Untitled Quiz

Questions and Answers

What is the main focus of the book 'Why CISOs Fail'?

The importance of staff training in security management

Identifying the key failures in the role of CISOs (correct)

The role of technology in cybersecurity

Implementing advanced security protocols

Which edition of 'Operational Auditing' was published in 2022?

Second edition (correct)

Revised edition

Third edition

First edition

Who are the authors of the 'Cybersecurity Workforce Framework (2.0)'?

Dan Shoemaker, Anne Kohnke, and Ken Sigler (correct)

Barak Engel and Ken Sigler

Hernan Murdock and Daniel Samson

Lewis and Anne Kohnke

Which company published the first edition of 'Operational Auditing'?

CRC Press

What is the primary concern expressed by the authors regarding the copyright material in the publications?

The difficulty in tracing copyright holders

What is stated about the publication year of 'Why CISOs Fail'?

Publication year is not mentioned

Where is the CRC Press based, as noted in the publication details?

Boca Raton, FL

What is a notable aspect of the books published by CRC Press according to the information provided?

They include a range of technical and educational materials

What is a primary implication of sustainability reporting according to survey respondents?

It gives organizations a competitive advantage.

What is the purpose of Corporate Social Responsibility (CSR) as described in the content?

To serve as a self-regulating mechanism for compliance.

Which of the following is NOT one of the elements of the triple bottom line?

Productivity (operational)

What is one of the challenges related to sustainability reporting as mentioned in the content?

Availability of data.

How is the role of auditors evolving according to the content?

Auditors are becoming more business-oriented professionals.

How do internal auditors view their role in terms of adding value?

They unanimously agree they add value.

What misconception does the text address regarding internal auditors?

They are often seen as a necessary expense rather than a value-add.

In what way do auditors see their role differently, beyond verification and checking?

As a means to improve operational efficiency.

What is a significant consequence of poorly supervised, trained, and evaluated employees?

Reduced productivity

Which issue is most likely to arise from inaccurate understanding of business needs in IT systems?

Inadequate decision-making

What challenge emerges when companies utilize mass marketing strategies?

Targeting the wrong audience

Which of the following is a concern related to corporate social responsibility (CSR)?

Child labor and sweatshop conditions

What can poor Environmental Health and Safety (EHS) practices result in?

Increased workplace hazards

What year did Dr. Murdock earn his Doctor of Business Administration (DBA)?

2007

Which certification does Dr. Murdock hold that focuses on risk management assurance?

CRMA Certification in Risk Management Assurance

What is the main theme of the quote by John B. Petersen III in the content?

Being a good example enhances credibility in recommendations.

In which area has Dr. Murdock NOT written an article or book chapter?

Supply chain optimization

Which of the following industries has Dr. Murdock NOT performed audits for?

Health care

What is the primary function of internal audit as described in the content?

To offer independent assurance and consulting services.

Which degree did Dr. Murdock obtain first?

BSBA

What significant change is internal audit undergoing as mentioned in the content?

Maintaining constant independence while changing operational methods.

What aspect does operational auditing primarily evaluate in relation to management?

Management's effectiveness in achieving its objectives

Which of the following is NOT mentioned as a key expectation from stakeholders?

Maximizing shareholder value

What is a primary concern regarding procedures documentation during operational audits?

Document up-to-date status and employee understanding

Which consequence is likely to arise from a poorly structured organization?

High turnover of employees and vendors

Operational auditing can be distinguished from traditional auditing by its focus on:

The efficiency of business processes over multiple time periods

The effectiveness of operational auditing is largely determined by:

The auditor's ability to provide an objective review

Which of the following best describes the goal of operational auditing?

To assess the effectiveness and efficiency of business activities

What is a significant challenge that operational auditors face in modern organizations?

Meeting the increasing expectations of stakeholders

What is one common misconception about the role of internal auditors?

They should always find something wrong during an audit.

What is emphasized as foundational for internal auditors in their work?

Identifying relevant business objectives.

How can internal auditors add value to an organization?

By aligning their work with the organization's business objectives.

What challenge do internal auditors face when recommending controls?

Some controls may address only theoretical risks.

Which approach is not aligned with effective internal auditing?

Recommending controls based solely on personal intuition.

In what way can the mindset of an audit team impact their results?

By promoting an endless search for issues.

Which outcome is an internal auditor striving to achieve when addressing risks?

Assist the organization in achieving its objectives.

What was one of the key pieces of advice given to the audit manager?

Consider how to run the audit department for success.

Study Notes

Operational Auditing: Definition and Characteristics

• Internal audit is transforming, keeping its core role of providing assurance and consulting but adapting its methods.
• Sustainability reporting is becoming a competitive advantage, requiring organizations to analyze their practices and integrate them into corporate strategy.
• Corporate Social Responsibility (CSR) is expected to be a built-in mechanism for monitoring compliance with laws and ethics. Organizations are expected to consider social, environmental, and economic impact.
• Challenges exist in CSR, including data availability, accuracy, completeness, and organizational buy-in.
• Consulting is a key part of modern internal audit, offering advice on improving operations, resolving issues, and adapting to business challenges. It's becoming more advisory and less about strictly enforcing regulations.
• Internal auditors aim to add value to the organization, but non-auditors sometimes see them as necessary evils.
• Improving operations is a significant aspect of modern internal audit, aiming to boost efficiency, effectiveness, speed, and reduce errors. This is viewed as crucial for addressing business risks.
• A key concept is linking controls to business objectives and responding to risks. Auditors should focus on aligning their work with organizational goals.

Operational Auditing: Beyond Internal Controls

• Operational auditing goes beyond checking controls. It assesses management performance and how well they achieve organizational objectives.
• Stakeholder expectations (e.g., CSR, ethics, information security, reputation) are increasing, creating more challenging environments.
• Operational auditing should examine qualitative aspects of the organization in addition to procedures and controls. This includes ensuring procedure documentation is up-to-date, relevant, efficient, secure, understood and readily accessible by employees.
• Organizational structure is important; a poorly structured organization negatively affects efficiency and objective attainment.
• Operational audits analyze multiple time periods to understand trends, patterns, outliers, and other dynamics.

Operational Audit Focus Areas

• Operational audits inspect business functions, activities, processes, and units. They investigate issues such as waste, inefficiencies, slow supply chains, poor customer satisfaction, and limited capacity to manage changes.
• Identifying issues under various factors: Human resources (poor supervision, training, and evaluation), Information Technology (system inaccuracies, poor data capture, and reporting), and Marketing (inaccurate targeting, and wastes).
• Social Responsibility issues include child labor, sweatshops, abusive management, and improper waste disposal.
• Environmental health and safety issues include poor ventilation, excessive heat, noise levels, and hazards from chemicals, machinery, and workplace designs.

Increasing Stakeholder Demands

• Stakeholder demands for advisory and consulting activities are increasing and driving the evolution of internal audit roles.