BM2011

I. ISACA Definition and Function

Treadstone Company has an internal audit department consisting of a director and four (4)
staff auditors. The director of internal audit, Mark Tan, reports to the corporate controller, who
receives copies of all internal audit reports. Also, copies of all internal audit reports are sent to
the audit committee of the board of directors and the individual responsible for the area of
activity being audited.

In the past, the company’s external auditors have relied on the work of the internal audit
department to a substantial degree. However, in recent months, Mark has become
concerned that some standards in the performance of the internal audit function are being
affected by the non-audit work being performed by the department. The possible failure to
meet such standards could result in more extensive testing and analysis by the external
auditors. The percentage of non-audit work performed by the internal auditors has steadily
increased to about 25% of the total hours worked. A sample of 5% non-audit activities
follows:

 One of the internal auditors assisted in the preparation of policy statements on internal
control. These statements included such things as policies regarding sensitive payments
and the safeguarding of assets.
 Reconciling the corporation's bank statements each month is a regular assignment of
one of the internal auditors. The corporate controller believes this strengthens the
internal control function because the internal auditor is not involved in either the receipt
or the disbursement of cash.
 The internal auditors are asked to review the annual budget each year for relevance and
reasonableness before the budget is approved. At the end of each month, the corporate
controller’s staff analyzes the variances from the budget and prepares explanations of
these variances. The internal audit staff then reviews these variances and explanations.
 One of the internal auditors has been involved in the design, installation, and initial
operation of a new computerized inventory system. The auditor was primarily concerned
with the design and implementation of internal accounting controls and evaluated these
controls during the test runs.
 The internal auditors are sometimes asked to make the accounting entries in the accounting
system for complex transactions as the accounting department employees are not
adequately trained to handle such transactions. The corporate controller believes this gives
an added measure of assurance to the accurate recording of these transactions.

Questions:
01 Task Performance 1 *Property of STI
Page 1 of 2
 BM2011
1. Give at least one (1) ISACA standard that was being violated from the above case.
Justify your answer in no more than five (5) sentences.
The performance standard ISACA 1203 was one of the ISACA standards that was
broken. As a result, the code mandates that auditors follow the authorized IS audit plan to
address identified risks. Internal auditors are sometimes asked to make complex
accounting transactions by staffs who have not been properly instructed on how to
accurately record transactions, as in the instance above. The auditor must have
necessary abilities in performance and supervision, as well as document the audit
process, audit activities, and audit evidence because this will be a basis for the review of
the quality of the work that provides the reviewer with written documentation of the
evidence supporting the auditor's significant conclusions.

01 Task Performance 1 *Property of STI

Page 2 of 2
 BM2011

2. Concerning question number 1, what are the requirements in the code of ethics that
have been violated, supposing that the auditors are ISACA members? Justify your
answer in no more than five (5) sentences.
The main objective of the auditing is to find reliability of financial position and profit
and loss statements. The objective is to ensure that the accounts reveal a true and fair
view of the business and its transactions. In order to meet audit objectives, auditors must
be supervised and have the necessary training and background in transaction recording.
Furthermore, they must have acquired the requisite skills to work within the approved IS
audit objectives. Despite the fact that the management believes that this adds an extra
layer of assurance to the accurate recording of these transactions, they fail in
performance and oversight due to a lack of relevant expertise and suitable training.

3. In connection with number 1, give possible actions that can be done to uphold the
standard being violated.
The necessary steps to complete are planning and supervision, scoping, risk and
materiality, resource mobilization, supervision and assignment management, and using
professional judgment and due care in the conduct of the assignment. These activities
will aid in the distribution of duties in accordance with necessary knowledge and abilities
in order to avoid any standards violations.

01 Task Performance 1 *Property of STI

Page 3 of 2
 BM2011

II. Organization of Audit Function

1. Black Clover Corporation (BCC), a developer of database software packages, is a
publicly held company whose stock is traded over-the-counter (OTC). The company
recently received an enforcement release proceeding from SEC that cited the company
for inadequate internal controls. In response, BCC has agreed to establish an internal
audit function. The company’s first step is to update the internal audit charter. Give at
least five (5) responsibilities of the IS auditor seen in the audit charter.

o Disseminating the results of its work and enforcing the disciplinary procedures that
have been agreed upon.
o Managing the operation in a way that aids it in achieving its goals.
o At least once a year, submitting a risk-based internal audit schedule.
o Ascertain that ISACA requirements are adhered to.
o Ensure independent of the company’s management and ascertain objectivity.

2. You are part of the audit management in your company. Recently, your company plans
to upgrade the manner of processing accounting transactions using SAP Accounting
Software. Most of the internal auditors have minimal knowledge about the software. In
no more than five (5) sentences, discuss the actions that should be taken in managing
the resources of your audit function.
Because most internal auditors are unfamiliar with software, the first step in
managing the resources of my audit position should be to maintain or increase their
competency by upgrading current expertise and acquiring specific software-related training.
When a corporation plans to audit and assigns individuals to specific audit responsibilities,
competence and experience should be considered to avoid future risks, since a lack of
either might influence the entire software. Therefore, A training program gives everyone the
opportunity to strengthen those skills. This helps ensure that everyone on your team is up
to par and can perform their job day in and day out. With proper training and development,
weakness can turn into strengths and your internal auditors can excel.

01 Task Performance 1 *Property of STI

Page 4 of 2