Internal Controls and Audit Practices Worksheet

Which of the following BEST defines the purpose of internal controls in a banking institution?

Which of the following is considered a preventive control in a banking environment?

During an audit, you identify that a specific control has been bypassed multiple times by the same business unit. What is the MOST appropriate course of action for the 3 LoD?

Which of the following best describes the "control environment" in the context of internal controls?

You are tasked with reviewing the effectiveness of internal controls within your organisation. During your review, you identify that a critical operational process consistently fails to meet established policies and procedures, leading to regulatory non-compliance and potential reputational risks. What is the MOST appropriate action to take in alignment with effective internal control principles?

When reviewing the results of an internal audit, what is the MOST critical factor for the 3 LoD to consider when prioritising audit findings?

An internal audit report identifies recurring gaps in the documentation of key control processes across multiple departments. As the 3 LoD, you are tasked with identifying the potential root causes contributing to these gaps. Which of the following could be contributing factors? i. Lack of consistent documentation standards across the organisation ii. High employee turnover in key operational roles responsible for control implementation iii. Failure to prioritise documentation during risk assessment exercises conducted by the 1 LoD iv. Inadequate training provided to staff on control documentation requirements

Which of the following is the key critical factor to consider when prioritising audit findings for internal controls?

The internal audit team identifies a pattern of control overrides by senior executives in high-value transactions, raising potential governance concerns. What should be the MOST effective next steps? i. Escalate the issue to the board of directors, emphasising the potential governance risks ii. Recommend stricter policies prohibiting control overrides in all transactions iii. Conduct a forensic audit to determine whether the overrides were justified or indicate misconduct iv. Collaborate with the compliance team to increase monitoring of high-value transactions

The board requests an audit of the bank's digital transformation initiatives, particularly the integration of AI-driven controls. Initial findings reveal that key stakeholders in the 1 LoD and 2 LoD lack understanding of how AI models determine risk scores. What recommendations would you provide? i. Advocate for mandatory training for all stakeholders on AI risk assessment methodologies ii. Recommend pausing the deployment of AI-driven controls until stakeholder concerns are resolved iii. Suggest periodic validation of AI models by external AI subject matter experts to ensure transparency and accuracy iv. Advise the board to allocate additional resources for improving AI model explainability