Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
18 Cards in this Set
- Front
- Back
What are the three aspect to risk? |
Risk is the combination of a threat exploiting some vulnerability that could cause harm to some assets. |
|
Give an example of different stakeholders having different vulnerabilities to the same risk |
Take-over, shareholder may welcome takeover if they get premium on shares. Workers may fear takeover as may mean job losses |
|
What are some of the factors that affect sensitivity to cost control |
Profit margin, Fixed and variable costs, Flexibility and willingness of the company to change. |
|
The cost of risk and control can be compared through the use of optimisation model. When benchmarked against risk appetite, an optimisation model can identify? |
Where the best 'return on control investment' can be achieved |
|
how is systems-based audit undertaken? |
Under the systems-based auditing approach, auditors and management identify all financial and non-financial auditable systems and processes. These are prioritised against risk assessments and the resources needed to audit and an audit frequency is determined |
|
What's a major benefit of systems audit? |
The systems audit is cost-effective because it focuses on risks and controls, offers better assurance that a system is currently achieving and will continue to achieve its objectives |
|
How will Risk-based auditing undertaken? |
Risk-based auditing approach begins with business objectives and focuses on those risks identified by management that may prevent the objectives from being achieved. Internal audit assesses the extent to which a robust risk management process is in place to reduce risks to a level acceptable to the board |
|
The core role of internal auditing in ERM is ? |
To provide objective assurance to the board on the effectiveness of an organisation's ERM activities to ensure that key business risks are being properly managed and that internal controls are effective. |
|
What is ERM ? |
Enterprise-wide risk management |
|
What does Internal auditors provide? |
Internal auditors provide advice to management and the board and challenge or support management decisions in relation to risk. |
|
What do Internal auditors do? |
Internal auditors assess how risks are identified, analysed and managed and give independent advice on how to embed risk management practices into business activities. |
|
Different types of risks in auditing are: |
Inherent risk Risk related to failure of controls Residual risk Audit risk Inherent risk Risk related to failure of controls Residual risk Audit risk |
|
Risk assessment in internal auditing can be assessed through three methods? |
Intuitive or judgmental assessment Risk assessment matrix Risk ranking |
|
Internal auditors need to make judgments about the measures that can be taken against risk? |
Transferring the risk Reducing the likelihood of risk Reducing exposure to risk Detecting occurrences Recovering from occurrences |
|
What is An ICQ ? |
An ICQ is a checklist of the specific internal control techniques that should be present in a particular system to provide assurances about internal control. |
|
The potential weaknesses in the system identified by ICQ can be overcome by |
looking for compensating controls. countering weaknesses by substantive testing. increasing internal control risk. |
|
Management audits cover the following three areas: |
Economy Efficiency Effectiveness |
|
what are the three final part of internal audit |
1. The auditor writes a draft report of findings, conclusions and recommendations and presents this to management for their response. 2. A plan of action is agreed between the auditor and management, which is incorporated into the final audit report and presented to the audit committee. 3. The auditor subsequently follows up whether the agreed action plan has been implemented. |