[Chuck]

Hello all,

I just have some questions about the CIA exam. I would appreciate that if anyone who has the related experience could help me.

The questions are 1. What is the difference between RISK APPETITE and RISK ACCEPTANCE?
2. If the auditee could provide reports and materials within ONE HOUR, is the auditing materials SUFFICIENT or RELEVANT?
3. What is the difference between Turnbull and COSO?
4. How to find out the OVERPAYMENT on partially paid vendor’s bill?

Thank you for your reading. I would appreciate your help.

Accounting related is my careers related

[brainfried75]

For #1, risk appetite refers to a threshold for a business area or process. For example, there could be a $1,000 risk appetite for inventory losses (just making that up). This means that $1K is the tolerance for those types of losses and management should stay below that tolerance to minimize risks. Risk acceptance, on the other hand, is when there's a clear risk that is a known risk but management has decided not to take other actions to remediate it because they have weighed the costs of allowing the risk to continue to exist and the benefits of remediating it do not outweigh the costs. For #2, it depends, it could be done but it depends on the request. If it's materials that have previously been saved because they were already performed, they likely are quickly accessible or even reports that can be generated from a certain system within minutes, that is also acceptable and you can even observe them pull the reports ensuring they have reflected the right periods. I don't see any issues with providing materials within a certain timeframe as there are ways to get comfortable with the artifacts through reperformance and observation or other audit techniques. For #3, at a high level, COSO is an internal framework based on 17 principles that are considered a best practice framework and is used in the US while Turnbull appears to be a similar framework applied in the UK. For #4, to find the overpayment on a partially paid vendor's bill, there could be several ways of doing that. It all depends on the access provided to internal auditors and analytics or data extraction that could be performed. I would search for the cash disbursements listing (G/L extraction) for the applicable period and filter by the relevant vendor and a second filter by invoice number or other appropriate fields, then I would compare the results to the invoice to determine any overpayment. I haven't taken the CIA exam, however, it does seem like a trick question – partially paid invoice overpayment? Really depends on the terms of the invoice as well.

[Author]

Replies