Internal Audit

So what is the primary objectives of PCAOB Auditing Standard No. 5 Regarding Audits of Internal Control Over Financial Reporting

1. Focus the Audit on Most Important Matters
- Top-down, risk-based approach that emphasizes use of judgment.
- Risk assessment is pervasive throughout the audit, including the identification and testing of controls

2. Eliminate Unnecessary Procedures
- Removing the requirement to evaluate management's process
- Consideration of knowledge from prior years (however, rotation is still not permitted).
- Eliminates “principal evidence” requirement
- Provides flexibility to use the work of others to a greater extent, including within the control environment, and performance of walkthroughs under our direct supervision

"..Reduce costs without sacrificing data integrity or performance..."

Computer systems in general are highly complex, too complex, in fact, to be administered at a discrete physical level. As computer technology has evolved, a higher proportion of CPU cycle time has been dedicated to abstracting the underlying hardware, memory management, input/output, and processor requirements from the user interface. Today, a computer user does not have to be conversant in assembly language programming to make a change in a spreadsheet. The interface and management of the underlying technology has been heavily virtualized.

Storage administration, by contrast, is still tedious, manual-intensive, and seemingly never-ending. The introduction of storage networking has centralized storage administrative tasks by consolidating dispersed direct-attached storage assets into larger, shared resources on a SAN. Fewer administrators can now manage more disk capacity and support more servers, but capacity for each server must still be monitored, logical units manually created and assigned, zones established and exported, and new storage assets manually brought online to service new application requirements. In addition, although shared storage represents a major technological advance over direct-attached storage, it has introduced its own complexity in terms of implementation and support. Complexity equates to cost. Finding ways to hide complexity, automate tedious tasks, streamline administration, and still satisfy the requirements of high performance and data availability saves money, and that is always the bottom line. That is the promise of storage virtualization, although many solutions today are still far short of this goal.

This sample question is for CIA exam part II: Audit Engagement

1. Which of the following best describes an auditor’s responsibility after noting some indicators of fraud?
a. Expand activities to determine whether an investigation is warranted.
b. Report the possibility of fraud to senior management and ask how to proceed.
c. Consult with external legal counsel to determine the course of action to be taken.
d. Report the matter to the audit committee and request funding for outside specialists to help investigate the possible fraud

The IIA now offers premier quality CIA preparation materials. The IIA's CIA Learning System is an interactive print and Web-based program designed to provide comprehensive and flexible training to CIA candidates worldwide. This new program provides timely analysis of practical audit procedures found in today's global organizations and on the CIA exam.