Question

What two types of services do internal auditors provide? Provide three examples of each type of engagement.

What steps are included in the planning phase of an assurance engagement?

What is the relationship between business objectives and business assertions?

What does "inherent risk" mean?

What elements do well-written observations include?

What is the difference between "negative assurance" and "positive assurance?"

What information must final assurance engagement communications include?

Answer 1

ques 1
Internal auditors provide two types of services: assurance services and consulting services.
Three examples of assurance engagements:
a)Assess the design adequacy and operating effectiveness of business process controls.
b)Assess the design adequacy and operating effectiveness of information technology (IT) controls.
c)Directly assess business process performance.
Three examples of consulting engagements:
a)Provide advice to process owners about how they can streamline their processes to gain operational efficiencies.
b)Facilitate process owners’ assessments of the risks threatening their processes.
c)Conduct in-house training about fundamental governance, risk management, and control concepts

Ques 2
The steps included in the planning phase of an assurance engagement are:
a)Determine engagement objectives and scope.
b)Understand the auditee, including auditee objectives and assertions.
c)Identify and assess risks.
d)Identify key control activities.
e)Evaluate adequacy of control design.
f)Create a test plan.
g)Develop a audit program.
h)Allocate resources to the engagement.

ques 3
Business objectives indicate what the auditee is striving to achieve. Assertions are after thefact statements of what was achieved

ques 4
Inherent risk is the combination of internal and external risk factors in their pure, uncontrolled state,or, the gross risk, that exists assuming there are no internal controls in place.

ques 5
Well-written audit observations contain the following elements:
a)Condition — The factual evidence the internal auditor found; the what is
b)Criteria — The standards or expectations used in making an evaluation; the what should be.
c)Consequences (or effects) — the real or potential adverse effects (or consequences) of the gap between the existing condition and the criteria.
d)Causes — The underlying reasons for the gap between the expected and actual condition,which lead to the adverse consequences

ques 6
An internal audit function is expressing negative assurance when they conclude that nothing has come to their attention that indicates, for example, that the auditee’s system of internal controls is inadequately designed or is operating ineffectively. Negative assurance also is referred to as limited assurance.

An internal audit function is expressing positive assurance when they conclude, for example, that the auditee’s control activities are designed adequately and operating effectively. Positive assurance, which also is referred to as reasonable assurance ia assurance that explains that all the internal control measures are working effectively or are in place

ques 7
Communications must include the engagement's objectives and scope as well as applicable conclusions, recommendations, and action plans
The Chef audit executive must communicate results to the appropriate parties