IIA-CHAL-QISA Exam Questions

Role of CAE as Consultant: The chief audit executive (CAE) can act as a consultant to help management establish a risk management system. Their role should be facilitative rather than directive, ensuring that management owns the risk management process.

Appropriate Tasks:

Risk Workshops: Coordinating and facilitating risk workshops (option A) helps management identify and assess risks, allowing them to develop appropriate responses. This is a suitable task for the CAE.

Risk Appetite and Indicators: Establishing risk appetite (option B) and setting risk indicators and mitigation plans (option C) are management's responsibilities.

Reporting Risks: Determining the number of significant risks to report (option D) should also be a management function.

Conducting a documented skills assessment helps in identifying the existing competencies and any gaps within the internal audit team.

Post-audit surveys can provide feedback on the performance and areas for improvement, which can be used to further refine the skills and competencies of the audit staff (Ref: [16source])

Authority Source: The internal audit charter is a formal document that defines the internal audit activity's purpose, authority, and responsibility. It grants internal auditors the right to access all records, personnel, and physical properties relevant to the performance of engagements.

Facilities Maintenance Reports: When an engagement supervisor contacts a third-party contractor for maintenance reports, the authority is derived from the internal audit charter, which ensures auditors have the necessary access to perform their duties.

Importance of the Charter: This ensures the independence and objectivity of the internal audit activity, providing a clear mandate for auditors to obtain information from external parties as needed.

The internal audit charter is a formal document that defines the internal audit activity's purpose, authority, and responsibility.

Establishing the internal audit activity's position within the organization in an audit charter ensures independence and objectivity by clearly stating the internal audit's role and its reporting lines.

The charter should be approved by the board and senior management to reinforce its authority and protect the internal audit activity from undue influence by management

Role of Internal Audit Charter: The internal audit charter is a formal document that defines the purpose, authority, and responsibility of the internal audit activity. It establishes the internal audit activity's position within the organization, including the nature of the chief audit executive's functional reporting relationship with the board.

CEO's Decision Justification: According to IIA guidance, the internal audit activity can take on responsibilities related to risk management and investigation if it is defined within the internal audit charter. The charter must outline the scope of the internal audit activity, which can include risk management functions if approved by the board and senior management.

Authority and Proficiency: While the CEO has the authority to assign responsibilities, the decision must align with the provisions of the internal audit charter. The level of proficiency of the CAE and the recommendation of external auditors can support the decision but are not primary justifications.

IIA Standards: Standard 1000 -- Purpose, Authority, and Responsibility -- requires that the internal audit activity's purpose, authority, and responsibility be formally defined in an internal audit charter, consistent with the Mission of Internal Audit and the mandatory elements of the International Professional Practices Framework.

Reference:

The internal audit charter is the primary document that justifies the scope and responsibilities of the internal audit activity, including risk management and investigation roles. It ensures that such roles are formally acknowledged and authorized by the board and senior management.