












Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
WGU D560 - INTERNAL AUDITING WGU D560 - INTERNAL AUDITING
Typology: Exams
1 / 20
This page cannot be seen from the preview
Don't miss anything!













What are the five components of the COSO ERM Framework?
Controls that operate across an entire entity and, as such, are not bound by, or associated with, individual processes. Compensating Control An activity that, if key controls do not fully operate effectively, may help to reduce the related risks. will not, by itself, reduce risk to an acceptable level. Impairment to Independence & Objectivity The introduction of threats that may result in a substantial limitation, or the appearance of a substantial limitation, to the internal auditor's ability to perform an engagement without bias or interference. Audit Universe A compilation of the subsidiaries, business units, groups, processes, or other established subdivisions of an organization that exist to manage one or more business risks. Business Process The set of connected activities linked with each other for the purpose of achieving one or more business objectives. Objectives Measurable steps the organization takes to achieve its strategy. These are called business objectives, and may be classified as operations, reporting, and compliance. Top-Down Approach Begins at the entity level with the organization's objectives, and then identifies the key processes critical to the success of each of the organization's objectives. Bottom-Up Approach
a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. The COSO and CoCo Frameworks Are used by an increasing number of organizations to evaluate the entire system of internal controls, not just internal controls over financial reporting. The Components of Internal Control
Dividing control activities among different people to reduce the risk of error or inappropriate actions taken by any single individual. Information and Communication Relevant, accurate, and timely information must be available to individuals at all levels of an organization who need such information to run the business effectively. Monitoring Activites consist of "ongoing evaluations built into business processes at different levels of the entity [that] provide timely information. Separate evaluations, conducted periodically, will vary in scope and frequency depending on assessment of risks, effectiveness of ongoing evaluations, and other management considerations. Actions Speak Louder Than Words In addition to hardcopy, electronic, and oral communication formats, management's actions powerfully communicate what is important to the organization. Deficiency A condition within an internal control system worthy of attention that may represent a perceived, potential, or real shortcoming, or opportunity to strengthen the internal control system to provide a greater likelihood that the entity's objectives will be achieved. Tone at the Top The entitywide attitude of integrity and control consciousness, as exhibited by the most senior executives of an organization. Chief Executive Officer (CEO) Responsibility is primary responsibility for setting the "tone at the top" and establishing a positive control environment. Reasonable Assurance
Preventative Control designed to deter unintended events from occurring in the first place. Detective Control designed to discover undesirable events that have already occurred. IT General Controls apply to many if not all application systems and help ensure their continued, proper operation. IT Application Controls These include computerized steps within the application software and related manual procedures to control the processing of various types of transactions. Cybersecurity the technologies, processes, and practices designed to protect an organization's information assets—computers, networks, programs, and data—from unauthorized access. Internet of Things (IoT) The network connection and transmission of information or data from physical devices, objects, or fixtures. For example, a water meter sending usage data to the water utility or sending data back to the device. Black Swan Event An event so rare that it is unplanned for but that has severe consequences if and when it occurs. IT Change Management Risk Pace and type of IT change increases business risk:
Unauthorized physical or logical access to the system may result in theft or misuse of hardware, malicious software modifications, and theft, misuse, or destruction of data. What are the three components of the Institute of Internal Auditing's value proposition?
pertain to internal and external financial and nonfinancial reporting and may encompass reliability, timeliness, transparency, or other terms as set forth by regulators, standard-setters, or the entity's policies Compliance Objectives pertain to adherence to laws and regulations to which the entity is subject. Governance the combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives. Risk management process conducted by management to understand and deal with uncertainties (risks and opportunities) that could affect the organization's ability to achieve its objectives. Control process conducted by management to mitigate risks to acceptable levels. Auditee used to denote the people subject to assessment in an assurance engagement, Customer used to denote the people seeking services in a consulting engagement. Independence
Assurance Services An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization. Consulting Services Advisory and related [customer] service activities, the nature and scope of which are agreed with the [customer], are intended to add value and improve an organization's governance, risk management, and control processes without the internal auditor assuming management responsibility. Conflict of Interest Any relationship that is, or appears to be, not in the best interest of the organization. Proficiency The knowledge, skills, and other competencies needed to fulfill internal audit responsibilities. Due Professional Care The care and skill expected of a reasonably prudent and competent internal auditor. Quality Assurance Instills confidence that the product or service possesses the essential features and characteristics it is intended to have. Residual Risk The portion of inherent risk that remains after management executes its risk responses. What is the OECD? Organization for Economic Cooperation and Development
provide assistance with managing risk. Risk The possibility that events will occur and affect the achievement of a strategy and business objectives. Combined Assurance Aligning various assurance activities within an organization to ensure that assurance gaps do not exist and assurance activities minimize duplication and overlap, but still manage risk consistent with the board's and management's expectations. Independent Outside Auditor Registered public accounting firm, hired by the organization's board or executive management to perform a financial statement audit providing assurance for which the firm issues a written attestation report that expresses an opinion about whether the financial statements are fairly presented in accordance with applicable Generally Accepted Accounting Principles. Third Line Roles independent and objective assurance and advice on all matters related to the achievement of objectives Opportunity An action or potential action that creates or alters goals or approaches for creating, preserving, or realizing value. Enterprise Risk Management The culture, capabilities, and practices, integrated with strategy- setting and its performance, that organizations rely on to manage risk in creating, preserving, and realizing value. Mission
The entity's core purpose, which establishes what it wants to accomplish and why it exists. Vision The entity's aspirations for its future state or what the organization aims to achieve over time. Core Values The entity's beliefs and ideals about what is good or bad, acceptable or unacceptable, which influence the behavior of the organization. Business Objectives Those measurable steps the organization takes to achieve its strategy System reliability and information integrity risk Systematic errors or inconsistencies in processing may produce irrelevant, incomplete, inaccurate, and/or untimely information. Confidentiality and privacy risk Unauthorized disclosure of business partners' proprietary information or individuals' personal information may result in loss of business, lawsuits, negative press, and reputation impairment. Fraud and malicious acts risk Theft of IT resources, intentional misuse of IT resources, or intentional distortion or destruction of information may result in financial losses and/or misstated information that decision-makers rely upon. IT Risk Management The process conducted by management to understand and handle the IT risks and opportunities that could affect the organization's ability to achieve its objectives. IT Governance
Provide security over tangible IT resources. Cloud Computing The practice of using a network of remote servers hosted on the internet to store, manage, and process data. Integrated Auditing IT risk and control assessments are assimilated into assurance engagements conducted to assess process-level reporting, operations, and/or compliance risks and controls. GTAG The IIA publishes the Global Technology Audit Guides (GTAGs). These guides provide internal auditors with guidance that will help them better understand the governance, risk management, and control issues surrounding IT. Impact The severity of outcomes caused by risk events. Can be measured in financial, reputation, legal, or other types of outcomes. Regulatory and Legal Misconduct Includes conflicts of interest, insider trading, theft of competitor trade secrets, anti-competitive practices, environmental violations, and trade and customs regulations in areas of import/export. Likelihood The probability that a risk event will occur.