IIA IIA-CIA-Part2 Online Access

When significant control issues are identified during a consulting engagement, it is the responsibility of the chief audit executive to ensure that these issues are communicated to senior management and the board. This ensures that the organization is aware of the risks and can take corrective action. Consulting engagements should not overshadow the priority of addressing critical control issues that may affect the organization's risk profile. References:

"International Standards for the Professional Practice of Internal Auditing" (IIA Standards)

"Internal Auditing: Assurance & Advisory Services" (The Institute of Internal Auditors)

Introduction:

When performing audit testing, internal auditors must consider the risk that their sample may lead to incorrect conclusions about the accuracy of account balances.

Understanding Incorrect Acceptance Risk:

This risk refers to the possibility that the sample used might support the conclusion that the recorded account balance is not materially misstated when, in fact, it is. This is a type of sampling risk that auditors need to mitigate through proper sampling techniques and sufficient sample sizes.

Options Analysis:

Option A: Incorrect rejection risk is the risk that the sample leads to the conclusion that the account balance is materially misstated when it is not.

Option B: Incorrect acceptance risk directly addresses the concern described, where the sample fails to detect a material misstatement.

Option C: Tolerable misstatement risk relates to the maximum error in a population that the auditor is willing to accept.

Option D: Anticipated misstatement risk is not a standard audit term and does not describe the risk in question.

Conclusion:

The auditor’s concern best describes the incorrect acceptance risk, which is the risk of concluding that the account balance is accurate based on a sample when it is actually misstated.

Internal Audit Standards and Practice Guides .

The correct approach aligns with the International Standards for the Professional Practice of Internal Auditing (Standards), particularly Standard 2400: Communicating Results. The auditor must promptly discuss material errors to prevent ongoing misstatements. Immediate correction ensures timely remediation and reduces the risk of material misstatement persisting in the financial records. Additionally, if the error is resolved before the engagement concludes, it may not necessitate inclusion in the final report, as per the guidance on handling material findings (Practice Advisory 2410-1). This approach also demonstrates collaboration and alignment with management, fostering trust.

When developing the objectives for an assurance engagement in a newly acquired subsidiary, the most critical items to consider are the organizational strategy, objectives, risks, control framework, and the expectations of stakeholders regarding the audit. This holistic approach ensures that the internal audit aligns with the broader goals and risk management processes of the organization, providing a comprehensive evaluation of the subsidiary's operations within the context of the entire entity.

Organizational Strategy and Objectives: Understanding the overarching goals and strategic direction of the organization helps to align the audit objectives with business priorities and ensures that the subsidiary’s operations are evaluated in the context of their contribution to these goals.

Risks: Identifying and assessing the risks associated with the subsidiary is essential for focusing audit efforts on areas that could significantly impact the organization. This involves understanding both inherent and residual risks.

Control Framework: Evaluating the existing control framework within the subsidiary helps determine the adequacy and effectiveness of controls in mitigating identified risks.

Stakeholder Expectations: Considering what stakeholders expect from the audit helps in shaping objectives that address key concerns and provide valuable insights, fostering greater acceptance and implementation of audit recommendations.

This comprehensive approach ensures the audit is relevant, targeted, and capable of adding significant value to the organization by addressing key risk areas and strategic objectives.

The Institute of Internal Auditors (IIA) Standards

IIA Practice Guide: Formulating and Expressing Internal Audit Opinions