Multiple Choice
1. The Global Organizational Hierarchy (GOH) can include all of the following except:
a. Divisions
b. Risks
c. Business Units
d. Activities
2. An entity's contributors may include:
a. Auditors but not contacts
b. Contacts but not auditors
c. Neither auditor nor contacts, only TeamRisk administrators
d. Both auditors and contacts
3. Which of the following risk assessment elements are not stored in TeamStore?
a. Risks
b. Objectives
c. Entities
d. Controls
4. Which of the following statements regarding the self-assessment process is incorrect?
a. Self-assessment allows both auditors and contacts to provide input for a risk assessment.
b. Self-assessments are performed using a web-based interface called TeamRisk Web.
c. Self-assessment scores automatically update the final risk score for the entity without any action required by the audit department.
d. Self-assessments can allow for the contact or audit partner to identify additional risks.
5. When building an internal audit plan in TeamRisk, the system provides all of the following information except:
a. Risk score by entity
b. The estimated start date of the audit
c. Cycle-driven requirement status
d. Whether or not the entity is already linked to an existing internal audit engagement
True/False
6. The Risk and Controls Library is static and cannot be changed once it is setup.
a. True
b. False
7. Classification of Risks is limited to the following types: Operational, Financial, Compliance, and Strategic.
a. True
b. False
8. When identifying entities for the internal audit plan, only one entity may be linked to each audit engagement for the year.
a. True
b. False
Discussion Questions
9. Explain the difference between evaluating inherent risks and residual risks, and how Team Risk facilitates the evaluation process.
10. Explain the purpose of the Global Organizational Hierarchy and its relationship with the COSO ERM framework.
Critical ThinkingTask
1. Create a Global Organizational Hierarchy for Champion Pharmaceutical, Inc. (CPI) using the information about the company provided in the Introduction to the TeamMate Practice Case. Then choose one entity, define two objectives for that entity, and describe two risks that threaten the achievement of each objective.
2. Using the Heat Map reports in Appendix A and Appendix B, identify the three highest priority internal audit engagements. Justify your reasoning for each engagement identified.
TeamMate Practice Case Exercise 1: TeamRisk
CPI's internal audit function uses TeamRisk to develop its annual risk-based internal audit plan. The planning process begins with the internal audit func-tion's understanding of the organization, which is documented in TeamRisk using the Global Organizational Hierarchy (GOH) feature. The GOH is a rep¬resentation of the audit universe, that is, all the organizational units (entities) the internal audit function can audit.
The internal audit function then uses TeamRisk to complete and document the following tasks:
• Identify CPI's entity objectives and the risks that threaten the achievement of those objectives.
• Link the identified objectives and risks, as well as controls designed to mitigate the risks, with the identified entities included in the GOH.
• Assess the inherent and/or residual risks for each entity and determine a total risk score.
• Develop an internal audit plan that includes those entities that pose the highest risks to CPI.