Audit

Review questions

1-      What are the three different types of stakeholders that the board must understand? Give examples of each type.

2-      What are the key responsibilities of senior management in governance?

3-      What role does the internal audit function play in governance?

4-      What is the definition of risk used by the COSO?

5-      According to COSO, what are the fundamental concepts in its definition of ERM?

6-     What are the eight components of the COSO ERM?

7-      What roles in ERM should the internal audit function not undertake?

Discussion questions

1-      Describe ways in which an organizations business model may affect its approach to governance oversight.

2-      COSO ERM recognizes for categories of objectives. If an organization were unable to effectively manage the risks around the objectives in one of those categories, for which category would the impact on the organization be the greatest?

3-      Define inherent risk and residual risk. Which of the two types of risk would have a greater impact on the annual internal audit plan?

4-      For an organization that has not implemented ERM, describe some of the steps the internal audit function can take without impairing its independence and /or objectivity.

Case study 1

Recall the five "everyday questions" outlined earlier in this chapter that can be used to apply risk management thinking.

a-      What are we trying to accomplish (that is, what are our objectives)?

b-      What could stop us from accomplishing it (that is, what are the risks, how bad they could be, and how likely are they to occur)?

 c-      What can we do to make sure those things don't happen (that is, what are the risk management options or strategies)?

d-     Do we have the ability to execute those things (that is, have we designed control activities, and can we execute those activities to carry out the risk strategies)?

 e-      How will we know that we have accomplished what we wanted to...