Complete IIA-CIA-Part2 IIA Materials

During the internal audit recommendations monitoring process, it is most appropriate for internal auditors to determine the frequency and approach to monitoring. This responsibility aligns with the need to ensure that corrective actions are effectively implemented and that the risks identified in the audit are appropriately mitigated over time.

IIA References:

IIA Standard 2500: Monitoring Progress mandates that the CAE must establish and maintain a system to monitor the disposition of results communicated to management. The frequency and approach should be based on the significance of the observations, the risks involved, and the status of corrective actions.

The internal auditor should use a procedure that directly tests the theory that shutdowns are due to outdated purchasing requirements not reflecting changes in production techniques. By comparing the parts needed according to current production estimates and the updated MRP with the purchase orders generated by the system, the auditor can determine if there are discrepancies indicating that the system is not correctly updating for new production methods. This approach ensures that the investigation is focused on the root cause of the issue and provides evidence to support any findings related to the suspected problem.References:

Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards), Standard 2310 – Identifying Information.

Vouching is the manual audit approach that involves testing the validity of a document by following it backward to a previously prepared record. This method helps auditors verify the authenticity and accuracy of transactions by tracing them back to their source documents, such as invoices, receipts, or purchase orders. Vouching is commonly used to detect errors or fraud.

References:

The Institute of Internal Auditors (IIA) Standards

Auditing Techniques and Procedures

When there is a deadlock between the internal auditor and management over a significant issue such as access controls, escalating the issue to senior management is the most effective strategy. This approach ensures that the disagreement is addressed at a higher organizational level, where a decision can be made that aligns with the organization's risk tolerance and priorities. References: = IIA Standard 2600 - Resolution of Senior Management's Acceptance of Risks.