WGU D560 - INTERNAL AUDITING, Exams of Business Administration

WGU D560 - INTERNAL AUDITING WGU D560 - INTERNAL AUDITING

Typology: Exams

2025/2026

Available from 04/14/2026

Tutornurse
Tutornurse 🇺🇸

3.4

(5)

7.1K documents

1 / 20

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
WGU D560 - INTERNAL
AUDITING
What are the five components of the COSO ERM Framework?
1.
Governance and Culture.
2.
Strategy and Objective Setting
3.
Performance
4.
Review and Revision
5.
Information, Communication, and Reporting
Severity
A measurement of considerations such as likelihood and impact of
events or the time it takes to recover from events.
Risk Responses
Accept.
Avoid.
Pursue.
Reduce.
Share.
Chief RIsk Officer
A senior management position established by many companies that
acts as the centralized coordination point to facilitate risk
management activities.
Risk (ISO 31000:2018)
Effect of uncertainty on objectives.
Entity-Level Controls
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14

Partial preview of the text

Download WGU D560 - INTERNAL AUDITING and more Exams Business Administration in PDF only on Docsity!

WGU D560 - INTERNAL

AUDITING

What are the five components of the COSO ERM Framework?

  1. Governance and Culture.
  2. Strategy and Objective Setting
  3. Performance
  4. Review and Revision
  5. Information, Communication, and Reporting Severity A measurement of considerations such as likelihood and impact of events or the time it takes to recover from events. Risk Responses Accept. Avoid. Pursue. Reduce. Share. Chief RIsk Officer A senior management position established by many companies that acts as the centralized coordination point to facilitate risk management activities. Risk (ISO 31000:2018) Effect of uncertainty on objectives. Entity-Level Controls

Controls that operate across an entire entity and, as such, are not bound by, or associated with, individual processes. Compensating Control An activity that, if key controls do not fully operate effectively, may help to reduce the related risks. will not, by itself, reduce risk to an acceptable level. Impairment to Independence & Objectivity The introduction of threats that may result in a substantial limitation, or the appearance of a substantial limitation, to the internal auditor's ability to perform an engagement without bias or interference. Audit Universe A compilation of the subsidiaries, business units, groups, processes, or other established subdivisions of an organization that exist to manage one or more business risks. Business Process The set of connected activities linked with each other for the purpose of achieving one or more business objectives. Objectives Measurable steps the organization takes to achieve its strategy. These are called business objectives, and may be classified as operations, reporting, and compliance. Top-Down Approach Begins at the entity level with the organization's objectives, and then identifies the key processes critical to the success of each of the organization's objectives. Bottom-Up Approach

a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. The COSO and CoCo Frameworks Are used by an increasing number of organizations to evaluate the entire system of internal controls, not just internal controls over financial reporting. The Components of Internal Control

  • Control Environment.
  • Risk Assessment.
  • Control Activities.
  • Information and Communication.
  • Monitoring Activities. Control Environment the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. Risk Assessment involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives. Critical Success Factors Successes that must be accomplished for objectives to be achieved. Control Activities the actions taken by management, the board, and other parties to mitigate risk and increase the likelihood that established objectives and goals will be achieved. Segregation of Duties

Dividing control activities among different people to reduce the risk of error or inappropriate actions taken by any single individual. Information and Communication Relevant, accurate, and timely information must be available to individuals at all levels of an organization who need such information to run the business effectively. Monitoring Activites consist of "ongoing evaluations built into business processes at different levels of the entity [that] provide timely information. Separate evaluations, conducted periodically, will vary in scope and frequency depending on assessment of risks, effectiveness of ongoing evaluations, and other management considerations. Actions Speak Louder Than Words In addition to hardcopy, electronic, and oral communication formats, management's actions powerfully communicate what is important to the organization. Deficiency A condition within an internal control system worthy of attention that may represent a perceived, potential, or real shortcoming, or opportunity to strengthen the internal control system to provide a greater likelihood that the entity's objectives will be achieved. Tone at the Top The entitywide attitude of integrity and control consciousness, as exhibited by the most senior executives of an organization. Chief Executive Officer (CEO) Responsibility is primary responsibility for setting the "tone at the top" and establishing a positive control environment. Reasonable Assurance

Preventative Control designed to deter unintended events from occurring in the first place. Detective Control designed to discover undesirable events that have already occurred. IT General Controls apply to many if not all application systems and help ensure their continued, proper operation. IT Application Controls These include computerized steps within the application software and related manual procedures to control the processing of various types of transactions. Cybersecurity the technologies, processes, and practices designed to protect an organization's information assets—computers, networks, programs, and data—from unauthorized access. Internet of Things (IoT) The network connection and transmission of information or data from physical devices, objects, or fixtures. For example, a water meter sending usage data to the water utility or sending data back to the device. Black Swan Event An event so rare that it is unplanned for but that has severe consequences if and when it occurs. IT Change Management Risk Pace and type of IT change increases business risk:

  • System enhancements.
  • New technologies.
  • Patches and system upgrades.
  • Application code revisions. Information Technology (IT) Auditor An auditor who works extensively in the area of computerized information systems and has deep IT risk, control, and audit expertise. Computer Hardware comprises the physical components of an information system. Networks links two or more computers or devices so they can share information and/or workloads Database A large depository of data, typically contained in many linked files, and stored in a manner that allows the data to be easily accessed, retrieved, and manipulated. Computer Software operating system software, utility software, database management system (DBMS) software, application software, and firewall software. Big Data A term used to refer to the large amount of constantly streaming digital information, massive increase in the capacity to store large amounts of data, and the amount of data processing power required to manage, interpret, and analyze the large volumes of digital information. Processes Governance, procedures, and controls represent another key component in today's modern IT environment. ERP System

Unauthorized physical or logical access to the system may result in theft or misuse of hardware, malicious software modifications, and theft, misuse, or destruction of data. What are the three components of the Institute of Internal Auditing's value proposition?

  1. Assurance = Governance, Risk, and Control.
  2. Insight = Catalyst, Analyses, and Assessments.
  3. Objectivity = Integrity, Accountability, and Independence. Internal Auditing an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. Add Value Value is provided by improving opportunities to achieve organizational objectives, identifying operational improvement, and/or reducing risk exposure through both assurance and consulting services. Strategic Objectives those goals that management sets specifically related to stakeholder interests. Operations Objectives pertain to the effectiveness and efficiency of the entity's operations, including operational and financial performance goals, and safeguarding resources against loss. Reporting Objectives

pertain to internal and external financial and nonfinancial reporting and may encompass reliability, timeliness, transparency, or other terms as set forth by regulators, standard-setters, or the entity's policies Compliance Objectives pertain to adherence to laws and regulations to which the entity is subject. Governance the combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives. Risk management process conducted by management to understand and deal with uncertainties (risks and opportunities) that could affect the organization's ability to achieve its objectives. Control process conducted by management to mitigate risks to acceptable levels. Auditee used to denote the people subject to assessment in an assurance engagement, Customer used to denote the people seeking services in a consulting engagement. Independence

  1. Competence
  2. Credibility
  3. Connectivity
  4. Communication
  5. Courage What is the mission of internal audit services? To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. Integrity establishes trust and thus provides the basis for reliance on their judgment. Confidentiality respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so. Competency Internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services. The Standards Principles-focused, mandatory requirements consisting of Statements and Interpretations. Attribute Standards address the attributes of organizations and individuals performing internal auditing. Performance Standards describe the nature of internal auditing and provide quality criteria against which the performance of these services can be measured.

Assurance Services An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization. Consulting Services Advisory and related [customer] service activities, the nature and scope of which are agreed with the [customer], are intended to add value and improve an organization's governance, risk management, and control processes without the internal auditor assuming management responsibility. Conflict of Interest Any relationship that is, or appears to be, not in the best interest of the organization. Proficiency The knowledge, skills, and other competencies needed to fulfill internal audit responsibilities. Due Professional Care The care and skill expected of a reasonably prudent and competent internal auditor. Quality Assurance Instills confidence that the product or service possesses the essential features and characteristics it is intended to have. Residual Risk The portion of inherent risk that remains after management executes its risk responses. What is the OECD? Organization for Economic Cooperation and Development

provide assistance with managing risk. Risk The possibility that events will occur and affect the achievement of a strategy and business objectives. Combined Assurance Aligning various assurance activities within an organization to ensure that assurance gaps do not exist and assurance activities minimize duplication and overlap, but still manage risk consistent with the board's and management's expectations. Independent Outside Auditor Registered public accounting firm, hired by the organization's board or executive management to perform a financial statement audit providing assurance for which the firm issues a written attestation report that expresses an opinion about whether the financial statements are fairly presented in accordance with applicable Generally Accepted Accounting Principles. Third Line Roles independent and objective assurance and advice on all matters related to the achievement of objectives Opportunity An action or potential action that creates or alters goals or approaches for creating, preserving, or realizing value. Enterprise Risk Management The culture, capabilities, and practices, integrated with strategy- setting and its performance, that organizations rely on to manage risk in creating, preserving, and realizing value. Mission

The entity's core purpose, which establishes what it wants to accomplish and why it exists. Vision The entity's aspirations for its future state or what the organization aims to achieve over time. Core Values The entity's beliefs and ideals about what is good or bad, acceptable or unacceptable, which influence the behavior of the organization. Business Objectives Those measurable steps the organization takes to achieve its strategy System reliability and information integrity risk Systematic errors or inconsistencies in processing may produce irrelevant, incomplete, inaccurate, and/or untimely information. Confidentiality and privacy risk Unauthorized disclosure of business partners' proprietary information or individuals' personal information may result in loss of business, lawsuits, negative press, and reputation impairment. Fraud and malicious acts risk Theft of IT resources, intentional misuse of IT resources, or intentional distortion or destruction of information may result in financial losses and/or misstated information that decision-makers rely upon. IT Risk Management The process conducted by management to understand and handle the IT risks and opportunities that could affect the organization's ability to achieve its objectives. IT Governance

  1. Intrusion testing performed on a regular basis
  2. Encryption services applied where confidentiality is a stated requirement
  3. Change management processes-including patch management-in place to ensure a tightly controlled process for applying all changes and patches the software, systems, network components, and data Systems development and acquisition controls ■ User requirements should be documented, and their achievement should be measured. ■ Systems design should follow a formal process to ensure that user requirements and controls are designed into the system. ■ Systems development should be conducted in a structured manner to ensure that requirements and approved design features are incorporated into the finished product. ■ Testing should ensure that individual system elements work as required, system interfaces operate as expected, and the system owner has confirmed that the intended functionality has been provided. ■ Application maintenance processes should ensure that changes in application systems follow a consistent pattern of control. Change management should be subject to structured assurance validation processes. ■ DevOps combines the development and operations of applications into a single team or group. This approach increases the risk of application changes made without sufficient review. Quality review and code reviews serve as a DevOps control review. Logical Access Controls Provide security over software and information imbedded in the system. Physical Access Controls

Provide security over tangible IT resources. Cloud Computing The practice of using a network of remote servers hosted on the internet to store, manage, and process data. Integrated Auditing IT risk and control assessments are assimilated into assurance engagements conducted to assess process-level reporting, operations, and/or compliance risks and controls. GTAG The IIA publishes the Global Technology Audit Guides (GTAGs). These guides provide internal auditors with guidance that will help them better understand the governance, risk management, and control issues surrounding IT. Impact The severity of outcomes caused by risk events. Can be measured in financial, reputation, legal, or other types of outcomes. Regulatory and Legal Misconduct Includes conflicts of interest, insider trading, theft of competitor trade secrets, anti-competitive practices, environmental violations, and trade and customs regulations in areas of import/export. Likelihood The probability that a risk event will occur.