Search for notes by fellow students, in your own course and all over the country.
Browse our notes for titles which look like what you need, you can preview any of the notes via a sample of the contents. After you're happy these are the notes you're after simply pop them into your shopping cart.
Document Preview
Extracts from the notes are below, to see the PDF you'll receive please use the links above
1
STUDY UNIT ONE
MANDATORY GUIDANCE
1
...
2
1
...
4
1
...
6
1
...
8
Applicable Standards
...
Internal Audit Ethics -- Introduction and Principles
...
Internal Audit Ethics -- Objectivity
...
Internal Audit Ethics -- Competency
...
1
6
6
8
8
9
10
10
This study unit is the first of two covering Section I: Mandatory Guidance from The IIA’s CIA Exam
Syllabus
...
The relevant portion of the syllabus is highlighted below
...
)
1
...
Mandatory Guidance
a
...
1)
The IIA considers adherence to the mandatory guidance essential for the
professional practice of internal auditing
...
All rights reserved
...
Reward for information exposing violators
...
com
...
The mandatory guidance consists of three parts: the Definition of Internal Auditing, the
Code of Ethics, and the Standards
...
Definition of Internal Auditing
Internal auditing is an independent, objective assurance and consulting activity designed to add value
and improve an organization’s operations
...
2)
3)
The detailed text of the Code of Ethics can be found in Subunits 1
...
7
...
2
...
4
...
Provide a framework for performing and promoting a broad range of value-added internal auditing
...
Foster improved organizational processes and operations
...
The Standards are vital to the practice of internal auditing, but CIA candidates need
not memorize them
...
1)
2)
Attribute Standards, numbered in the 1000s, govern the responsibilities,
attitudes, and actions of the organization’s internal audit activity and the people
who serve as internal auditors
...
Performance Standards, numbered in the 2000s, govern the nature of internal
auditing and provide quality criteria for evaluating the internal audit function’s
performance
...
a)
3)
Interpretations are provided by The IIA to clarify terms and concepts
referred to in Attribute or Performance Standards
...
Implementation Standards expand upon the individual Attribute or
Performance Standards that apply to all internal audit engagements
...
Each Implementation Standard describes the requirements of either an
assurance or a consulting engagement
...
Strongly Recommended Guidance
a
...
They describe practices for
effective implementation of the Definition of Internal Auditing, Code of Ethics, and
Standards
...
Copyright © 2015 Gleim Publications, Inc
...
Duplication prohibited
...
Contact copyright@gleim
...
3
SU 1: Mandatory Guidance
3
...
As a whole, this
framework provides an invaluable aid to those engaged in the everyday practice of internal auditing
...
The purpose of the Gleim
CIA Review is to furnish you with only those parts of the IPPF that are pertinent to the areas most likely to
be tested
...
4
...
Purpose
1)
b
...
The internal audit activity
helps an organization accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of governance,
risk management and control processes
...
Thus, the internal audit activity should be empowered to require
auditees to grant access to all records, personnel, and physical properties
relevant to the performance of every engagement
...
A formal charter for the internal audit activity that defines the internal audit
activity’s purpose, authority, and responsibility must be adopted, and it
should contain a grant of sufficient authority
...
Responsibility
1)
The internal audit activity’s responsibility is to provide the organization with
assurance and consulting services that will add value and improve the
organization’s operations
...
Copyright © 2015 Gleim Publications, Inc
...
Duplication prohibited
...
Contact copyright@gleim
...
4
SU 1: Mandatory Guidance
5
...
b
...
S
...
S
...
Internal
auditors worldwide must be aware of U
...
law and the consequences of a public
corporation not following it
...
1)
c
...
Common examples of such laws are (a) regulations regarding the discharge of
pollutants and (b) workplace safety rules
...
The Racketeer Influenced and Corrupt Organizations Act of 1970
a
...
The act’s goals were to eliminate organized crime by concentrating on the transfer of
illegal monies
...
RICO has both civil and criminal provisions
...
RICO specifically makes the following activities unlawful:
1)
2)
c
...
1)
2)
7
...
Probably the most significant of these cases in terms of business ethics was that
of investment bank Drexel Burnham Lambert and its former employee Michael
Milken
...
S
...
The Foreign Corrupt Practices Act of 1977
a
...
The Foreign Corrupt Practices Act (FCPA) was enacted in 1977 in response to the
flood of bribes handed out by U
...
companies to foreign government officials, a
phenomenon that came to light during the Watergate investigations of 1973-74
...
All public companies must devise and maintain a system of internal accounting
control, regardless of whether they have foreign operations
...
As under RICO, individuals found in violation of the FCPA are subject to both a fine
and imprisonment
...
Copyright © 2015 Gleim Publications, Inc
...
Duplication prohibited
...
Contact copyright@gleim
...
SU 1: Mandatory Guidance
8
...
b
...
SOX imposes specific governance practices on issuers of publicly traded securities
...
d
...
Each member of the issuer’s audit committee must be an independent member
of the board of directors
...
3) The audit committee must be directly responsible for appointing, compensating,
and overseeing the work of the independent auditor
...
SOX also imposes specific reporting requirements, among them a provision that the
issuer’s CEO and CFO must certify to the effectiveness of the system of internal
control
...
Compliance with Control Frameworks
a
...
The following five frameworks–developed in different nations–are
tested on the CIA exam
...
a)
2)
3)
Published in 1992, and most recently modified in 2013, the COSO
Framework was issued by the Committee of Sponsoring Organizations
(COSO) of the Treadway Commission (named for James C
...
CoCo (a nickname based on its original title, Criteria of Control) is known
formally as Guidance on Control
...
The Turnbull Report, known formally as Internal Control: Guidance for Directors
on the Combined Code, is named for Nigel Turnbull, chair of the committee that
drafted the report
...
COBIT, known formally as Control Objectives for Information and Related
Technology, is the best-known framework specifically for IT controls
...
eSAC is an alternative control model for IT
...
Copyright © 2015 Gleim Publications, Inc
...
Duplication prohibited
...
Contact copyright@gleim
...
6
SU 1: Mandatory Guidance
1
...
Reasons for Codes of Ethical Conduct
a
...
The primary purpose of a code of ethical conduct for a professional organization is to
promote an ethical culture among professionals who serve others
...
Communicating acceptable values to all members,
Establishing objective standards against which individuals can measure their
own performance, and
Communicating the organization’s values to outsiders
...
The mere existence of a code of ethical conduct does not ensure that its principles are
followed or that those outside the organization will believe that it is trustworthy
...
1)
b
...
3
...
A code of ethical conduct can help establish minimum standards of competence, but it
is impossible to require equality of competence by all members of a profession
...
Typical Components of a Code of Ethical Conduct
a
...
Integrity
...
Another facet of integrity is performance of professional duties in accordance
with relevant laws
...
A commitment to providing stakeholders with unbiased information
...
3) Confidentiality
...
4) Competency
...
These four elements are the core principles of The IIA’s Code of Ethics
...
3 INTERNAL AUDIT ETHICS -- INTRODUCTION AND PRINCIPLES
1
...
The IIA incorporates the Definition of Internal Auditing into the Introduction to the Code
of Ethics and specifies the reasons for establishing the Code
...
Internal auditing is an independent, objective assurance and consulting activity designed to
add value and improve an organization’s operations
...
-- Continued on next page --
Copyright © 2015 Gleim Publications, Inc
...
Duplication prohibited
...
Contact copyright@gleim
...
7
SU 1: Mandatory Guidance
-- Continued from previous page --
A code of ethics is necessary and appropriate for the profession of internal auditing, founded as it is
on the trust placed in its objective assurance about governance, risk management, and control
...
Principles that are relevant to the profession and practice of internal auditing
...
Rules of Conduct that describe behavior norms expected of internal auditors
...
“Internal auditors” refers to Institute members, recipients of or candidates for IIA professional
certifications, and those who perform internal audit services within the Definition of Internal Auditing
...
Applicability
a
...
Applicability and Enforcement of the Code of Ethics
This Code of Ethics applies to both entities and individuals that perform internal audit services
...
The fact that a particular conduct is not mentioned in the Rules of Conduct
does not prevent it from being unacceptable or discreditable, and therefore, the member, certification
holder, or candidate can be liable for disciplinary action
...
3
...
Core Principles
a
...
1)
2)
3)
4)
The integrity of internal auditors establishes trust and thus provides the basis for
reliance on their judgment
...
Internal auditors make a balanced assessment of all the relevant
circumstances and are not unduly influenced by their own interests or by others
in forming judgments
...
Internal auditors apply the knowledge, skills, and experience needed in the
performance of internal audit services
...
All rights reserved
...
Reward for information exposing violators
...
com
...
4 INTERNAL AUDIT ETHICS -- INTEGRITY
1
...
1
...
1
...
Shall observe the law and make disclosures expected by the law and the profession
...
3
...
1
...
Shall respect and contribute to the legitimate and ethical objectives of the organization
...
If, out
of loyalty to the employer, no information about the testing is gathered, the auditor violated the Rules of Conduct by
1
...
3
...
Knowingly becoming a party to an illegal act,
Engaging in an act discreditable to the profession,
Failing to make disclosures expected by the law, and
Not performing the work diligently
...
5 INTERNAL AUDIT ETHICS -- OBJECTIVITY
1
...
1
...
This participation includes those activities or relationships that may be in
conflict with the interests of the organization
...
2
...
2
...
Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of
activities under review
...
Conflict of Interest Policy
a
...
All rights reserved
...
Reward for information exposing violators
...
com
...
To express gratitude, the division manager presented the internal audit team with a gift of
moderate value
...
The following reasons for accepting or
not accepting the gift were discussed:
One auditor said, “we should accept the gift because its value is insignificant
...
”
A third auditor said, “we should not accept the gift
...
The lead auditor then
decided that acceptance of the gift would be inappropriate because of the presumed impairment of the internal auditor’s
professional judgment
...
6 INTERNAL AUDIT ETHICS -- CONFIDENTIALITY
1
...
1
...
3
...
Shall not use information for any personal gain or in any manner that would be contrary to the
law or detrimental to the legitimate and ethical objectives of the organization
...
q
Investigating potential instances of fraud is within the internal auditor’s normal responsibilities
...
Purchasing stock in a target organization after reading reports that it may be acquired
...
2 states, “Internal auditors shall not use information for any personal gain
...
Disclosing confidential information in response to a court order
...
This disclosure is not a violation
...
All rights reserved
...
Reward for information exposing violators
...
com
...
7 INTERNAL AUDIT ETHICS -- COMPETENCY
1
...
1
...
4
...
Shall perform internal audit services in accordance with the International Standards for the
Professional Practice of Internal Auditing (Standards)
...
3
...
EXAMPLE
Which of the following violate(s) The IIA’s Code of Ethics?
q
After obtaining evidence that an employee is embezzling funds, the internal auditor interrogates the suspect
...
Internal auditors generally lack the knowledge, skills, or experience regarding interrogation of suspects
possessed by security specialists
...
An internal auditor has been assigned to perform an engagement in the warehousing department next year
...
s
q
s
The internal auditor plans to acquire the required knowledge and skills prior to the start of this
engagement
...
1
...
The chief audit executive must periodically review the internal audit charter and present it
to senior management and the board for approval
...
Internal Audit Charter
a
...
The internal
audit charter establishes the internal audit activity’s position within the organization;
authorizes access to records, personnel, and physical properties relevant to the
performance of engagements, and defines the scope of internal audit activities
...
All rights reserved
...
Reward for information exposing violators
...
com
...
The importance of a formal, written internal audit charter cannot be overstated
...
The internal audit charter establishes the internal audit activity’s
position within the organization, including the nature of the chief audit executive’s functional
reporting relationship with the board; authorizes access to records, personnel, and physical
properties relevant to the performance of engagements; and defines the scope of internal audit
activities
...
1)
c
...
An auditee must not be able to place a scope limitation on the internal audit
activity by refusing to make relevant records, personnel, and physical properties
available to the internal auditors
...
This will prevent misunderstandings about access to records and
personnel
...
“Providing a formal, written internal audit charter is critical in managing the
internal audit activity
...
It also facilitates a periodic
assessment of the adequacy of the internal audit activity’s purpose, authority,
and responsibility, which establishes the role of the internal audit activity
...
1)
...
The CAE is also responsible for
communicating the result of this assessment to senior management and the
board” (para
...
As described in the following Standard, the charter itself must refer to the mandatory
guidance portion of the IPPF:
Attribute Standard 1010
Recognition of the Definition of Internal Auditing, the Code of Ethics, and the
Standards in the Internal Audit Charter
The mandatory nature of the Definition of Internal Auditing, the Code of Ethics, and the Standards
must be recognized in the internal audit charter
...
f
...
theiia
...
...
All rights reserved
...
Reward for information exposing violators
...
com
...
Key Definitions from the Glossary
a
...
The definitions do not need to be
memorized, but they are useful to exam candidates and practitioners
...
a)
2)
The CAE, or others reporting to the CAE, will have appropriate
professional certifications and qualifications
...
A board is an organization’s governing body, such as a board of directors;
supervisory board; head of an agency or legislative body; board of governors or
trustees of a not-for-profit organization; or any other designated body of the
organization, including the audit committee, to whom the chief audit executive
may functionally report
...
All rights reserved
...
Reward for information exposing violators
...
com