Determine which controls if any are in place to mitigate the fraud risks

Follow protocol for internal reporting and investigating fraud allegations

Research frauds that nave occurred t\ similar organizations

Incorporate the fraud risk assessment into the engagement plan

Sampling risk.

Audit risk.

Residual risk.

Inherent risk

It is best to determine planning activities on a case-by-case basis because they can vary widely from engagement to engagement.

If the engagement subject matter is not unique, it is not necessary to outline specific testing procedures during the planning phase.

The engagement plan includes the expected distribution of the audit results, which should be kept confidential until the audit report is final.

Engagement planning activities include setting engagement objectives that align with audit client's business objectives.

1, 2, and 3

1, 2, and 4

1, 3, and 4

2, 3, and 4

Engagement objectives derived from risk assessment results from a company's risk function experts.

Engagement objectives derived from senior management's risk assessment results

Engagement objectives derived from the mental audit activity's own risk assessment results

Engagement objectives derived from risk assessment results from both senior management and the company's risk function experts

Names and work titles of employees

Description of responsibilities of business units.

Average fuel consumption data of vehicles

Location and route data of vehicles

Include using in a subsequent audit to determine if the risks are still present

Discuss the matter with senior management and it not reserved with the board

Require that management implement controls to mitigate lie risks

Report the risks to the process owners so that they can modify their process

Verify that amounts are correct.

Verify that payments are on time.

Verify that recipients are valid employees.

Verify that benefits deductions are accurate.

To ensure that the engagement is completed on time and within budget

To ensure that all work performed meets acceptable quality standards

To ensure that management has provided suitable responses to all observations

To ensure that management is satisfied with the progress of the engagement

Assurance providers who report to management and/or are part of management cannot provide control serf-assessments services

Internal auditors should always reperform and validate audit work completed by external assurance providers

Internal auditors may rely on the work of internal compliance teams to expand their coverage of the organization without increasing direct audit

hours Internal auditors can rely on the work of other assurance providers only rf the other assurance providers report directly to the board

Comer of competence

Career model

Rotational model

Cosourcing agreement

A risk where likelihood and impact are high

A risk where inherent risk exceeds its residual risk

A risk where inherent risk exceeds the tolerance level

A risk where residual risk exceeds the tolerance level

The frequency of executing the internal audit engagements

The frequency of changes in the organization environment

The expectations set by the board and senior management

The expectations set by operating management and senior management

Top-down approach

Process-Metrix approach

Risk-factor approach

Bottom up approach

Intern accounting management via an interim memorandum update

Note the item in the workpapers for inclusion in the final audit report

Call a meeting and discuss me issue with the audit committee

Alert the CEO as soon as the issue is discovered

Stratified sampling

Haphazard sampling

Discovery sampling

Probability-proportional-to-size sampling

The auditor should have ensured the preservation of audit evidence by taking screenshots or extracting tender documents

The auditor should have extracted a list of logs and identified any actions that were executed in the database during the audit

The auditor should have instructed procurement workers that changes to the database during the course of the audit were strictly forbidden

The internal auditor should have created a more thorough work program, which would address audit criteria and potential causes in more detail

Select a sample of invoices for substantive testing

Review the contract for evidence of authorization

Document underlying reasons for noncompliance

Assess the inherent risk of paying duplicate invoices

Ask the external auditor to review the same transaction again as an independent third party

Consult account accounting principles, standards, and relevant guidelines in regard to timing of the entry

Interview the chief financial officer and obtain her opinion on how the transactions should be recorded

Compare the recording of this transaction to now similar ones were executed last year

Poor engagement supervision

ineffective board reporting

Untimely observation follows up and closure

Limited staff resources

Operational management, because they are responsible for the day-to-day management of the operational risks.

The CRO, because he is responsible for coordinating and project managing risk activities based on his specialized skills and knowledge.

The chief audit executive, although he is not accountable for risk management in the organization.

The CEO, because he has ultimate responsibility for ensuring that risks are managed within the agreed tolerance limits set by the board.

Uphold the quality of the internal audit actively

Provide engagement progress updates to management of the area under review

Assure risks and controls are identified and assessed

Ensure timely completion of the engagement

Define the duties and responsibilities needed from management to perform the engagement.

Disclose the fact that auditors who perform the work may not be subject matter experts in the topic of the review.

Clarify that matters discovered during the engagement may also be reported to senior management and the audit committee.

Disclose the fact that follow-up reviews may be conducted to ensure that recommendations are implemented adequately.

Each year send a different member of the internal audit staff to an IT audit conference to learn about emerging technologies

Contract an external IT special to offer advice and consult on IT audits

Employ an independent external IT specialist to perform IT audits for the first year

Invite qualified staff from the IT department to serve as guest auditors and lead IT audits

The annual audit plan should only be adjusted in response to problems with resourcing, scope, and data availability.

The chief audit executive (CAE) may incorporate risk information, including risk appetite levels from management for the audit plan at her discretion.

In an immature risk management environment it is preferable for the CAE to rely solely on her judgment regarding risk identification and assessment to develop the audit plan.

The CAE may make adjustments to the annual audit plan as needed without senior management or board approval.

The observation was made during the same audit, and the action plan has a common owner.

The observation relates to the same control activity within a common process.

The observation has a common control, and it was noted in a prior audit.

The observation has a common process, and the action plan for the observation has a common owner.

Inquiry

Analytical review

Observation

Inspection of documents

Residual risk

Inherent risk

Compensating controls

Control activities

To gather information from a sample of people who are geographically dispersed

To assess risks that could prevent an audited area from achieving its objectives.

To evaluate tie level of compliance of remote offices with centrally designed procedures

To perform testing of controls more frequently

A heat map sets likelihood to have higher priority than impact.

A heat map sets impact to have higher priority than likelihood.

A heat map recognizes that the priority of impact and likelihood can vary.

A heat map recognizes impact and likelihood as equally important

Proposing fine item recommendation lot the annual financial budget of the accounting department

Making recommendations regarding financial approval authority limits for the operations department

Validating whether employees are following established policies and procedures in the procurement department

Generating expense report metrics for employees in the finance department

A criterion of the organization's accumulation of large travel advances

A condition of the organization's accumulation of large travel advances

A consequence of the organization's accumulation of large travel advances

A cause of the organization's accumulation of large travel advances

To help develop process maps.

To determine segregation of duties.

To identify residual risks.

To test the adequacy of controls.

A risk assessment

An operational audit

A third-party audit

A fraud investigation

RACI (responsible, accountable, consult and inform) chart

Flowchart

SWOT{strengths. weaknesses opportunities, and threats) analysis

Workflow analysis

Audit criteria should be consistent across audit assignments.

Audit criteria should represent reasonable standards against which to assess existing conditions.

Audit criteria should provide flexibility but allow identification of nonadherence.

Audit criteria should equate to good or acceptable management practices.

Maintaining a quality assurance program even in the absence of management support

Periodically reviewing and approving the internal audit charier

Providing opportunities for all staff auditors to satisfy their professional development requirements

Establishing the objectives scope and plan for each engagement

ICQs are efficient because they minimize the need for follow-up with survey respondents

Controls with positive survey responses can be eliminated from further testing

Answers to survey questions can be easily misinterpreted

ICQs offer limited value for organizations with uniform procedures

1 and 3 only

2 and 4 only

1, 2, and 4

2, 3, and 4

Create a tracking system for follow up

Ensure that follow-up activities are performed at least weekly.

Delegate follow-up activities to qualified administrative staff within the business unit

Ensure that follow-up activities are performed by the most senior auditor on staff

Interview responsible managers and read strategic documents

Conduct internet searches on gas sales and analyze market players

Review gas clients' portfolio and compile statistics on sales margins

Analyze the organization's revenues and calculate the proportion of gas

Examining the entire population

Asking management about the malpractice

Testing a sample of random transactions.

Using data analytics

Infrastructure.

Emerging.

Managed.

Initial.

Surveys

Management produced analysis 0

Facilitated team workshops

Weighted risk factors

Strategic plans reflect the organization's business objectives and overall attitude toward risk.

Strategic plans are helpful to identify major areas of activity, which may direct the allocation of internal audit activity resources.

Strategic plans are likely to show areas of weak financial controls.

The strategic plan is a relatively stable document on which to base audit planning.

Awareness of prior incidents of fraud.

Contractor non-disclosure agreements.

Verification of currency exchange rates.

Receipts for employee expenses.

Assess the organization's ability to minimize potential external risks

Assess the organization's process of vetting vendors that provide necessary services to the organization

Assess the organization's risk impacts from the markets in which it operates

Assess the organization's controls implemented that would help minimize risks

The treasury supervisor establishes a threshold for amounts on bank statements to be reconciled against data in the system

The treasury analyst performs a daily reconciliation of al bank statements obtained via email against data in the system

The treasury analyst reviews a daily report automatically generated by the treasury system, which shows bank statements that have not been uploaded into the accounting system.

The treasury supervisor seeks an annual confirmation from the bank regarding the bank statements processed within a year

Present the revised audit plan directly to the board for approval.

Communicate with the chief financial officer and present the revised audit plan to the CEO tor approval

Present the revised audit plan directly to the CEO for approval

Communicate with the CEO and present the revised audit plan to the board for approval.

Criteria.

Effect

Condition

Cause

Ask the CEO to determine the scope and objectives of the engagement

Request that the board disclose its concerns over governance for inclusion in the engagement

Discuss the concerns with the finance manager and work together to agree on the engagement objectives

Review previous audit reports from the area and develop engagement objectives to address the area's key risks and controls