A global manufacturing company has three regional offices. The chief audit executive (CAE) is concerned about the cost of an upcoming external quality assessment of the internal audit activity. The last external assessment was performed six years ago. Recently, the internal audit staff at one of the regional offices performed an internal assessment. To ensure conformance with the Standards, what is the most appropriate action for the CAE to take?
To ensure conformance with the Standards, the most appropriate action for the CAE is to request that an external assessor validate the results of the internal assessment and review the remaining offices. This approach ensures an independent and objective evaluation, as required by IIA Standard 1312, which mandates external assessments at least once every five years.
Option A: Delaying the external assessment does not comply with the required five-year cycle.
Option B: Implementing improvements based on the internal assessment alone lacks external validation.
Option C: Having a regional office perform assessments does not meet the requirement for an external assessment.
IIA Standard 1312: External Assessments.
IIA Quality Assessment Manual.
According to IIA guidance, which of the following would be the most appropriate to help a new internal auditor understand the nature and positioning of the internal audit activity within his organization?
The internal audit charter provides a formal definition of the internal audit activity's purpose, authority, and responsibility. It is foundational for helping new auditors understand their role and how internal audit functions within the organization.
According to IIA guidance, which of the following statements is true regarding internal auditors' knowledge, skills and other competencies?
According to IIA guidance, the chief audit executive (CAE) must obtain competent advice and assistance if the internal audit activity lacks the knowledge, skills, or other competencies needed to complete the audit engagement. This ensures that the internal audit activity can effectively carry out its responsibilities by supplementing its capabilities where necessary to maintain quality and effectiveness. Reference: IIA Standard 1210 - Proficiency
Which of the following statements is true regarding a key difference between assurance and consulting services provided by the internal audit activity?
Assurance services involve three parties: the auditor, the auditee, and the user of the report. In consulting services, the internal audit activity and the client work together directly, generally involving only two parties. Reference:
IIA's International Professional Practices Framework (IPPF).
IIA Practice Guide: Assurance and Consulting Services.
An organization is testing a new IT system for digital data storage and security. The internal audit activity has been asked to evaluate the system in a consulting engagement. Although several internal auditors on staff are qualified to perform basic assessments of IT systems, none are familiar with the new system. Which of the following is a legitimate response to the prospective client?
1. Decline the engagement.
2. Proceed with the engagement, performing only those parts of the engagement that the internal auditors are qualified to perform.
3. Accept the engagement and develop the additional competencies in-house prior to the engagement's starting date.
4. Make arrangements to obtain assistance from a competent IT auditing expert.
A legitimate response to the prospective client under these circumstances would be to decline the engagement due to lack of specific competencies or make arrangements to obtain assistance from a competent IT auditing expert. These options ensure that the internal audit activity maintains its professional competence and integrity by only undertaking engagements where they can provide or ensure the required level of expertise. Reference: IIA standards on professional competence and due care, which stipulate that internal auditors must have or obtain the necessary knowledge and skills to perform their tasks effectively, and if not, they should decline the engagement or seek expert assistance.