When establishing the objectives of an assurance engagement, it is crucial for internal auditors to align the engagement objectives with the concerns and priorities of operational management. By meeting with operational management, the internal auditor can gain insights into any specific areas of concern, operational challenges, and potential risks. This collaborative approach ensures that the engagement objectives are relevant and focused on areas that provide the most value to the organization, facilitating a more effective and targeted audit process. : The Institute of Internal Auditors (IIA) - Standards for the Professional Practice of Internal Auditing, Standard 2201 - Planning Considerations
When addressing excessive overtime being paid to employees in an organization's customer service call center, the most relevant techniques for the internal auditor to use would be trend analysis, external benchmarking, and internal benchmarking. Trend analysis helps in identifying patterns over time, which can highlight the causes of excessive overtime. External benchmarking compares the organization's overtime data with industry standards to identify discrepancies. Internal benchmarking compares overtime across different departments or similar call centers within the organization to identify best practices and areas needing improvement. Confirmation is not as relevant in this context as it is primarily used to verify the accuracy of information through direct verification. References: * The IIA's Practice Guide on Data Analytics. * The IIA's International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2320 - Analysis and Evaluation.
Question 173
下列哪一項最能反映有效的風險管理和內部控制流程?
Correct Answer: A
Effective risk management and internal control processes are best exemplified by having relevant risk indicators and mitigation plans in place. This demonstrates that the organization not only identifies and assesses risks but also actively monitors and manages these risks through appropriate mitigation strategies. The presence of risk indicators and mitigation plans indicates a proactive approach to risk management, ensuring that potential issues are addressed before they can impact the organization significantly. References: * The Institute of Internal Auditors (IIA) Standard 2100 - Nature of Work: "The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach." * COSO Enterprise Risk Management Framework
When an internal auditor is unable to find supporting documentation for selected accounts during a test, the appropriate next step is to contact management to determine if the documentation is stored elsewhere. This ensures that all potential sources of evidence are explored before drawing any conclusions. * IIA Standard 2310 - Identifying Information: * This standard requires auditors to obtain sufficient, reliable, relevant, and useful information to support their findings. If documentation is missing, the auditor must investigate further to determine if the evidence exists in another location or form. * Contacting Management: * Before concluding that the test failed or expanding the sample, the auditor should first check with management to see if the documentation might be stored in an alternative location. This step ensures that the audit results are based on a thorough and complete examination of available evidence. * IIA Practice Advisory 2330.A1-1: * The advisory suggests that auditors should consider all sources of evidence and confirm with management if there are any alternative ways to obtain the necessary information. * Option A (Conclude that the test failed): This conclusion would be premature without first attempting to locate the missing documentation. * Option B (Select new accounts): This could lead to the same issue if the documentation is not missing but simply stored elsewhere. * Option C (Expand the sample size): Expanding the sample is unnecessary if the issue is simply that the documentation is stored in a different place. Detailed Explanation:Why Not Other Options?Conclusion: Option D is correct because it involves taking the logical next step of contacting management to locate the missing documentation, ensuring that the audit is thorough and the conclusions drawn are based on all available evidence, in line with IIA standards.
Narrative memoranda are used in internal auditing to describe processes in a clear and detailed manner, especially when the process is simple. This method is effective for documenting straightforward processes where a flowchart or other visual representation might be unnecessary or overly complex. * IIA Standard 2330 - Documenting Information: * This standard requires that internal auditors document relevant information to support engagement conclusions and recommendations. Narrative memoranda are one way to document processes, particularly when the process is simple and can be easily described in text. * Use of Narrative Memoranda: * Narrative memoranda provide a written account of a process, outlining each step in a sequential manner. This method is particularly useful for simple processes where the key points can be easily captured in a narrative form, without the need for complex diagrams. * Efficiency in Documentation: * For simple processes, a narrative memorandum is more efficient than a detailed flowchart. It allows the auditor to explain the process clearly and concisely, ensuring that all necessary information is captured without unnecessary detail. * Option A (Detailed risk assessment): A narrative memorandum is not typically used for risk assessments, which require more detailed analysis and often visual aids. * Option B (Identify key roles): While a narrative can mention roles, this is not its primary purpose. * Option D (Document outputs): Documenting outputs that support other activities typically requires more detailed mapping, such as flowcharts or tables. Detailed Explanation:Why Not Other Options?Conclusion: Option C is correct because narrative memoranda are best suited for explaining simple processes in a clear and concise manner, in line with IIA documentation standards.
