Exam Chapters 6-11 Internal Auditing

An activity designed to either reduce risk associated with business objectives that are not critical to the organization's survival or success or serve as a backup to a key control.

The state of mind in which internal auditors take nothing for granted; they continuously question what they hear and see and critically assess audit evidence.

The sequence of work papers that validates or invalidates accounting records, usually on the computer.

An employee that reports their organizations misconduct.

The amount of evidence that gives internal auditors the comfort that their work is correct.

Fraud perpetrators want to relieve real or perceived pressure to show performance; for example, generating the attitude that when you can't 'make' the numbers you simply 'make-up' the numbers. Part of the fraud triangle.

They are the actions taken by management to mitigate risk and increase the likelihood that established goals will be achieved.

Communicating in a manner that a prudent individual would consider to be fair and sufficiently clear and comprehensive to meet the needs of the recipient(s) of such communication.

It involves intentional misstatements or omissions of amounts or disclosures in financial statements designed to deceive financial statement users.

The risk that you found that didn't detect an error.

The entity-wide attitude of integrity and control consciousness, as exhibited by the most senior executives of an organization.

Is the portion of inherent risk that management can directly can influence and reduce through day to day business activity.

The combination of internal and external risk factors in their pure, uncontrolled state, or the gross risk that exists assuming there are no internal controls in place.

These pertain to effectiveness and efficiency of the entity's operations, including operational and financial performance goals, and safeguarding assets against loss.

The state of mind in which internal auditors take nothing for granted; they continuously question what they hear and see and critically assess audit evidence.

An activity designed to reduce risk associated with a critical business objective.

These controls help to correct a weakness.

These pertain to internal and external financial and non financial reporting, and may encompass reliability, timeliness, transparency, or other terms as set forth by regulators, standard setters, or the entity's policies.

An activity that is designed to discover undesirable events that have already occurred. It must occur on a timely basis to be considered effective.

They specify what the engagement is intended to achieve.

The severity of outcomes caused by risk events. Can be measured in financial, reputation, legal, or other types of outcomes; extreme, high, medium, low, and negligible.

Any illegal act characterized by deceit, concealment, or violation of trust. They are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.

The acceptable levels of risk size and variation relative to the achievement of objectives, which must align with the organization's risk appetite.

Tracking information backward from one document to a previously prepared document, or to a tangible resource. Taking a sample of inventory items form the accounting records to the warehouse to see that the inventory items exist.

The probability that a risk event will occur; remote, unlikely, possible, probably, and certain.

Specific tasks performed by the internal auditor to gather the evidence required to achieve the prescribed audit objectives.

Acts involving two or more persons, working together, whereby established controls or procedures may be "looked by" for the gain of those individuals.

The amount of risk an organization is willing to accept in pursuit of its business objectives. It takes into consideration the amount of risk that management consciously accepts after balancing the cost and benefits of implementing controls.

These pertain to adherence to laws and regulations to which the entity is subject.

Fraud perpetrators need to rationalize their actions as accepted; for example, they tell themselves that they are doing it for the good of the company. Part of the fraud triangle.

Fraud perpetrators need to see ample opportunity so that they can carry out the fraud with ease; for example, since the employee is trusted at the store alone they steal while no one is looking. Part of the fraud triangle.

An action, or set of actions, taken by management to reduce the impact and/or likelihood of a risk to a lower, more acceptable level.

Tracking information forward from one document, or tangible resource to a subsequently prepared document. To check checks dated within a period of several days before and after year-end to the accounting records to ensure the checks were recorded in the proper year.