Which of the following statements is true regarding internal controls?
A.
For assurance engagements internal auditors should plan to assess the effectiveness of all entity-level controls
B.
Poorly designed or deficient entity-level controls can prevent well-designed process controls from working as intended.
C.
During engagement planning, internal auditors should not discuss the identified key risks and controls with management of the area under review to prevent tipping off probable audit lasts
D.
Reviewing process maps and flowcharts is an appropriate method for the internal a auditor to identify all key risks and controls during engagement planning
Entity-level controls set the tone and establish the framework for the overall control environment within an organization. If these controls are poorly designed or deficient, they can undermine the effectiveness of process-level controls, even if those controls are well-designed. Entity-level controls include governance, risk management, and compliance controls that influence the entire organization. Therefore, deficiencies at this level can have a widespread impact, preventing lower-level controls from functioning properly.
Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2130 – Control.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit