AUI3702 ASSIGNMENT 2 COMPLETE ANSWERS
STUDY GUIDE 2025/2026 ACCURATE SOLUTIONS
AND CORRECT ANSWERS || 100% GUARANTEED
PASS <UPDATED VERSION>
PART 1: THE FOUNDATIONS OF INTERNAL AUDITING
1. QUESTION: What is the modern definition of internal auditing as per the IPPF?
ANSWER: Internal auditing is an independent, objective assurance and consulting activity
designed to add value and improve an organization's operations. It helps an organization
accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve
the effectiveness of risk management, control, and governance processes.
2. QUESTION: What are the two primary types of engagement activities performed by internal
audit?
ANSWER: Assurance services and Consulting services.
3. QUESTION: What is the core difference between assurance and consulting services?
ANSWER: Assurance services are performed for a third party (e.g., the board/audit
committee) to provide an objective assessment, while consulting services are performed at the
specific request of a client (e.g., management) and are advisory in nature.
,4. QUESTION: What is the mandatory guidance within the IPPF?
ANSWER: The Core Principles for the Professional Practice of Internal Auditing, the
Definition of Internal Auditing, the Code of Ethics, and the International Standards for the
Professional Practice of Internal Auditing (Standards).
5. QUESTION: What are the four principles of the IIA's Code of Ethics?
ANSWER: Integrity, Objectivity, Confidentiality, and Competency.
6. QUESTION: What is the primary purpose of the International Professional Practices
Framework (IPPF)?
ANSWER: To organize the authoritative guidance for the professional practice of internal
auditing globally.
7. QUESTION: Who is ultimately responsible for the internal audit activity within an
organization?
ANSWER: The Chief Audit Executive (CAE).
8. QUESTION: To whom should the Chief Audit Executive (CAE) report functionally to ensure
independence?
ANSWER: The Audit Committee or Board of Directors.
9. QUESTION: What is the primary purpose of an internal audit charter?
ANSWER: To define the internal audit activity's purpose, authority, and responsibility, and
to establish its position within the organization.
10. QUESTION: True or False: The internal audit charter does not require approval from the
audit committee.
, ANSWER: False. The charter must be approved by the audit committee and, ideally, the
board.
PART 2: RISK-BASED INTERNAL AUDIT PLANNING
11. QUESTION: What is the fundamental basis for developing the internal audit plan?
ANSWER: A risk-based methodology.
12. QUESTION: What are the three key steps in risk-based audit planning?
ANSWER: 1) Identify and document auditable units/activities. 2) Assess and prioritize risks.
3) Allocate resources based on the risk assessment.
13. QUESTION: What is a "Risk and Control Matrix" (RCM) used for?
ANSWER: To document the identified risks, control objectives, existing controls, and the
auditor's test procedures and results for a specific process or area.
14. QUESTION: What does "Inherent Risk" mean?
ANSWER: The risk to an entity in the absence of any actions by management to mitigate or
control it.
15. QUESTION: What does "Residual Risk" mean?
ANSWER: The risk that remains after management's response to the risk, including the
implementation of internal controls.
STUDY GUIDE 2025/2026 ACCURATE SOLUTIONS
AND CORRECT ANSWERS || 100% GUARANTEED
PASS <UPDATED VERSION>
PART 1: THE FOUNDATIONS OF INTERNAL AUDITING
1. QUESTION: What is the modern definition of internal auditing as per the IPPF?
ANSWER: Internal auditing is an independent, objective assurance and consulting activity
designed to add value and improve an organization's operations. It helps an organization
accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve
the effectiveness of risk management, control, and governance processes.
2. QUESTION: What are the two primary types of engagement activities performed by internal
audit?
ANSWER: Assurance services and Consulting services.
3. QUESTION: What is the core difference between assurance and consulting services?
ANSWER: Assurance services are performed for a third party (e.g., the board/audit
committee) to provide an objective assessment, while consulting services are performed at the
specific request of a client (e.g., management) and are advisory in nature.
,4. QUESTION: What is the mandatory guidance within the IPPF?
ANSWER: The Core Principles for the Professional Practice of Internal Auditing, the
Definition of Internal Auditing, the Code of Ethics, and the International Standards for the
Professional Practice of Internal Auditing (Standards).
5. QUESTION: What are the four principles of the IIA's Code of Ethics?
ANSWER: Integrity, Objectivity, Confidentiality, and Competency.
6. QUESTION: What is the primary purpose of the International Professional Practices
Framework (IPPF)?
ANSWER: To organize the authoritative guidance for the professional practice of internal
auditing globally.
7. QUESTION: Who is ultimately responsible for the internal audit activity within an
organization?
ANSWER: The Chief Audit Executive (CAE).
8. QUESTION: To whom should the Chief Audit Executive (CAE) report functionally to ensure
independence?
ANSWER: The Audit Committee or Board of Directors.
9. QUESTION: What is the primary purpose of an internal audit charter?
ANSWER: To define the internal audit activity's purpose, authority, and responsibility, and
to establish its position within the organization.
10. QUESTION: True or False: The internal audit charter does not require approval from the
audit committee.
, ANSWER: False. The charter must be approved by the audit committee and, ideally, the
board.
PART 2: RISK-BASED INTERNAL AUDIT PLANNING
11. QUESTION: What is the fundamental basis for developing the internal audit plan?
ANSWER: A risk-based methodology.
12. QUESTION: What are the three key steps in risk-based audit planning?
ANSWER: 1) Identify and document auditable units/activities. 2) Assess and prioritize risks.
3) Allocate resources based on the risk assessment.
13. QUESTION: What is a "Risk and Control Matrix" (RCM) used for?
ANSWER: To document the identified risks, control objectives, existing controls, and the
auditor's test procedures and results for a specific process or area.
14. QUESTION: What does "Inherent Risk" mean?
ANSWER: The risk to an entity in the absence of any actions by management to mitigate or
control it.
15. QUESTION: What does "Residual Risk" mean?
ANSWER: The risk that remains after management's response to the risk, including the
implementation of internal controls.
