Opinions

Created by

Jinny D

Cards (16)

What may opinions be at the engagement level?
may be ratings, conclusions, or other descriptions of the results.
Opinions may be related to controls around a specific process, risk, or business unit.
The formulation of opinions requires consideration of the engagement results and their significance.
There is an option of not rendering an opinion based on the expectation of primary stakeholders
When the preference is for inclusion of an opinion, internal auditors should examine not only each finding but also the relationships among the findings.
What is the best practice to rend an opinion?
A best practice is to combine a rating with an opinion description.
Ratings structures can be split across the following levels? 
observation, opinion, report
When IA activity is asked to provide opinions on the overall adequacy of GRC, the requests may be for what two levels?
Macro and micro levels.
The Standards don’t require opinions at a macro level. However, without such an opinion, there are potential gray areas for interpretation.
How does the IPPF glossary differentiate between engagement opinions and overall opinions?
An engagement opinion is a rating, conclusion, and/or other description of results of an engagement and aspects within the objectives and scope of the engagement.
An overall opinion is a rating, conclusion, and/or other description of results provided by the CAE addressing, at a broad level, GRC processes of the organization. It is the professional judgment of the CAE based on the results of a number of engagements and other activities for a specific time interval.
The communication of an overall opinion will include?
The scope, inc. time period to which the opinion pertains.
The scope limitations.
Consideration of all related projects, including the reliance on other assurance providers.
A summary of the information that supports the opinion.
The risk or control framework or other criteria used as a basis for the overall opinion.
The overall opinion, judgment, or conclusion reached.
The reasons for an unfavorable overall opinion must be stated.
If the CAE is asked to provide an opinion, the opinion should clearly specify?
The evaluation criteria and structure used (such as the COSO internal control framework)
the scope to which the opinion applies.
That management has responsibility for the establishment and maintenance of internal controls.
Positive assurance (reasonable assurance) is the highest level of assurance and one of the strongest types of audit opinions; therefore, it is most preferred. Different ratings may be used, such as that internal controls are satisfactory or unsatisfactory, effective or ineffective, meet expectations or don’t meet expectations, etc. Variations include the use of grading systems.
Negative assurance (limited assurance) indicates that nothing came to the internal auditor’s attention that would indicate inadequate internal controls. Such an opinion is less valuable than positive assurance, as it provides limited assurance that sufficient evidence was gathered to determine whether internal controls are inadequate.
In a qualified opinion, specific findings contradict (“qualify”) the overall opinion. This type of opinion can be useful in situations where there is an exception to the general opinion. For example, a qualified opinion may indicate that controls were satisfactory, with the exception of accounts payable controls, which require significant improvement.