Question Verbs

QUESTION VERBS

ACCA examiners have highlighted the lack of understanding of the requirements of question verbs as the most serious weakness in many candidates’ scripts. Given below are some common question verbs used in exams.

Analyse

· Intellectual level 2, 3

· Actual meaning Break into separate parts and discuss, examine, or interpret each part

· Key tips Give reasons for the current situation or what has happened.

Apply

· Intellectual level 2

· Actual meaning To put into action pertinently and/or relevantly

· Key tips Properly apply the scenario/case.

Assess

· Intellectual level 3

· Actual meaning To judge the worth, importance, evaluate or estimate the nature, quality, ability, extent, or significance

· Key tips Determine the strengths/weaknesses/importance/significance/ability to contribute.

Calculate

· Intellectual level 2, 3

· Actual meaning To ascertain by computation, to make an estimate of; evaluate, to perform a mathematical process

· Key tips Provide description along with numerical calculations.

Comment

· Intellectual level 3

· Actual meaning To remark or express an opinion

· Key tips Your answer should include an explanation, illustration or criticism.

Compare

· Intellectual level 2

· Actual meaning Examine two or more things to identify similarities and differences

· Key tips Clearly explain the resemblances or differences.

Conclusion

· Intellectual level 2 ,3

· Actual meaning The result or outcome of an act or process or event, final arrangement or settlement

· Key tips End your answer well, with a clear decision.

Criticise

· Intellectual level 3

· Actual meaning Present the weaknesses/problems; evaluate comparative worth Don’t explain the situation. Instead, analyse it

· Key tips Criticism often involves analysis.

Define

· Intellectual level 1

· Actual meaning Give the meaning; usually a meaning specific to the course or subject

· Key tips Explain the exact meaning because usually definitions are short.

Describe

· Intellectual level 1, 2

· Actual meaning Give a detailed account or key features. List characteristics, qualities and parts

· Key tips Make a picture with words; identification is not sufficient.

Discuss

· Intellectual level 3

· Actual meaning Consider and debate/argue about the pros and cons of an issue. Examine in-detail by using arguments in favour or against

· Key tips Write about any conflict, compare and contrast.

Evaluate

· Intellectual level 3

· Actual meaning Determine the scenario in the light of the arguments for and against

· Key tips Mention evidence/case/point/issue to support evaluation.

Explain

· Intellectual level 1, 2

· Actual meaning Make an idea clear. Show logically how a concept is developed. Give the reason for an event

· Key tips Don’t just provide a list of points, add in some explanation of the points you’re discussing.

Illustrate

· Intellectual level 2

· Actual meaning Give concrete examples. Explain clearly by using comparisons or examples

· Key tips Add in some description.

  

Interpret

· Intellectual level 3

· Actual meaning Comment on, give examples, describe relationships

· Key tips Include explanation and evaluation.

List

· Intellectual level 1

· Actual meaning List several ideas, aspects, events, things, qualities, reasons, etc

  Key tips Don’t discuss, just make a list.

Outline

· Intellectual level 2

· Actual meaning Describe main ideas, characteristics, or events

· Key tips Briefly explain the highlighted points.

Recommend

· Intellectual level 3

· Actual meaning Advise the appropriate actions to pursue in terms the recipient will understand

· Key tips Give advice or counsel.

Relate

· Intellectual level 2, 3

· Actual meaning Show the connections between ideas or events

· Key tips Relate to real time examples.

State

· Intellectual level 2

· Actual meaning Explain precisely

· Key tips Focus on the exact point.

Summarise

· Intellectual level 2

· Actual meaning Give a brief, condensed account Include conclusions. Avoid unnecessary details

· Key tips Remember to conclude your explanation.

Role of Internal Audit in Internal Control and Risk Managment

Role of Internal Audit in Internal Control and Risk Managment

Internal auditors provide assurance to a company’s directors that the company’s risk management systems and internal controls are operating effectively.

Whilst the Risk Management department of a company will actually assess and manage the risks, the internal auditor’s role is to check all aspects of this process and report back to the board, typically through the audit committee, on how the risk management processes can be improved. 

For example, the internal auditor will assess how effectively risks are being identified. The auditor will look at the methods being used for risk identification, and the people who are doing it, and will use his experience to suggest alternative methods, or maybe to suggest that the wrong people are currently doing it and need to be replaced. The auditor will look at all other stages in the risk management process as well, questioning risk measurement techniques, the design of risk solutions, how the implementation of these solutions could be improved etc. 

Historically, the auditor’s primary role has been in ensuring that the actual risk management solutions chosen (e.g. internal controls, insurance, hedging) are happening, and are operating effectively. Control procedures will be tested, levels of insurance assessed to ensure they are appropriate and hedging positions checked to verify they are covering currency risks adequately. 

Whilst the Risk Management department would be expected to check their own work to ensure it is effective, the existence of an independent internal audit function is likely to provide greater assurance to the board.

Key characteristics of Internal Auditors that are necessary to ensure an effective internal audit function

There are three key characteristics which have been identified for internal audit departments, independence, objectivity and professional care. If internal auditors do not possess these characteristics their ability to perform their role effectively will be compromised.

Independence

The internal audit activity should be independent, and the head of internal audit should report to a level within the organisation that allows the internal audit activity to fulfil its responsibilities. It should be free from interference when deciding on the scope of its assurance work, when carrying out the work and when communicating its opinions.

Objectivity

Internal auditors should be objective in carrying out their work. They should have an impartial attitude, and should avoid any conflicts of interest. For example, an internal auditor should not provide assurance services for an operation for which he or she has had management responsibility within the previous year.

Professional care

Internal auditors should exercise due professional care and should have the competence to perform their tasks. They should have some knowledge of the key IT risks and controls, and computer-assisted audit techniques.

Five types of Ethical Threats

Five types of Ethical Threats

(a) Self-interest

Self-interest means the accountant’s own interest being affected by the success of the client, or the continuation of the accountant-client relationship. An example would be a financial interest in a client.

If a firm providing audit and other services disagrees with the client over the accounts that it is auditing, it faces the risk of not just losing the income from the audit, but perhaps also the much greater income from providing other services. 

(b) Self-review

Self-review means the accountants auditing or reviewing work that they themselves have prepared. This could include auditing work that has been prepared as part of a non-audit service, something that prompts the suggestion that firm should not provide more than one service to a client.

If the accountants provide other services that materially affect the content of the accounts, then they will have to audit figures that they themselves have prepared, for example valuations.

(c) Advocacy

Advocacy means strongly promoting the interests of the accountants’ clients and undermining the accountants’ objectivity. Accountants can be seen as acting in the clients’, rather than the public interest.

If an accountant provides legal advice to his audit client. There are two problems. Firstly providing that advice could be seen as promoting the client’s interests rather than the public interest. Secondly the accounts may need to contain provision for, or disclosure about, legal actions. This will depend on the likelihood of the success of legal action, which could in turn depend on the advice the accountant had given. Therefore there is a clear possibility of the accountant not wishing to undermine the advice he has given by taking a prudent view of the issues’ treatment in the accounts.

(d) Familiarity

Familiarity means dealing with a client’s affairs for a long time and developing a close relationship. This can lead to reliance on previous knowledge rather than a questioning approach to information supplied.

Friendships with clients may make it more likely that clients would listen to the accountant’s advice; critics, however, suggest the friendships meant that he placed excessive trust in what he was told, and would be unwilling to raise awkward issues that could jeopardize the friendships. The provision of other services may mean that accountants are less rigorous in auditing information with which their firm has been involved.

(e) Intimidation

Intimidation means conduct of the assignment or conduct towards the client being influenced by pressure exerted by the client.

This could mean that if the client wished to intimidate the accountant into giving advice that they wanted to hear, they would have a good idea of how to do so, by for example threatening to replace the firm as auditors.

Stages of a risk audit

There are four stages in a risk audit. Together these comprise an audit or review of the risk management of an organisation.

Identification

Identification of risks is the first part of any risk audit.

Risk can be defined as the realised future loss arising from a present action or inaction. Risks come and go with the changing nature of business activity, and with the continual change in any organisation’s environment.

To carry out this identification exercise the auditors would need to interview key staff, likely to be departmental managers, and potentially employees and experts to establish their views of the major risks facing the company.

This exercise could be further supported with analyses of external market data, particularly looking at the markets or businesses upon which the company is so reliant and the long-term impact of any efficiency measures taken to date.

Assessment

Once identified, the next task is to assess the risk.

Each identified risk needs to be measured against two variables: the probability (or likelihood) of the risk being realised; and the impact or hazard (what would happen if the risk was realised). These two intersecting continua can be used to create a probability/impact grid on to which individual risks can be plotted.

This assessment requires a significant amount of judgement on the part of the auditor, and may necessitate input from staff within the business. It may not be possible to assign monetary values to all risks, but an assessment of high or low should be reached.

Review

At the review stage, the auditor analyses the controls that the organisation has in the event of the risk materialising. For example, this could involve looking at contingency plans which the company has initiated.

Where risks have been accepted, a review is undertaken of the effectiveness of planning for measures such as financing, customer support, help lines and so on, should the unavoidable risk materialise.

This review stage can represent a substantial task, as the response to each assessed risk is a part of the review and there may be many risks to consider.

Report

Finally, a report on the review is produced and submitted to the board, probably via the audit committee or to the Risk & Compliance Manager.

The report would list the key risk areas, i.e. those assessed as high (high probability and/or high impact), and for each of the risks would discuss the effectiveness of the existing controls in place.

For any ineffective areas that expose the business to potential losses, the auditor will most likely recommend courses of action that may be taken to improve risk management.

Briefly explain the meaning of the statement, ‘unmonitored controls tend to deteriorate over time’. 

‘Unmonitored controls tend to deteriorate over time’

This statement refers to the need to establish which controls need to be monitored to support a sound system of internal controls and how to monitor those controls. 

Once a control system is designed and responsibilities for its management allocated, only those targets and controls that are made a part of someone’s job or performance measurement will be monitored and thereby maintained. Any metrics that are not a part of this control regime will go unchecked and may not remain within compliance limits as circumstances change over time. 

The main roles of internal audit are to provide information to management on the relevance and effectiveness of internal control systems and to provide the evidence to demonstrate why those controls are effective or not. This requires the identification of which controls to monitor and developing effective ways of monitoring those controls.

The complexity of the control regime is also relevant. There is a balance between having a sufficient number of controls in place and having too many. In this context, ‘too many’ means that control systems must be actually useable. Over-complex controls are likely to deteriorate over time if their monitoring is not possible within reasonable cost limits and this could also cause operational inefficiencies.

Furthermore, an organisation is not static and so different controls will be needed over time. As activities change as a result of changes in organisational strategy, the controls that need to be monitored change and the tolerances of those controls may also change (they may become tighter or looser). Constant updating of controls is therefore necessary, especially in frequently changing business environments.

Environmental and Social Audit

• Environmental and Social Audits are designed to ascertain whether the organization is complying with codes of best practice or internal guidelines, and is fulfilling the wider requirements of being a good corporate citize
• It is a Systematic, documented, periodic and objective evaluation of how well an entity, its management and equipment are performing, with the aim of helping to safeguard the environment by facilitating management control of environmental practices and assessing compliance and entity policies and external regulations
• It is also used for auditing the truth and fairness of an environmental report rather than the organization itself, the same is true of social auditing.

***************************************************
Stages in an Environmental Audit 

Environmental auditing contains three stages.

1. The first stage is agreeing and establishing the metrics involved and deciding on what environmental measures will be included in the audit. This selection is important because it will determine what will be measured against, how costly the audit will be and how likely it is that the company will be criticised for ‘window dressing’ or ‘greenwashing’. 

2. The second stage is measuring actual performance against the metrics set in the first stage. The means of measurement will usually depend upon the metric being measured. Whilst many items will be capable of numerical and/or financial measurement (such as energy consumption or waste production), others, such as public perception of employee environmental awareness, will be less so. Given the board’s stated aim of providing a robust audit and its need to demonstrate compliance, this stage is clearly of great importance. 

3. The third stage is reporting the levels of compliance or variances. The issue here is how to report the information and how widely to distribute the report. The board’s stated aim is to provide as much information as possible ‘in the interests of transparency’. This would tend to signal the publication of a public document (rather than just a report for the board) although there will be issues on how to produce the report and at what level to structure it. The information demands of local communities and investors may well differ in their appetite for detail and the items being disclosed. 

Define ‘objectivity’ and describe characteristics that might demonstrate an internal auditor’s professional objectivity.

Definition

• Objectivity is a state or quality that implies detachment, lack of bias, not influenced by personal feelings, prejudices or emotions. 
• It is a very important quality in corporate governance generally and especially important in all audit situations where, regardless of personal feeling, the auditor must carry out his or her task objectively and with the purpose of the audit uppermost in mind. 
• The IFAC Code of Ethics explains objectivity in the following terms (Introduction, clause 16): “… fair and should not allow prejudice or bias, conflict of interest or influence of others to override objectivity.”

It thus follows that characteristics that might demonstrate an internal auditor’s professional objectivity will include fairness and even-handedness, freedom from bias or prejudice and the avoidance of conflicts of interest (e.g. by accepting gifts, threats to independence, etc.). 

The internal auditor should remember at all times that the purpose is to deliver a report on the systems being audited to his or her principal. In an external audit situation, the principal is ultimately the shareholder and in internal audit situations, it is the internal audit committee (and then ultimately, shareholders).

Role of internal audit in ensuring effective internal controls

Internal audit underpins the effectiveness of internal controls by performing several key tasks.

1. Internal audit reviews and reports upon the controls put in place for the key risks that the company faces in its operations. This will involve ensuring that the control (i.e. mitigation measure) is capable of controlling the risk should it materialise. This is the traditional view of internal audit. A key part of this role is to review the design and effectiveness of internal controls. Many organisations also require internal audit staff to conduct follow-up visits to ensure that any weaknesses or failures have been addressed since their report was first submitted. This ensures that staff take the visit seriously and must implement the findings.

2. Internal audit may also involve an examination of financial and operating information to ensure its accuracy, timeliness and adequacy. In the production of internal management reports, for example, internal audit may be involved in ensuring that the information in the report is correctly measured and accurate. Internal audit needs to be aware of the implications of providing incomplete or partial information for decision-making.

3. It will typically undertake reviews of operations for compliance against standards. Standard performance measures will have an allowed variance or tolerance and internal audit will measure actual performance against this standard. Internal compliance is essential in all internal control systems. Examples might include safety performance, cost performance or the measurement of a key environmental emission against a target amount (which would then be used as part of a key internal environmental control).

4. Internal audit is used to review internal systems and controls for compliance with relevant regulations and externally-imposed targets. Often assumed to be of more importance in rules-based jurisdictions such as the United States, many industries have upper and lower limits on key indicators and it is the role of internal audit to measure against these and report as necessary.

In financial services, banking, oil and gas, etc, legal compliance targets are often placed on companies and compliance data is required periodically by governments.

Factors affecting the need for internal audit and controls

(Based partly on Turnbull guidance)

1. The nature of operations within the organisation arising from its sector, strategic positioning and main activities.

2. The scale and size of operations including factors such as the number of employees. It is generally assumed that larger and more complex organisations have a greater need for internal controls and audit than smaller ones owing to the number of activities occurring that give rise to potential problems.

3. Cost/benefit considerations. Management must weigh the benefits of instituting internal control and audit systems against the costs of doing so. This is likely to be an issue for medium-sized companies or companies experiencing growth.

4. Internal or external changes affecting activities, structures or risks. Changes arising from new products or internal activities can change the need for internal audit and so can external changes such as PESTEL factors.

5. Problems with existing systems, products and/or procedures including any increase in unexplained events. Repeated or persistent problems can signify the need for internal control and audit.

6. The need to comply with external requirements from relevant stock market regulations or laws. 

Appointment of Internal Auditors – Internal or External Appointment

In practice, a decision such as this one will depend on a number of factors including the supply of required skills in the internal and external job markets. 

In constructing the case for an external appointment, however, the following points can be made.

Primarily, an external appointment would bring detachment and independence that would be less likely with an internal one. 

Firstly, then, an external appointment would help with independence and objectivity (avoiding the possibility of auditor capture). He or she would owe no personal loyalties nor ‘favours’ from previous positions. Similarly, he or she would have no personal grievances nor conflicts with other people from past disputes or arguments. 

Some benefit would be expected from the ‘new broom’ effect in that the appointment would see the company through fresh eyes. He or she would be unaware of vested interests. He or she would be likely to come in with new ideas and expertise gained from other situations.

As with any external appointment, the possibility exists for the transfer of best practice in from outside – a net gain in knowledge for the company.

Finally it may create a higher degree of confidence for investors and, where applicable, regulators.