CIA Challenge Exam - Part 1
Acceptable Risk - ANS-The business impact that would be experience if certain risks
became realized whereby the loss is deemed acceptable and no additional controls are
warranted
Acceptable Risk Level - ANS-The level of risk acceptable as derived from an
organization's legal and regulatory compliance responsibilities
Assurance Services - ANS-Objective examination of evidence for the purpose of
providing an independent assessment on risk management, control, or governance
processes for an organization.
Audit Universe - ANS-The functional areas or business processes that can be audited
Board - ANS-Highest level of governing body charged with responsibility to direct and/or
oversee activities and management of organization
Chief Audit Executive (CAE) - ANS-Senior position responsible for effectively managing
the internal audit activity in accordance with internal audit charter, definition of internal
audit, Code of Ethics and IIA Standards
Code of Ethics - ANS-Principles relevant to the profession and practice of internal
auditing and rules of conduct that describe expected behavior
Competencies - ANS-Collective KSAs and personal attributes that can lead to
exceptional performance
Conflict of Interest - ANS-A situation in which the internal auditor in a position of
responsibility or trust has competing professional or personal interests that make it
difficult to fulfill his or her duties impartially.
Consulting Services - ANS-Advisory and related client service activities, the nature and
scope of which are agreed with the client and which are intended to add value and
improve an organization's governance, risk management, and control processes without
the internal auditor assuming management responsibility.
, Control Environment - ANS-The attitude and actions of the board and management
regarding the significance of control within the organization; provides the discipline and
structure for the achievement of the primary objectives of the system of internal control.
Corporate Social Responsibility - ANS-The movement to define and articulate the
responsibility of the private enterprise for non financial performance
Corporate Values - ANS-An organization's standards of behavior.
Definition of Internal Audit - ANS-Independent, objective assurance and consulting
activity designed to add value and improve an organization's operations of GRC
Due Professional Care - ANS-Comprehending objectives, scope of engagements and
competencies required to execute the audit work and the policies and procedures
specific to the internal audit activity and the organization
Enterprise Risk Management (ERM) - ANS-a process effected by an entity's board of
directors, management, and other personnel applied in strategy setting and across the
enterprise that is designed to identify potential events that may affect the entity and to
manage risks to be within its risk appetite to provide reasonable assurance regarding
the achievement of entity objectives
Governance - ANS-The combination of processes and structures implemented by the
board to inform, direct, manage, and monitor the activities of the organization toward the
achievement of its objectives.
independence - ANS-Freedom from conditions that threaten ability of internal auditor to
carry out responsibility in an unbiased manner
Internal Audit Charter - ANS-a formal, written document that defines the purpose,
authority, and responsibilities of the internal audit function within the organization
Knowledge - ANS-Body of information necessary to perform internal audit activity
Leadership - ANS-The actions of the Board and Senior Management that define the
organization's culture
Mission of Internal Audit - ANS-To enhance and protect organizational value by
providing risk-based and objective assurance, advice, and insight.
Acceptable Risk - ANS-The business impact that would be experience if certain risks
became realized whereby the loss is deemed acceptable and no additional controls are
warranted
Acceptable Risk Level - ANS-The level of risk acceptable as derived from an
organization's legal and regulatory compliance responsibilities
Assurance Services - ANS-Objective examination of evidence for the purpose of
providing an independent assessment on risk management, control, or governance
processes for an organization.
Audit Universe - ANS-The functional areas or business processes that can be audited
Board - ANS-Highest level of governing body charged with responsibility to direct and/or
oversee activities and management of organization
Chief Audit Executive (CAE) - ANS-Senior position responsible for effectively managing
the internal audit activity in accordance with internal audit charter, definition of internal
audit, Code of Ethics and IIA Standards
Code of Ethics - ANS-Principles relevant to the profession and practice of internal
auditing and rules of conduct that describe expected behavior
Competencies - ANS-Collective KSAs and personal attributes that can lead to
exceptional performance
Conflict of Interest - ANS-A situation in which the internal auditor in a position of
responsibility or trust has competing professional or personal interests that make it
difficult to fulfill his or her duties impartially.
Consulting Services - ANS-Advisory and related client service activities, the nature and
scope of which are agreed with the client and which are intended to add value and
improve an organization's governance, risk management, and control processes without
the internal auditor assuming management responsibility.
, Control Environment - ANS-The attitude and actions of the board and management
regarding the significance of control within the organization; provides the discipline and
structure for the achievement of the primary objectives of the system of internal control.
Corporate Social Responsibility - ANS-The movement to define and articulate the
responsibility of the private enterprise for non financial performance
Corporate Values - ANS-An organization's standards of behavior.
Definition of Internal Audit - ANS-Independent, objective assurance and consulting
activity designed to add value and improve an organization's operations of GRC
Due Professional Care - ANS-Comprehending objectives, scope of engagements and
competencies required to execute the audit work and the policies and procedures
specific to the internal audit activity and the organization
Enterprise Risk Management (ERM) - ANS-a process effected by an entity's board of
directors, management, and other personnel applied in strategy setting and across the
enterprise that is designed to identify potential events that may affect the entity and to
manage risks to be within its risk appetite to provide reasonable assurance regarding
the achievement of entity objectives
Governance - ANS-The combination of processes and structures implemented by the
board to inform, direct, manage, and monitor the activities of the organization toward the
achievement of its objectives.
independence - ANS-Freedom from conditions that threaten ability of internal auditor to
carry out responsibility in an unbiased manner
Internal Audit Charter - ANS-a formal, written document that defines the purpose,
authority, and responsibilities of the internal audit function within the organization
Knowledge - ANS-Body of information necessary to perform internal audit activity
Leadership - ANS-The actions of the Board and Senior Management that define the
organization's culture
Mission of Internal Audit - ANS-To enhance and protect organizational value by
providing risk-based and objective assurance, advice, and insight.
