value to the organization.
    • How does the internal audit add value to the organisation and its stakeholders?
      • it considers strategies, objectives, and risks;
      • strives to offer ways to enhance governance, risk management and control processes;
      • and objectively provides relevant assurance.
    • How does CAE manage the IA activity strategically?
      Ensure the establishment of a risk-based plan.
      • Manage internal audit changes to implement and support the organization’s strategy.
      • Establish relationships throughout the organization to foster communication and cooperation.
      • Assess and promote an ethical climate and good governance.
      • Develop an appropriate system to measure the efficiency and effectiveness of the internal audit function.
      • report performance to senior management and the board.
    • How does CAE manage the IA activity operationally?
      Manage it in a professional manner - policies and procedures to plan, organise, direct and monitor; administered to best use the resources; staffed appropriately; a risk-based plan is used to identify and prioritise engagements; senior management is informed about the effectiveness of the internal control and risk management frameworks; the quality of the IA work is monitored, assessed, and reported to senior management, and a QAIP is in place.
    • What is the performance standard 2040 - policies and procedures?
      The chief audit executive must establish policies and procedures to guide the internal audit activity.
    • What do the form and content of policies and procedures depend on?
      • the size and structure of the internal audit activity
      • complexity of the IA work
    • What may large or small internal audit activities do regarding the policies and procedures?
      • Large IA activities may have a formal internal audit operations manual that includes policies and procedures.
      • Small IA activities may publish policies and procedures as separate documents or as part of an audit management software program.
    • What can the internal audit manual include?
      • policies and procedures
      • information on the QAIP and other administrative matters.
    • Why are policies and procedures one type of important tool for CAE?
      • ensure that internal audit follows a systematic and disciplined approach.
      • help everyone involved in the IA activity to consistently deliver quality work. 
      • ensure that internal audit is meeting the expectations from the Standards and senior management.
    • How may changes in policies and procedures communicated?
      • in writing
      • during internal audit staff meetings
      • through training
    • Policies and procedures of the IA activity should be reviewed periodically, what should CAE consider when reviewing them?
      • whether policies and procedures include the internal audit charter
      • whether policies and procedures accurately reflect the core principles, the code of ethics, and the standards
    • What is the evidence to demonstrate conformance with "policies and procedures" standard?
      Evidence that policies and procedures have been clearly communicated to internal audit personnel.
    • Examples of internal audit policies may include?
      • The overall purpose and responsibilities of the IA activity.
      • Adherence to the mandatory guidance of the IPPF.
      • Independence and objectivity.
      • Ethics.
      • Protecting confidential information.
      • Record retention.
    • Examples of internal audit procedures may include?
      • Preparing a risk-based audit plan.
      • Planning an audit and preparing the engagement work program.
      • Performing audit engagements.
      • Documenting audit engagements.
      • Communicating results/reporting.
      • Monitoring and follow-up process.
    See similar decks