Learn the most appropriate action for a chief audit executive to take when their internal audit team lacks the necessary skills for a requested IT audit engagement.
Table of Contents
Question
The chief audit executive (CAE) is requested to complete an IT engagement within the year. The CAE determines that the internal audit activity does not currently have the required competencies for the engagement. Which of the following would be the most appropriate response?
A. Assign a staff member from the IT department to assist with the engagement.
B. Decline the engagement since the internal audit activity lacks the required competencies.
C. Recruit a new staff member from a competing organization who has the required competencies.
D. Recruit a finance department manager who recently transferred from the IT department.
Answer
The most appropriate response for the chief audit executive (CAE) in this situation would be:
A. Assign a staff member from the IT department to assist with the engagement.
Explanation
According to IIA Standard 1210 – Proficiency, “Internal auditors must possess the knowledge, skills, and other competencies needed to perform their individual responsibilities.” However, the standards also state that if the internal audit activity lacks the knowledge, skills, or competencies needed, the CAE should obtain competent advice and assistance.
Assigning an IT staff member to assist the internal audit team would provide the needed skills and knowledge to complete the IT audit engagement properly. This allows the audit to still be completed as requested while supplementing the audit team with the required IT expertise they currently lack.
The other options are not optimal because:
- Declining the engagement entirely fails to provide the requested audit
- Recruiting a new staff member or a finance manager transfers from IT would take too long and still may not provide the right competencies
- Using outside resources is preferable to declining or delaying the audit
Therefore, pulling in IT staff to augment the internal audit team’s capabilities is the best way to ensure the CAE can fulfill this IT audit request appropriately and in a timely manner.
IIA-CIA-Part1 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the IIA-CIA-Part1 exam and earn IIA-CIA-Part1 certification.