The CAE initials and dates every working paper after it has been reviewed.

The CAE completes an engagement working paper checklist.

The CAE prepares a memorandum discussing the results of the working paper review.

The CAE utilizes an external third party to make an objective recommendation after each working paper review.

Require that all staff obtain a minimum of two relevant audit certifications.

Perform a gap analysis of the IAA's existing knowledge, skills and competencies.

Engage a consultant to benchmark the IAA's training program against its peers.

Assign one experienced manager to better coordinate staff training and development activities.

Hire a risk consultant.

Implement a hedging strategy.

Maintain a large foreign currency balance.

Insist that customers only pay in a stable currency.

Logic test.

Check digits.

Data integrity tests.

Balancing control activities.

Determine the organization's overall risk appetite.

Establish a governance committee.

Delegate authority to members of senior management.

Identify key stakeholders and their expectations.

A monitoring process.

A risk assessment process.

A strategic objective-setting process.

An information and communication process.

Performing a chemical analysis of the water, prior to discharge, for components specified in the permit.

Posting signs that tell employees which substances may be disposed of via sinks and floor drains within the facility.

Diluting pollutants by flushing sinks and floor drains daily with large volumes of clean water.

Establishing a preventive maintenance program for the pretreatment system.

It cannot be used to test the completeness assertion.

It cannot be used to test the existence assertion.

It cannot be used to test the occurrence assertion.

It cannot be relied upon because the evidence is not persuasive.

Act as an adviser to the committee responsible for reviewing violations of the code.

Review and adjudicate all violations of the code of conduct.

Lead the committee responsible for the oversight of the code.

Implement a system of procedures to inform all employees of the code.

An internal auditor should express an opinion only when consensus with top management has been achieved.

An internal auditor's opinion should be based on experience and free of all bias.

An internal auditor's opinion should be based on factual evidence.

An internal auditor's opinion should be limited to the effectiveness of internal controls.

To help the internal audit activity complete its annual assurance plan.

To identify inefficiencies within the internal audit team.

To help improve the overall quality of the internal audit activity's work.

To identify key risks and areas of concern within the organization.

Plan employee sessions and team building strategies for the organization to improve awareness of fraud among employees.

Review the investigation and implement any improvements to the process.

Conduct lessons learned sessions to ascertain how the fraud occurred and which controls failed.

Determine why The fraud was not detected earlier and design controls to strengthen early detection.

The bottom of the pyramid responsibility.

Innovative responsibility.

Ethical responsibility.

Discretionary responsibility.

The CAE should not interfere because there is no evidence that a conflict of interest has occurred.

The CAE should remind the senior auditor of his obligation to be objective and impartial.

The CAE should change the senior auditor's assignment and take corrective action for the auditor's failure to disclose the conflict of interest.

The CAE should require the senior auditor to disclose the relationship in writing before continuing his responsibility for monitoring procurement.

They serve as a reminder of what controls should exist in a process.

They require yes/no responses to specific questions, not open-ended responses.

They do not capture all controls that may exist.

They are useful in assessing risk.

Strategic objectives.

Operational objectives.

Reporting objectives.

Compliance objectives.

Benchmarking of the internal audit activity's practices and performance.

Report of internal assessment results, response plans, and outcomes.

Analysis of performance metrics such as cycle times.

Self-assessments and surveys of stakeholder groups.

Resource management.

Coordination.

Due professional care.

Engagement supervision.

The periodic rotation of procurement officers' assignments to supplier accounts.

A pre-award financial capacity analysis of suppliers.

An automated computer report, organized by supplier, of any invoices for the same amount.

Periodic inventories of kiln-dried wood at the organization's warehouse.

Internal auditors shall perform their work with honesty, diligence, and responsibility.

Internal auditors shall perform their work in accordance with the Standards.

Internal auditors shall perform their work in accordance with the law and make disclosures expected by the law.

Internal auditors shall be prudent in the use of information acquired while performing their work.

The human resources department generates a monthly list of terminated and transferred employees and requests IT to update the user access as required.

Standardized user access profiles are developed and the appropriate access profiles are automatically assigned to new or transferred employees.

System administrator rights are assigned to one user in each department who can update user access of terminated or transferred employees immediately.

Department managers are required to perform periodic user access reviews of relevant systems and applications.

The internal audit activity's plan for resource allocation.

The amount of the organization's potential loss prevented by the risk-based auditing of the internal audit activity.

The number of audits from the annual internal audit plan that were completed last year.

The qualifications and independence of the assessment Team.

The audit committee and senior management.

The audit committee and the external auditors.

Senior management and management of the audited area.

Senior management and the external auditors.

Automatic shut-off valve.

Auto-correct software functionality.

Confirmation with suppliers and vendors.

Safety instructions.

Objective setting.

Control activities.

Information and communication.

Event identification.

Allow the audit manager to hire the contractor and state that the individual is free to perform IT audits, including security.

Not allow the audit manager to hire the contractor, as it would be a conflict of interest.

Allow the audit manager to hire the contractor, but state that the individual is not allowed to work on IT security audits for one year.

Not allow the audit manager to hire the contractor and ask the individual to apply again in one year.

4 only

1 and 3 only

1 and 4 only

2, 3, and 4 only

1 only. |

1 and 4 only.

1, 3, and 4 only.

1,2, 3, and 4.

Consult with an immediate supervisor and notify the organization's audit committee.

Consult with an immediate supervisor and review the organization's ethics policy.

Give the prize to a friend or family member and notitfy the organization's audit committee.

Give the prize to a friend or family member and review the organization's ethics policy.

Corrective control.

Preventive control.

Detective control.

Compensating control.

Review notes of questions that arise during the review process must be retained.

Dating and initialing each workpaper provides evidence of review.

Workpaper review allows for staff training and development.

Workpapers may be amended during the review process.

Who?

How?

Why?

When?

The CFO determines the scope of internal audit work in the accounting department.

The CFO manages the accounting of the budget for the internal audit function.

The CFO administers the annual evaluation process for the internal auditors.

The CFO provides feedback on the CAE's audit reports.

1 and 2 only

1 and 4 only

2 and 3 only

3 and 4 only

The same employee who receives cash from customers prepares a prelisting of cash receipts.

The same employee who records cash receipts in the accounts receivable subsidiary ledger ensures that the ledger automatically updates the information.

The same employee who restrictively endorses checks received from customers prepares the bank's check deposit slips.

The same employee who makes deposits at the bank prepares the monthly bank reconciliation.

Negotiation and conflict resolution.

Project management.

Financial accounting.

Ethics and fraud.

The external assessment results are reported upon completion in confidence directly to the board, and senior management is advised only of the recommendations and improvement action plans.

The results of self-assessments with independent external validation are shared with the board upon completion, and monitoring of recommended improvements must be reported monthly.

The external assessment results are communicated upon completion to senior management and the board, but action plans for recommended improvements do not have to be reported.

The requirements for reporting quality assessment results are the same for external assessments and self-assessments with independent external validation.