Community Q&A
Expert-verified answers to your financial certification questions. Ask, learn, and connect with fellow candidates.
Updated
How do I separate S corporation stock basis from debt basis when a loss question includes both?
author: AcadiFi Team Topics: ["Entity Taxation","S Corporations"] Tags: ["cpa","reg","tcp","s-corporation","basis","debt-basis","loss-limitation"] Related articles: ["reg-tcp-basis-credits-macrs-decision-map"] Related questions: [] Answer: Treat stoc
How do I study REG business law without memorizing random rules?
author: Verified Expert Topics: ["Business Law","Study Framework"] Tags: ["reg","business-law","study-method","contracts","suretyship"] Related articles: ["reg-contract-liability-decision-map"] Related questions: [] Answer: Use a two-question framewo
Why can releasing one co-surety shrink the creditor's collection rights?
author: AcadiFi Team Topics: ["Business Law","Suretyship"] Tags: ["reg","suretyship","cosurety","creditor-rights"] Related articles: ["reg-contract-liability-decision-map"] Related questions: [] Answer: The remaining co-sureties expected contribution
How is a merchant firm offer different from a regular offer on REG?
author: Verified Expert Topics: ["Business Law","Contracts"] Tags: ["reg","merchant-firm-offer","ucc","offer-and-acceptance"] Related articles: ["reg-contract-liability-decision-map"] Related questions: [] Answer: A merchant firm offer is a UCC conce
When does a REG contract modification need new consideration?
author: AcadiFi Team Topics: ["Business Law","Contracts"] Tags: ["reg","contracts","ucc","common-law","consideration"] Related articles: ["reg-contract-liability-decision-map"] Related questions: [] Answer: Start by classifying the contract before yo
How should auditors document management's acceptance of excessive risk?
author: AcadiFi Team Answer: The workpapers should show the risk, affected objective, criteria, evidence, management's explanation, proposed action, residual exposure, and the CAE's basis for concluding that the accepted risk appears above appetite o
Who should escalate unresolved unacceptable risk to the board?
author: AcadiFi Team Answer: The CAE is normally responsible for communicating unresolved unacceptable risk to the board. Staff auditors and engagement leads should escalate internally through the engagement supervisor or CAE so the issue can be eval
Does a severe audit issue mean internal audit should skip senior management?
author: AcadiFi Team Answer: Usually no. A severe issue may eventually require board attention, but internal audit should normally follow the approved escalation path. The CAE should discuss unacceptable risk with senior management and escalate to th
When can the CAE escalate unacceptable risk to the board?
author: AcadiFi Team Answer: The CAE escalates to the board when the CAE concludes that management has accepted a level of risk above the organization's appetite or tolerance and senior management has not resolved the matter. The board needs that inf
Why can defect metrics create behavioral risk?
author: Verified Expert Related article: cia-software-defect-root-cause-controls-map Related question-bank placeholders: ["quality-metric-behavioral-risk", "recurring-defect-remediation"] Question: Why can defect metrics create behavioral risk? Quest
How should internal audit test code review controls?
author: AcadiFi Team Related article: cia-software-defect-root-cause-controls-map Related question-bank placeholders: ["code-review-control-evidence", "requirements-change-defect-risk"] Question: How should internal audit test code review controls? Q
What controls reduce software defect risk?
author: Verified Expert Related article: cia-software-defect-root-cause-controls-map Related question-bank placeholders: ["automated-testing-regression-risk", "ci-gate-sdlc-control"] Question: What controls reduce software defect risk? Question detai
Should auditors recommend you-break-it-you-fix-it policies?
author: AcadiFi Team Related article: cia-software-defect-root-cause-controls-map Related question-bank placeholders: ["defect-root-cause-before-blame", "quality-metric-behavioral-risk"] Question: Should auditors recommend you-break-it-you-fix-it pol
What change controls matter for workflow platforms?
author: AcadiFi Team Answer: Auditors should test changes to workflows, forms, scripts, roles, integrations, reports, SLA rules, and platform settings. These changes can alter approvals, data access, routing, incident priority, dashboard results, and
How should internal audit assess CMDB data quality?
author: AcadiFi Team Answer: Internal audit should first identify how the CMDB is used. If it supports incident routing, change impact analysis, ownership, service mapping, or risk reporting, data quality becomes a control issue rather than a houseke
What should auditors test for client data segregation in a shared workflow platform?
author: AcadiFi Team Answer: Test whether users can access only the records, domains, clients, and workflows they are authorized to see. That means reviewing role design, group membership, provisioning approvals, privileged access, domain or client r
How do you audit a service management platform without turning it into a generic checklist?
author: AcadiFi Team Answer: Start with how the platform supports the organization. Identify the business processes, data, users, clients, integrations, reports, and service commitments that depend on it. Then build audit objectives around the main r
When can internal audit rely on risk management's work?
author: AcadiFi Team Answer: Internal audit can consider relying on risk management's work when the work is relevant to the audit objective and the CAE or engagement team has a documented basis for reliance. That basis should consider scope, competen
Should internal audit assign dollar values to every risk it reports?
author: AcadiFi Team Answer: No. Internal audit should quantify exposure when the audit evidence supports it and when quantification helps the conclusion. For example, duplicate payments, missed discounts, or known exception dollars may be calculated
Can internal audit share audit reports with risk management?
author: AcadiFi Team Answer: Sometimes, but it should be governed by a protocol. The CAE should consider the report's intended audience, confidentiality, legal sensitivity, board or audit committee expectations, and whether risk management needs the
Want unlimited access?
You've browsed several pages. Sign in to save your spot, bookmark questions, and unlock all 4,671 community questions plus expert-verified study materials.
Have a Question? Ask Our Experts
Register to ask questions, get expert-verified answers, and connect with fellow certification candidates preparing for CFA, FRM, CIA, CPA, and EA exams.