ere ee eee eee eee eee eee eee eee eee eee eee ee eee eee 15 STUDY UNIT ONE MANDATORY GUIDANCE (13 pages of outine) 1 Applicable Standards... esu vant 2». Codes of Ethical Conduct for Professionals... .3 Internal Audit Ethios ~ Introduction and Principles: 4 Intemak Audit Ethics — Integrity 5 6 Internal Audit Ethics ~ Objectivity Intemal Audit Ethies ~ Confidentiality. 4.7,... Interrial Audit Ethics = Competency»... 8 _Infemal Audit Charter... 1 3 4 : 1 1 1. The Institute of Internal Auditors (The IIA), headquartered in Altamonte Springs, Florida, governs the professional practice of internal auditing worldwide. Since its founding in 1941, The IIA has issued an extensive body of professional literature. This literature serves both to provide guidance for internal auditors in carrying out their job duties and to provide a level of respect for the profession among businesspeople and the general public. This study unit is the first of two covering Section |: Mandatory Guidance from The llA’s CIA Exam Syllabus. This section makes up 35% to 45% of Part 1 of the CIA exam and is tested at the proficiency level. The relevant portion of the syllabus is highlighted below. (The complete syllabus is in Appendix B.) _—— L. MANDATORY GUIDANCE (5%45%) ' ‘A. Definition of Internal Auditing 1, Define purpose, authority, and responsibility of the internal audit activity: B. Code of Ethics I Abide'by arid promote compliance with The IIA. Code of Ethics . International Standards 1, Comply. with The HAs Auribute Standards ‘a. Deteemine ifthe purpose, authority, and respoisibility of the internal att activity are documented in the audit chatter, approved by the Board, and communicated to the engagement clits by; Demonstrate arrunderstanding of the purpose, authority, and responsibility ofthe intemal audit activity “Maintain independence and bjetvity Determine ifthe required knowledge sls and competencies ae avaiable Develop andor procure necessary knowlege kills, and competencies eolectvely required by ie intemal aut activity ercise de professional care Promote continuing poressinal development Promote quality assurance and improvement te internal aut activity —_— 1.4 APPLICABLE STANDARDS 1. Mandatory Guidance The Institute of Internal Auditors’ (The IIA's) International Professional Practices Framework (IPPF) contains both mandatory guidance and strongly recommended guidance. . 4) The IIA considers adherence to the mandatory guidance essential for the professional practice of intemal auditing,6 SU4: Mandatory Guidance b. The mandatory guidance consists of three parts: the Definition of Internal Auditing, the Code of Ethics, and the Standards. 1) The Definition of internal Auditing is a concise statement of the role of the = internal audit activity in the organization. Definition of Internal Auditing Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, cisciplined approach to evaluate and, jmprove the effectiveness of risk management, control, and governance processes. 2) The detailed text of the Code of Ethics can be found in Subunits 1.2 through 1.7 3) The Standards (known formally as the intemational Standards for the Professional Practice of Internal Auditing) serve the following four ourposes described by The IIA: Purpose of the Standards 4. Delineate basic principles that represent the practice of internal auditing. 2. Provide a framework for performing and promoting a broad range of value-added internal auditing. 3. Establish the basis for the evaluation of internal audit performance. 4, Foster improved organizational processes and operations. . The Standards are vital to the practice of internal auditing, but CIA candidates need fot memorize them. However, the principies they establish should be thoroughly understood and appropriately applied +) Attribute Standards, numbered in the 1000s, govern the responsibilities, attitudes, and actions of the organization's internal audit activity and the people who serve as internal auditors. They are displayed in gteen boxes throughout this text. 2) Performance Standards, numbered in the 2000s, govern the nature of interci auditing and provide quaiity criteria for evaluating the internal audit function'= performance. Performance Standards also are displayed in green boxes: 3) Interpretations are provided by The IIA to clarify terms and concepts veferred to in Attribute or Performance Standards. Interpretations are in light blue. 3) Implementation Standards expand upon the individual Attribute oF Performance Standards that apply to al internal audit engagements 4) Each implementation Standard describes the requirements of either an ‘assurance or @ consulting engagement. b) Implementation Standards are displayed in grey boxes. 2. Strongly Recommended Guidance a. The pronouncements that constitute strongly recommended guidance have been developed by The IIA through a formal approval process. They describe practioes for Sffective implementation of the Definition of Internal Auditing, Code of Ethics, anc Standards. : +) The three sirongly recommended elements of the IPPF are (a) Position Papers, (b) Practice Advisories, and (c) Practice Guides‘SU 5: Mandatory Guidance 7 3, Graphical Depiction of the Hierarchy of fiA Standards: The IIA’s International Professional Practices Framework Strongh Position | Practice | Practice y j Papers | Advisories | Guides Aecopmenced Implementation Standards» © Performance fp © Standards: Mand: rosie A The FPF contains aon broad dontongané a vareteove amour oFlbald quence. Asa whol hs ‘omen provaes an vale a pg.engogod in ares) pracie ars cucing. n'y certain key provisions, hole gare of ssing the. ‘The purpose of the Gleim Cin Rens fmsh yoo sith ce re peril oe teas moat itt be std. Your chances of sug Tyodgey ase and undoond how fo ‘otomert and‘ he Sigs WBptctons,ankeicoeAciory excets presente nese outlines. ° x ‘sponsibility 6f the Internal Audit Activity a" in The wBlossary, the purpose of the internal aut activity is to st, objective assurance and consulting services designed to prove an organization's operations. The internal audit activity ization accomplish its objectives by bringing a systematic, pproach to evaluate and improve the effectiveness of governance, Es ‘agement and control processes.” as support of management and the board is crucial when inevitable conflicts & arise between the internal audit activity and the department or function under review. Thus, the internal audit activity should be empowered to require auditees to grant access to all records, personnel, and physical properties relevant to the performance of every engagement. a) A formal charter for the internat audit activity that defines the internal audit activity’s purpose, authority, and responsibility must be adopted, and it should contain a grant of sufficient authority. Final approval of the charter resides with the board. c. Responsibility 1) The internal audit activity's responsibility is to provide the organization with assurance and constiting services that will add value and improve the organization's operations. Specifically, the internal audit activity must evaluate and improve the effectiveness of the organization's governance, risk management, and control processes.18 SU: Mandatory Guidance 5, Compliance with Federal Laws a ‘a. Many non-U.S. companies issue stock or track stock on U.S, exchanges. Internal auditors worldwide must be aware of U.S. law and the consequences of a public corporation not following it b. As part of its role in organizational governance, risk management, and control, the internal audit activity is responsible for evaluating (and recommending improvements to) compliance with relevant federal laws. 1) Common examples of such laws are (a) regulations regarding th: pollutants and (b) workplace safety rules. ts c. As part of federal law, an internal auditor should be aware of t and Corrupt Organizations Act, the Foreign Corrupt Practics Oxley Act, all of which are discussed below and on the neff B 6. The Racketeer Influenced and Corrupt Organizations A a. In 1970, Congress passed the Racketeer Infl (RICO, commonly pronounced ree-ko) Act, crime. The Aat’s goals were to eliminaterfganiaei@ierime by co transfer of ilegal monies. & ree a. 2 1) RICO has both civil and criminal provisiongy/The crindifial'Bortion provides for fines and prison sentences, civil portion,proyides for the awarding of treble damages and gpg plaintiff b. RICO specifically makes the feffawirigaagiivities 1) Conspiring to com offenses iftiiems 2)-4) 2) Using income degli a pattern of réicketeering activity to acquire an interest in and wh, Ban ineteet in’an enterprise through a pattern of Gyre: through a pattem of racketeering activity 'o be deployed against the Mafia and other against Wall Street insider traders, Major League Baseball, fslers, and public accounting firms—none of which was ngress when the law was originally passed. ‘most significant of these cases in terms of business ethics was that ment bank Drexel Burnham Lambert and its former employee Michael $7 Both the firm and Milken individually were threatened with indictment S. Attorney Rudolph Giuliani under RICO in the late 1980s for trading on inside information: 7. The Foreign Corrupt Practices Act of 1977 a. The Foreign Corrupt Practices Act (FCPA) was enacted in 1977 in response to the fiood of bribes handed out by U.S. companies to foreign government officials, @ phenomenon that came to light during the Watergate investigations of 1973-74. b. The FCPA contains two sets of provisions: 4) All public companies must devise and maintain a system of internal accounting control, regardless of whether they have foreign operations. 2) Public companies may not make corrupt payments to any foreign official, foreign political party or official thereof, or candidate for political office in a foreign country, c. As under RICO. individuals found in violation of the FCPA are subject to both a fine and imprisonment. A corporation may be assessed a fine as welSU 1: Mandatory Guiiance 19 8, The Sarbanes-Oxley Act of 2002 The Sarbanes-Oxley Act of 2002 (SOX) was a response to the numerous financial reporting scandals of late 2001 and early 2002. b. SOX imposes specific governance practices on issuers of publicly traded securities, 1) Each member of the issuer's audit committee must be an independent member of the board of directors. 2) . Atleast one member of the audit committee must be a fin: xpert 3) The audit committee must be directly responsible for app mpensating, and overseeing the work of the independent augdligr. 4) The independent auditor must report directly to Sipmittee, pot to management. c. * SOX also imposes specific reporting requirement issuer's CEO and CFO must certify to the ef control. d. Criminal penalties were provided for records in an attempt to obstruct 9. Compliance with Control Frameworks the forbe*t law, bUbtnéy are extremely useful tools for ensuring th orgrizaioausresses al aspects! 9 comprehensive sytem of igh the internal al or d iccounting or other jeveloped in different nations—are tested on the CIA e) b. The COSO Fram formalise) ffermal Control — Integrated Framework, is the most prg 61 framewgrk'i the United States. the COS@, Framework was issued by the Committee of tee | 1S) of the Treadway Commission (named for adway ist chairman) and was updated in 1994. 1e baggpohts original title, Criteria of Control is known formally as Contr fas published in 1995 by the Canadian Institute of (CICA), 0d Acc “eit, Allof the choices are correct. 3. The purpose of the internal audit activity can, best described as A. Adding vaiue to the organization B. Providing additional assurangé fran tat 7 4. The Str Standards. WAG Siandarse Charterites ORprovicers oeley sonces? D. Assuring Implomentation Standards, Performance Standards Attribute Standards. Independence Standards. pose, & =p aciv USSION: Internal ausiting is an independent, objective ‘Answer (B) is correct. REQUIRED: The item not a purpose of the Standards. DISCUSSION: Guiding the ethical conduct of internal ‘ucitors isthe purpose of the Code of Ethics, not the Standards ‘Answer (A) is incorrect. Establishing the basis for the evaluation of intern audit performance is oparpt The IiA's stated purposes of the Standards. Answer (C) is. Delineating basic principles that represent the practioelgflnk one of The IIA's stated purposesiot th Incorrect. Fostering improved 6 ‘operations is one of The IlA’s sta ‘other ‘expand upon the provide ements. nce Standards apply to all Is incorrect. Attribute {o all internal aldit services. Answer (D) is ct. Only implertigntation Standards expand upon the in other 8. best description of the internal aucit ‘and consulting activity designed to add value and ing). ; ye an organization's operations (Definition of Internal ma P presentation of finangigl stale C. Expressing an opiniSegihe @ ‘and functioning ofthe conto. v Answer (C) is correct. REQUIRED: The Standards describing the rats of entities ‘and individuals providing internal auditing services. DISCUSSION: Attribute Standards concem the characteristics of organizations and parties providing internal audlting services. ‘Answer (A) is incorrect. Implementation Standards apply specific types of engagements. Answer (B) is incorrect. Performance Standards describe the nature of intemal aucitin ‘and provide quality criteria for evaluation of internal audit performance. Answer (D) is incorrect, The IPPF does not contain Independence Standards.SU 1: Mandatory Guidance 1.2 Codes of Ethical Conduct for Professionals 5. A primary purpose of establishing a code of ‘conduct within a professional organization is to |A. Reduce the likelihood that members of the profession will be sued for substanderd work. 'B. Ensure that all members of the profession perform at approximately the same level of ‘competence. Promote an ethical culture among professionals who serve others. ° . Require members ofthe profession to exhibit Answer (C) is correct, REQUIRED: The primary purpose of establishing a code of conduct within a professional organization DISCUSSION: The IIA's Code of Ethics is typical, Its purpose is “to promote an ethical culture in the profession of internal auciting.” The defntion of interna auditing states that it ig"an independent, objective assurance and consuiting activity.” + Moreover, internal 2uciting is foundgé@ “the trust placed in its objective assurance aboul governdfgestiskemanagement, and ‘control.” Accordingly, internal auc fessionals who Loehsulting services. result may follow from iC the pringary purpose, ‘Answer (A) 1s incor establishing a code of cond vatty inal maters pera irs Dying, Angagfy nord. ea a Poh miaieandores of ssible sp enete equality of ‘Answer (0) 6. An accounting association established a code of sthics for all members. What is one of the ‘association's primary purposes of establishing the code of ethios? ‘A, To outline criteria for professional ber 1B. To establish standards to follgyadéy 8 accounting practice, CE C. To provide a framework vitae, ‘accounting policies, D. To outline ‘conducting i ‘accountants _a profige ihe framework within which accounting poicies are A wit ‘Answer (0) is incorrect. The primary purpose is not jfy to the public at large than loyalty to one’s & : ptr pupose of extabsing a code of eth DISCUSSION? The primary purpose of a code of ethical ret ged Screed egontcaon nto promot on aa Paha up lirtessenas uno save oe *Secoee Nebo Sanda sling bodes, not 2 Rdgiof ethics, provide guidance for eifective accounting practice Answer (C) is incorrect. A code of ethics does not interviewing new accountants, Answer (B) is correct. REQUIRED: The inference(s) regarding the existence or Org mal code of absenee of a formal code of ethics. ethics 3. The code of DISCUSSION: A formal code of ethics effectively, ethics e@ chase agreements, (1) communicates accepiable values to all members, 2) provides : rears wien Sn rsa Te reece yuygagdal enaver wii the Beene of Meaabngsatomen' fegrcng re existence of the cade of ethics in A can be logically inferred? |. Acxhibits @ higher standard of ethical behavior than does B. Il. has established objective criteria by which an individuals actions can be evaivated Ill, The absence of a formal code of ethics in B would prevent a successful review of ethical behavior in that organization. S method of policing and discipining members for violations, {G)establisnes objective standards against which individuals can measure thelr own performance, and (4) communicates the | Sreanization’s value system to outsiders. “Answer (A) is incorrect. The mere existence of A's code of athics does not ensure that its principles are followed, ‘Answer (C} is incorrect, The absence of a formal code af ethics tdoes not preclude a successful review of ethical behavior in an ‘organization. Policies and procedures may provide the onteria for such an engagement, Answer (D) is icorect, The existence ff a code of ethics does establish cbjective criteria by which individual actions can be evaluated. However, the absence of a otral code of ethics doos not preclude a successful review of ethical behavier in an organization. Policies and procedures may provide the oriteria for such an engagement. ‘A. Vand Uh B. Monty. i ©. only D. Mand20 SU 1: Mandatory Guidance 8. A raviow of an organization's code of conduct revealed that it contained comprehensive guidelines designed to inspire high levels of ethical behavior. ne review also revealed thatemployees were knowledgeable of its provisions. However, some ‘employees stil did not comply with the code. What ‘element should a code of conduct contain to enhance iis effectiveness? A. Periodic review and acknowledgment by all employees. B. Employes involvement in ts development. ©. Public knowledge of its contents and purpose. ._ Provisions for disciplinary action in the event of violations, e nd Principle 9. The HA Rules of Conduct set forth in The IIA's Code of Ethics A. Describe behavior norms expected of internal auditors. B._ Are guidelines to assist internal auditors in * dealing with engagement cients. C. Are interpreted by the Principles. D. Apply only to particular conduct specif mentioned. 10, Today's intem@Paucitorap wide range of poten ‘encounter ‘lemmas, nol which are ex by The II's Ethics. Ifthe eounter dilemma, the if should A. Seek coun from an i fl attomey 10 determine the perso uences of potential actions. 8. Apply and uphold the principles embodied in The IIA’s Code of Ethics. CC. Seek the counsel of the board before deciding ‘on an action, D. Act consistently withthe code of ethics ‘adopted by the organization even if such action 's not consistent with The IIA’s Code of Ethics. Anewer (0) is comect. REQUIRED: The element that enhances the effectiveness af a code of conduct. - DISCUSSION: Penalties for violations of a code of conduct should enhance is effectiveness. Some individuals wil bs deterred from misconduct if they expect ito be detected and punished, ‘Answer (A) is incorrect. Periodic review and ‘acknowledgment would ensure employee kno} acceptance of the code, wich are not at is Incorrect. Employee involvement in develo ‘encourage employee acceptance, ‘Answer (C)'s incorrect. Public behavior of some individuals but ris perceived likelinood of sanctions ut The lIA's Code of ‘The 1IA's Coll of Ethics extends beyond the 6 nclude two essential at are relevant tothe profession ting and (2) Rules of Conduct that “expected of intmal aucitors Answer (B) iSRcorrect. The Rules of Conduct provide guidance to infernal auaitors inthe discharge oftheir rospogsibiity to all those whom they serve. Engagement clients aregig\ tigjonly partes served by intemal auditing. Answer (C)is indBrigct. The Rules of Conduct are an aid in interpreting the 8. Answer (0} is incorrect. The conduct may be table or discredteble although not mentoned in the jes of Conduct. Answer (B) is correct. REQUIRED: ‘The action taken when an intemal aucitor encounters an ethical dilemma. DISCUSSION: The Code includes Principles (integrity, objectivity, confidentiality, and competency) relevant to the profession and practice of internal auditing arid Rules of Conduct {hat describe behavioral norms for intemal aucitors and that interpret the Principles. Internal aucitors are expected fo apply land uphold the Principles. Furthermore, that a particular conduct ig not mentioned in the Rules does not prevent it from being unacceptable or discreditable. ‘Answar (A) is incorrect. Seeking the advice of legs counse ‘on all ethical decisions is impracticable Answer (C) is incorrect Seeking the advice of the board an ail ethical decisions is. impracticable. Furthermore, the advice might not be consistent with the profession's standards. Answer (D) is incorrect. if the ‘organization's standards are not consistent with, or as high as, the profession's standards, the internal auditors held to the standards of the profession,1: Mandatory Guidance 41. In complying with The llA’s Code of Ethies, an sri auditor should A. Use individual judgment in the application of the principles set forth in the Code. B, Respect and contribute to the objectives of the ‘organization even if tis engaged in illegal activities C. Go beyond the limitation of personal technical skills to advance the interest of the organization. . Primarily apply the competency principle in establishing trust, 12, An intemal auditor who encounters an ethical dilemma not explicitly addressed by The IIN's Code of Ethics should always |A, Seek counsel from an independent attomey jo determine the personal consequencagof potential actions. 8. Take action consistent with the ‘embodied in The IlA’s Code of deciding on an action. D. Act consistently with ‘organization's cadk action woul Code of Ei The IIA's Code of ‘A. In response to a subpoena, an aucitor appeared in a court of law and disclosed confidential, audit-related information that could potentially damage the auditor's, ‘organization, B. An auditor used aucit-related information in a decision to buy stock issued by the employer corporation, ©. Aer praising an employee in a recent audit ‘engagement communication, an auditor ‘accepted a gift rom the employee. . An auditor did not report significant observations about ilegal activity to the board because management indicated that it would resolve the issue, 31 ‘Anewer (A) is correct, REQUIRED: The action complying wit The IIA's Code of Ethics. DISCUSSION: The ItA's Code of Ethios includes principles that internal aucitors are expected to apply and uphold. They are interpreted by the Rules of Conduct, behavior norms expected of intemal auditors. Thal a particular conduct is not mentioned in the Rules of Conduct does not prevent it from being unacceptable or discreditable. Consequently, a reasonable inference is that individual judgmer sary inthe pplication ofthe principles and t ‘Answer (B) Is incorrect. knowingly be a party to internal auditor is bound’ legitimate anc ethical “organi Answer (C) is incorrect. Intemalgé engage: jose services for which they have ay knowleduBeshiS, and experience.” A Georect. Applyioend upholding > by an intemal auditor n Risther judgment. : on tha nay shou bo taken i audtegsbiscouners on obo cloma not expliditipeddresse % lIA’s Code of Ethics, DIRCUSSION® fHHIAs Cove of Eines based on sings oni ta pss spate ae che parte audi ar epeced apy and uphold Pace, eM yin, covery nd company. aebptags Re Code tts ina arcs condul may be eee or ascroatetie event eno mentioned tho Fg oon over (is incvrect. Te sudlor mus ac conistnty ante sot The ihe Cous of hes, isnot practi 0 ‘Seek the advice of legal counsel for all ethical decisions. Horner uncial Shor ay ot begs Anes () orc ent Tacable sone audt Commitee ace ree anal dlonmnas:furhemore he ave might tbe (Gratton ih te proeeson's anand. Arower (O18 contr fe orgaieabon®struards ere cositert wih weer es he petecoon’sstantads, ne nferal audor Should Soi by He ater, Answer (A) is correct REQUIRED: The auditor acto permissible under The IlA's Code of Ethies. DISCUSSION: Rule of Conduct 1.2 under the integrity principal states, "Internal auditors shall observe the law and make disclosures expected by the law and the profession.” ‘Thus, auditors must comply with subpoenas. ‘Answer (B) is incorrect. Rule of Conduct 3.2 prohibits ‘auditors fram using audit information for personal gain. ‘Answer (C) is incorrect, Rule of Conduct 22 prohibits an auditor from accepting anything that might be presumed to impair the ‘auditor's professional judgment. Answer (0) is incorrect, Rule of Conduct 1.3 prohibits auditors ftom knowingly being a party to ‘any ilegal or improper activity. Significant observatons of illegal ‘activity should be reported to the board32 SU: Mandatory Guidance 44, The IIA’s Code of Ethics requires internal ucitors to perform their work with Honesty, dligence, and responsiblity, ‘Timeliness, sobriety, and clarity, Knowledge, skills, and competencies. Punctuality, objectivity, and responsibilty >, po 415 wal Audi 15._ACIAs working n 2 nonintemal-audling position asthe director of purchasing. The CIA Signed a contract to procure a large order from the supplier with the best price, quality, and performance. Shorty ater signing tho contract, the supplier presented ine CIA with a gift of significant monetary Value. Which ofthe folowing statements regarding the acceplance of the git is tue? A. Acceptance of the gift is prohibited only i itis ‘not customary. B. Acceptance of the gift violates The IIA's Code ‘of Ethios and is prohibited for a CIA. . Because the CIA is no longer acting as an intornal auditor, accoptance ofthe gift is, Conduct D. Because the contract was signs gift was offered, acceptance ot violate either The, or the organization's ct ri 16. The chief aug es boon appointed toa 20 jaa tne 2 ofthe externa engagamont Satyr the external aris the Gag pt her fora week of vale dbo CAE shoul Bs Accept, ass jedules allow it, Refuse on the groundgPontfict of interest. . Accept as long as itis not charged to employer ‘ime. D. Ask the comptroller whether accepting the invitation is a vieletion ofthe organization's code of ethics, Ra Answer (A) is correct. REQUIRED: The qualities the performance of their work DISCUSSION: Rule of Conduct 1.1 under the integrity principle states, “Internal aucitors shall perform their work with honesty, dligence, and responsibilty.” ‘Answer (B) is incorrect. Timeliness, sobriety, and clarity are riot mentioned in the Code. Answer (C)is incorrect. Knowledge, skills, and competencies are mentioned in the Standards. 10d in the ‘Ansvier (D)is incorrect. Punctuality is not m Cove, Answer (8) is correct. REQUIRED: The t froma supplier. 4 DISCUSSION: a bral certifications are subj The IlA’s Code of Ethic principle states, “i iyhing that may ‘impair or bs judgment.” Answer ( ssumed to have impaireg.abé CIA's professional judgment, Cys cored ng the ail governed by The lIN duct. a is incorrect. The timing of signing ct i A” ‘Answer (B) is correct. REQUIRED: The CAE’s response lo a social invitation by an, extemal auditor who is subject to evaluation by a committee 1 which the CAE serves. DISCUSSION: Rule of Conduct 2.1 under the objectivity principle states, “Internal auditors shall not parlicpate in any Activity of relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities of relationships that may be in confit with the interests of the organization,” Furthermore, under Rule of Conduct 2.2, “intemal auditors shall not accept anything that may impair or be presumed to impair their professional judgment." ‘Answer (A) is incorract. The auditor should nol acceot ‘Answer (C) i incorrect. Not charging the time to the compar not sufficient to eliminate conflict-ofnterest concerns. ‘Answer (D) is incorrect. The aucitor should know that accepting the invitation raises conflict of interest issues.SU 1: Mandatory Guidance 17. In aeview of travel and entertainment expenses, a certified intemal aucitar questioned ne business purposes of an officer's reimbursed travel expenses. .The officer promised to compensate for the questioned amounts by not claiming legitimate expenses in the future. If he officer makes good on the promise, the internal auditor A. Can ignore the original charging of the rnonbusiness expenses. BB. Should inform the tax authorities in any event. CC. Should stil include the finding inthe final engagement communication. 1D. Should recommend that the officer forfeit any frequent flyer mies received as part of the questionable travel, 48. An intemal autor fora lerge cegional bank was asked to serve on the board of creciors ofa local Bank. The bank competes In many of he same markets ag the regional bank but focuses more on Consumer financing than on business fhancing, In accepting ths poston, the internal auctor |. Violates The It's Code of Ethics because Benvng cn the board may be in confit ih Best inforosts ofthe intemal auto's er Il. Violates The it's Code of Ethics bo: information gained while serving 0 of directors ofthe local bank may @ ag a. favior of an ae agg scum organizatiolts {pal in-house chairperson. B. Internal auditor and part-time business insurance broker, . Intemal auditor and adjunct faculty member of a local business college that educates potential employees. D. Internal auditor and landlord of multiple housing that publicly advertises for tenants in a local community newspaper listing monthly rental fees, af Answer (C) is corre REQUIRED: The intemal auditors action when an officer ‘agrees to compensate for questionable expenses by not ciaiming legitimate expanses in the future DISCUSSION: Rule of Conduct 2.3 under the objectivity principle states, “Internal aucitors shall disclose all materia facts known to them that, if not disclosed, may distor the reporting of activities under review.” “Answer (A) Is incorrect, The pos the officer is @ material fact that sha whether the questioned expenses incorrect. Communication of raguts organization is not requ Answer (D) is incorrect. fraudulent behavior of APB seported regardless of n(s), if any, of The II's Juct 2.1 under the objectivity Fs shall not participate in any may impair or be presumed to impair their unbiased agsegement, This participation includes those ho oasis ama be ns! wih eines tne oration Accordingly, sens onthe boa ofthe focal to a confit of treat and may prejudice te int Ps ably fo cary ou objectively nisher dues rogaraiipotental acquisitions “gnswer (A) incorrect. Serving onthe boar ofthe focal ank creates a conflict of interest and may prejudice the intemal xitor’s ability to perform hisihet duties. Answer (B) is inorrect.. Serving on the board ofthe local bank may also be in confit with the best interests ofthe auditor's employer Answer (D) is incorrect, Serving on the board ofthe local bank creates & conflict of interest and may prejudice the internal ‘auditor's abilly to perform hisMher duties. Answer (8) is correct. REQUIRED: The concurrent occupations that could ereate an othieal issue. DISCUSSION: Rule of Conduct 2.1 under the objectivity principle states, “Internal auditors shall not participate in any §civty of relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those ‘activities or relationships that may be in conflict with the interests Of the organization.” As a business insurance broker, the internal ‘auditor may lose his/her objectivity because (s)he might benefit from a change in the employer's insurance coverage. Answer (A) is incorrect. The activites of a charity are unlikely to be contrary to the interests of the organization. ‘Answer (C) is incorrect. Teaching is compatibie with internal suditing, Answer (D) is incorrect. Whereas dealing in commercial properties might involve @ conflict, renting residential units mest likely does not1.6 Internal Audit Ethics - Confidentiality 20. Which of the following is permissible under The A's Code of Ethics? A. Disciosing confidential, engagement-related information that is potentially damaging to the ‘organization in response to a court order. Using engagement-related information in @ decision ia buy an ownership interest in the employer organization. C. Accepting an unexpected gif from an employee whom the intemal auditor has praised in a recent engagement communication, ._ Not reporting significant observations and recommendations about illegal activity to the board because management fas indicated it will address the issue. 21. Which situation most tkely violates The IlA's Code of Ethics and the Standards? ‘A. The chief audit exocutive (CAE) disagrees with the engagement cent about the observations SCUSSION: Ru ‘slates, “Inte tors shall be prudent in the use and of info ied in the course oftheir duties.” sion of jttore wih an unauthorized party is the n most ‘conskiered a Code violation. and recommendations in a sensitive area, CAE discusses the detail of the observations ‘and the proposed recommendations with 4 {ollow CAE from another organization. B, An organization's charter for the int activity requires the chief aucit exetid (CAE) to present the yearly eng ‘schedule to the board for its suggestions. ; . The engagement mar the most significant obse ‘conclusions. D. Because the internal aucit activity lacks skill ‘and knowledge in a specialty area, the chief audit executive (CAE) has hired an expert. The engagement manager has been asked to review the expert's approach to the assignment, Although knowiedgeable about the area under review, the manager is hesitant to accept the assignment because of lack of expertise. Answer (A) is correct. REQUIRED: The action permissible under The liA's Code of Ethics. DISCUSSION: The principle of confidentiality permits the disclosure of confidential information if there is a legal or ‘professional obligation to co so. ‘Answer (B) is incorrect. Rule of Conduct 3.2 prohibits intemal aucitors from using information for apf@hal gain. ‘Answer (C) is incorrect. Rule of Conduct 28 ‘auditors from accepting anything ihat may id presumed to impair, their profess incorrect. Rule of Conduct 2.3 u requires internal auditors to disclo them tat, ifnot disclosed, under review. swer (D) i principle al facts kyon 10 porting ofEties A ae Bincey to be considered a luct 3.1 under the confidentiality “Answer (BAsicorrect. Approval of the engagement work edule by spe board and senior management is required. ‘Answ9f{C) i incorrect. Information must be sufficient to achieve en nt objectives, Answer (D)is incorrect. The Standards ‘use*of experts when needed.Mandatory Guidance 22._ Which of the following actions taken by a chief Audit executive (CAE) could be considered professionally ethical under The iIA’s Code of Ethics? A. The CAE decides to delay an engagement at a ‘branch so that his nephew, the branch manager, will have time to “clean things up.” B, To save organizational resources, the CAE cance’s all staf training for the next 2 years on the basis that all staff are too new to benefit ‘rom training. C. To save organizational resources, the CAE limits procedures at foreign branches to confirmations from branch managers that no ‘major personnel changes have occurred D, The CAE refuses to provide information about ‘organizational operations to his father, who is a part owner, Internal Audit Ethics = Competency 23,_During the course ofan engegement i ‘rom the organization. Although ths is the ‘embezzlement ever encountered and has a security department, the inter as jucation could be A. The Intemai6fal Standards forthe Professional Practice of Internal Auditing, 8. ThellA’s Code of Ethos. CC. Both the Intemational Standards for the Professional Practice of intemal Auditing ant The IIA's Code of Ethics. D. None of the answers are correct 3 Answer (D) is correct. REQUIRED: The action considered ethical under The IIA's Code of Ethics. DISCUSSION: Rule of Conduct 3.1 under the confidentially principle states, “Intemal auditors shal be prudent in the use and protection of information acquired in the course of ther duties.” ‘Additionally, Rule of Conduct 3.2 states, “intornal auditors shall ‘not use information for any personal gain or in any manner that would be contrary to the law or detigagial tothe legitimate and ethical objectives of the organiza such use of information by the CAE might be il insider tracing fe of Conduct 1.1, rk with hapesty, diligence, _-and responsibility.” Conduct 4.3, “inter proficiency ang th Answer (C) is, inswer (QfTS gorrect. RI f. The ethics rule most ikely violated, ol ION: Rule of Conduct 4.1 under the competency principisSstes, “Internal auditors shall engage only in those Serviées for which they have the necessary knowiedge, ski, id experience.” Intemal autos may nol have, ond are. not pected to have, knowledge equivalnt io that ofa person ‘whose primary responsibilty isto detect and investigate fraud {mol Sid. 120.82). ‘Answer (A) is incortect. The requirement to perform work with dligence does not override the competency Rules of Conduct oF the need to use good judgment. Answer (B) is incorrect. Loyaity i better exhibited by consulting with professionals and knowing the limits of competence. Answer (0) Is incorrect. The intemal auditor may vila the suspect's cv Tights as a result of inexperience. ‘Answer (C) is correct. REQUIRED: The effect of falling to meet continuing education requirements. DISCUSSION: Rule of Conduct 4.3 under the competency principle states, “Internal auditors shall continually improve their proficiency and the effectivenass and quality oftheir services.” Furthermore, Att Sid. 1230 states, “Internal auditors must ‘enhance their knowledge, skis, and other competencies through ‘continuing professional develosment.” Hence, both The IIA's Code of Ethics and the Standerds are violated by faling to earn continuing education credits. ‘Answer (A) is incorrect. The IIA's Code of Ethics also is violated. Rule of Conduct 4.3 under the competency principle states, “intemal auditors shall continually improve their proficiency and the effectiveness and quay of ther services.” Answer (8) is incorrect. The Standards also are violated because they require auditors to enhance their knowiodge, skills, ‘and other competencies through continuing professional development. Answer (D) is correct. Both the Code anc the Standards would be violated.36 SU 1: Mandatory Guidance 25. A new staff internal auditor was told to perform ‘an engagement in an area with which the intemal ‘auditor was not familiar. Because of time constraints, no supervision was provided. The assignment represented a good learning experience, but the ‘rea was clearly beyond the internal auditor's Sompetence, Nonetheless, the intemal auditor prepared comprehensive working papers and ‘communicated the results to management. In this Answer (8) is correct, REQUIRED: The etfect of falling to supervise an internal auditor who lacks aroficiency in the area of the engagement, DISCUSSION: Rue of Conduct 4.2 under the competency principle requires internal auditing services to be performed in [Accordance with the Standards. Att. Std. 1200 requires engagements to be performed with proficiency and due professional care, ‘They also should be properly supervised to ensure that objectives are achieved, quality is assured, and staff situation, Is developed (Pert. Std. 2340). ‘Answer (A) is incorrect. All internal au ‘A. The intemal aualt activity violated the proficient in all areas. The internat 4,8_Internal Audit Charter Standards by hiring an internal auditor without proficiency in the area. ‘The internal audit activity violated the Standards by not providing adequate supervision, ‘The chief audit executive has not violaled The A's Code of Ethics because it does not address supervision, ‘The Standards and The IIA's Code of Ethics \were followed by the internal aucit activity 26. During an engagement to evaluate the ‘organization's accounts payable function, an inte ‘auditor plans to confirm balances with suppliers, ‘What is the source of authority for such contac units cutside the organization? poePr 27. The board of an organ! usin ree ‘The internal audit e* ter. Cy ag Vv fr has charged the chief audit executive (CAE) with upgrading the internal eudit activity. The CAE's fret task is to develop a charter. What item should be included in the statement of objectives? @ (D)is cg FEQUIREDdy fp Source of authority for an intemal suitor ontac unite ObIde the organization should have an appropriate mix incorrect, The Eode requires co Nd », DISCUSSION: The charter establishes the intemal audit ‘activtysipositon within the organization, including the nature of the cit executive's functionai reporting relationship with th# UBard authorizes access to records, personnel, and physical cles rolavant tothe performance of engagements; anc es the ecope of internal audt activites (inter. Std. 1000). us, the charter prescribes the internal auciacivty’s those outside. ‘Answer (A) is incorrect. Policies and procedures guide the internal auditors in their consistent compliance withthe interna\ audit actvty’s standards of performance. Answer (B) is incorrect. The interval aut activty’s authority is defined in 2 charter approved by the board. Answer (C)is incorrect. The purpose of the Code af Ethics isto promote an ethical culture in the profession of internal auciting. Answer (C)is correct. REQUIRED: The item included in the statement of objectives of the charter. DISCUSSION: The charter establishes the intemal aucit activty’s position within the organization, including the nts the chief audit executive's functional reporting relationship with the board: authorizes access to records, personnel, and physical ‘A. Report all engagement results to the board prcperties relevant to the performance of engagements; and every quarter. Sefines the scope of intemal aust actives (iner, Sid. 1000). 8. Notiy governmental regulatory agencies of Ineral auditing brings a systematic, cscipined epproach to Unethioa! business practoes by organization fevalvating and improving risk management, contr, and management. {governance processes (Definition of intemal Auditing). ‘Answer (A) is incorrect, Only significant engagement results C. Evaluate the adequacy and effectiveness of are discussed withthe board, Anewor (8) § incorrect, Internal the organization's control, auditors ordinally are not required to report deficiencies in i Subyiit budnal valence roparts = tegulatory compliance to the appropriate agencies. However, management every month, they must observe the law and make disclosures expected by the Jaw and profession (Rule of Conduct 1.2). Answer (0) is incorrect, Submission of budgetary variance reports is not @ primary objective of internal auditing, Itis a budgetary control that management may requite on a periodic bass,28, The authority of the internal audit activity is imited to that granted by The board and the controller, Senior management and the Standards. Management and the board. The board and the chief financial officer. pom» 29._ Internal auditing has planned an engagement to evaluate the effectiveness of the quailty assurance function as it affects the receipt of goods, the transfer of the goods into production, and the scrap costs related to defective items. The engagement client argues that such an engagement is not within the ‘scope of the internal audit activity and should come Under the purview of the quality assurance department anly. What is the most appropriate response? Answer (G) is correct. REQUIRED: The source of authority of the intemnai audit activity. ‘DISCUSSION: The purpose, uthority, and responsibility of the internal audit activity must be formally defined in a charter. ‘The CAE must periodically review and present the charter to senior management and the board for approval (Att. Std, 1009}. "Answer (A) is incorrect. The controller is nct the ony member of management. Answer (8) igdgcorrect, The Standards cannot provide actual aut intemal audit actly. Answer (0) is incortecl. M and the board hota pafticular manager, give theint actly its authorty, Aas come & REQUIRED: Ti St eatains Nat auditing rance engagement. A might prevent the internal fectives. Answer (C) is be established by management e engagement is not limited fo the 1 quality assurance department. it |A.. Refer tothe intemal auitaciviy’s charter a SE Eee Lea sepunan ate engeerent the approved engagement plan that inglydes' jam. yer (®) is incorrect. The internal auditors must ‘ the area designated for evaluation in current time period. B. Because quality assurance is a neva ‘seek the approval of managem iN ‘mediator to set the scope of he client's n € Pea pee cere oo mcaeeyceurcens ee tat - A, . ‘Gleim CIA Test Prep Online to create Test Sessions that emulate Pearson VUE!gleim.com/cia 800.874.5346