An internal auditor is assessing the organization's risk management framework. Which of the following formulas should he use to calculate the residual risk?
The appropriate formula to calculate residual risk is (Probability of events) (Impacts). Residual risk is the risk that remains after controls are implemented to mitigate the inherent risk. It reflects the remaining exposure after considering the effectiveness of existing controls. This formula takes into account the likelihood of an event occurring and the potential impact if it does occur. Reference: IIA Practice Guide -- Assessing the Adequacy of Risk Management Processes, COSO Framework
Which of the following is most likely the subject of a periodic report from the chief audit executive to the board?
A corporate merger decision prompts the chief audit executive (CAE) lo propose interim changes to the existing annual audit plan to account for emerging risks Which of the following is the most appropriate action for the CAE to take regarding the changes made to the audit plan''
When proposing interim changes to the annual audit plan due to emerging risks, the most appropriate action for the CAE is to communicate with the CEO and present the revised audit plan to the board for approval. This ensures that senior management is informed and supportive of the changes, and that the board, which holds the ultimate oversight responsibility, formally approves the revised plan. Reference:
The IIA's International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2020 - Communication and Approval.
The IIA's Practice Guide on Engagement Planning.
A senior IT auditor is performing an audit of inventory valuation. The auditor misinterprets the sampling results. Which of the following best describes this situation?
The audit committee has asked the chief audit executive (CAE) to conduct an ad hoc forensic investigation of the purchasing department within a month due to the significance and urgency of a recently discovered risk The internal audit activity currently has no available staff with relevant experience or qualifications Which of the following is the CAE's best option for fulfilling the internal audit activity's responsibilities in this case?
Given the urgency and the lack of internal expertise in forensic investigation, the most effective and immediate solution is to outsource the investigation to independent professional consultants. This approach ensures that the investigation is conducted by individuals with the necessary skills and experience, thereby maintaining the integrity and quality of the investigation. Training internal staff or recruiting new auditors would take time and may not address the immediate need, while declining the engagement would not fulfill the audit committee's request. Reference:
'Internal Auditing: Assurance & Advisory Services' (The Institute of Internal Auditors)
'Forensic Accounting and Fraud Investigation for Non-Experts' (Howard Silverstone and Michael Sheetz)