Gleim CIA Part2 MCQs [PDF]
PART-2 UNIT 1 1. Internal auditing is an assurance and consulting activity. An example of an assurance service is a(n)
136 0 3MB
Papiere empfehlen
![Gleim CIA Part2 MCQs [PDF]](https://vdoc.tips/img/200x200/gleim-cia-part2-mcqs.jpg)
- Author / Uploaded
- Fazlihaq Durrani
Datei wird geladen, bitte warten...
Zitiervorschau
PART-2 UNIT 1 1. Internal auditing is an assurance and consulting activity. An example of an assurance service is a(n)
A.
Advisory engagement.
B.
Facilitation engagement.
C.
Training engagement.
D.
Compliance engagement.
Answer (D) is correct. According to The IIA Glossary, an assurance service is “an objective examination of evidence for the purpose of providing an independent assessment of governance, risk management, and control processes for the organization. Examples may include financial, performance, compliance, system security, and due diligence engagements.”
A. An advisory engagement is a consulting service. B. A facilitation engagement is a consulting service. C. A training engagement is a consulting service.
2.
Which of the following potentially are subject to the internal auditors’ evaluations?
1. The human resources function. 2. The purchasing process. 3. The manufacturing and production database system. A.
1 only.
B.
2 only.
C.
1, 2, and 3.
D.
None of the answers are correct.
Answer (C) is correct. Internal auditing is an organizationally independent and individually objective assurance and consulting activity that adds value and improves operations. It evaluates and contributes to the improvement of the organization’s governance, risk management, and control processes. When performing the assurance function, internal auditing evaluates the adequacy and effectiveness of controls. For example, it evaluates the effectiveness and efficiency of operations and programs.
A. Items 2 and 3 are subject to internal auditor evaluation. B. Items 1 and 3 are subject to internal auditor evaluation. D. All of the listed items are subject to internal auditor evaluation.
3. What is the most accurate term for the procedures used by the board to oversee activities performed to achieve organizational objectives?
A.
Governance.
B.
Control.
C.
Risk management.
D.
Monitor
Answer (A) is correct. Governance is the “combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives” (The IIA Glossary).
B. Control is “any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved” (The IIA Glossary). C. Risk management is “a process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives” (The IIA Glossary). D. Monitoring consists of actions taken by management and others to assess the quality of internal control performance over time. It is not currently defined in the Standards or The IIA Glossary.
4.
A basic principle of governance is
A.
Assessment of the governance process by an independent internal audit activity.
B. Holding the board, senior management, and the internal audit activity accountable for its effectiveness. C.
Exclusive use of external auditors to provide assurance about the governance process.
D.
Separation of the governance process from promoting an ethical culture in the organization.
Answer (A) is correct. The internal audit activity must assess and make appropriate recommendations for improving the governance process (Perf. Std. 2110).
B. The internal audit activity is an assessor of the governance process. It is not accountable for that process. C. External parties and internal auditors may provide assurance about the governance process. D. The internal audit activity must assess and make appropriate recommendations for improving the governance process in its promotion of appropriate ethics and values within the organization.
5. After using the same public accounting firm for several years, the board of directors retained another public accounting firm to perform the annual financial audit in order to reduce the annual audit fee. The new firm has now proposed a one-time engagement relating to the cost-effectiveness of the various operations of the business. The chief audit executive has been asked to advise management in making a decision on the proposal. An argument can be made that the internal audit activity is better able to perform such an engagement because
A. External auditors may not possess the same depth of understanding of the organization as the internal auditors. B.
Internal auditors are required to be objective in performing engagements.
C. Engagement procedures used by internal auditors are different from those used by external auditors. D.
Internal auditors will not be vitally concerned with fraud and waste.
Answer (A) is correct. Internal auditing evaluates and contributes to the improvement of the organization’s governance, risk management, and control processes. Accordingly, its scope of work is far broader than that of the external auditors.
B. Internal and external auditors are required to be objective. C. Internal and external auditors use the same procedures. D. Internal auditors are vitally concerned with fraud and waste.
6. A manufacturer has been expanding rapidly and is considering adding a new production line. Employees are currently working double shifts and receiving large amounts of overtime pay. Demand for all of the organization’s products is currently high, but management worries about demand fluctuations with changes in the economy and technological developments by competitors. Management is concerned with such issues as whether it is efficiently using its resources, whether it is expanding too rapidly or not rapidly enough, whether employee morale is decreasing, and whether future expansion should be financed internally or through debt. Of the following management requests, which is within the normal scope of work of the internal audit activity as stated in the Standards?
A. Perform an independent evaluation of management’s planning process as a basis for making recommendations. B. Talk with banks to identify financing alternatives and negotiate contract alternatives that will be presented to management for evaluation. C.
Analyze financing alternatives and present the alternatives to the audit committee.
D. Undertake a make-or-buy decision analysis to determine whether the organization should subcontract for part of its manufacturing versus adding capacity. Report the recommendation to management for approval.
Answer (A) is correct. Internal auditing is an organizationally independent and individually objective assurance and consulting activity that adds value and improves operations. It evaluates and contributes to the improvement of the organization’s governance, risk management, and control processes. Thus, evaluating the planning process is within the broad scope of work of internal auditing.
B. Discussing financing alternatives with banks is a responsibility of management. Such an activity also has the potential to impair the independence of the internal audit activity. C. Analyzing financing options is a responsibility of the finance function. Moreover, information about the analysis should be directed to management or a finance committee of the board. The audit committee is concerned with oversight of internal and external auditing functions. D. Make-or-buy decisions are a responsibility of management.
7. Control by management is the result of
A.
Planning, organizing, and directing of organizational activities.
B. Ascertaining needs, identifying alternative courses of action, setting standards for measuring performance, and comparing outcomes with predetermined standards. C. Authorizing and monitoring performance and comparing actual performance with planned performance.
D.
8.
Determining efficiency and economy of operations, including whether objectives have been met.
Controls should be designed to provide reasonable assurance that
A.
Organizational objectives will be achieved economically and efficiently.
B.
Management’s plans have not been circumvented by worker collusion.
C. The internal audit activity’s guidance and oversight of management’s performance is accomplished economically and efficiently. D.
Management’s planning, organizing, and directing processes are properly evaluated.
Answer (A) is correct. A control is any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives will be achieved (The IIA Glossary). Thus, control by management is the result of proper planning, organizing, and directing.
B. Collusion is an inherent limitation of internal control. C. Representatives of the organization’s stakeholders (e.g., the board) provide oversight of risk and control processes administered by management. D. Internal auditors evaluate management processes to determine whether reasonable assurance exists that objectives will be achieved.
9. The internal audit activity is responsible for implementing 1. Risk management 2. Governance 3. Control
A.
1 only.
B.
2 only.
C.
3 only.
D.
None of the answers are correct.
Answer (D) is correct. The internal audit activity is responsible for evaluating and contributing to the improvement of governance, risk management, and control processes. But management is responsible for implementing those processes.
A. The internal audit activity is not responsible for implementing risk management. B. The internal audit activity is not responsible for implementing governance. C. The internal audit activity is not responsible for implementing controls.
10. When assessing the risk associated with an activity, an internal auditor should
A.
Determine how the risk should best be managed.
B.
Provide assurance on the management of the risk.
C.
Update the risk management process based on risk exposures.
D.
Design controls to mitigate the identified risks.
Answer (B) is correct. The internal audit activity must evaluate and contribute to the improvement of processes using a systematic, disciplined, and risk-based approach. Assurance service is an objective of evidence examination to provide an independent assessment.
A. Risk management is a key responsibility of senior management and the board, not the internal auditor. C. Designing and updating the risk management process is a role of management. D. The design and implementation of controls is the responsibility of management, not internal audit.
11. Which of the following items is least likely to be considered when determining the strategy for assessing governance, risk management, and control?
A.
The maturity of the processes.
B.
The seniority of the persons responsible.
C.
The organizational culture.
D.
The members of the audit committee.
Answer (D) is correct. The members of the audit committee, an operating committee of the board of directors, is least likely to be considered when determining the strategy for assessing governance, risk management, and control. These three processes are closely related. Ordinarily, the board is responsible for guiding governance processes, and senior management is responsible for leading risk management and control processes. The CAE typically considers (1) the maturity of these processes, (2) the seniority of the persons responsible, and (3) the organizational culture when determining the strategy for assessing governance, risk management, and control.
A. The maturity of the processes is one of the items that should be considered when determining the strategy for assessing governance, risk management, and control. B. The seniority of the persons responsible is one of the items that should be considered when determining the strategy for assessing governance, risk management, and control. C. The organizational culture is one of the items that should be considered when determining the strategy for assessing governance, risk management, and control.
12. When are governance, risk management, and control processes considered adequate?
A. When management has planned and designed them to provide reasonable assurance of achieving the organization’s objectives efficiently and economically. B. When management has planned and designed them to provide absolute assurance of achieving the organization’s objectives efficiently and economically. C. When the internal audit activity has planned and designed them to provide reasonable assurance of achieving the organization’s objectives efficiently and economically. D.
When the company is profitable.
Answer (A) is correct. Governance, risk management, and control processes are adequate if management has planned and designed the processes to provide reasonable assurance of achieving the organization’s objectives efficiently and economically. Reasonable assurance is provided if the most cost-effective measures are taken in the design and implementation of controls to reduce risks and restrict expected deviations to a tolerable level. Efficient performance accomplishes objectives in an accurate, timely, and economical
fashion while economical performance accomplishes objectives with minimal use of resources (i.e., cost) proportionate to the risk exposure.
B. Absolute assurance cannot be provided through governance, risk management, and control processes. C. The internal audit activity may consult on the design of governance, risk management, and control processes. However, the adequacy of these processes is not contingent on the involvement of the internal audit activity in planning and designing such processes. Additionally, such involvement could potentially impair the independence of the internal audit activity. D. A company’s profitability does not necessarily indicate that governance, risk management, and control processes are adequate.
13. Which of the following is most essential for guiding the internal audit staff?
A.
Quality program assessments.
B.
Position descriptions.
C.
Performance appraisals.
D.
Policies and procedures.
Answer (D) is correct. The chief audit executive must establish policies and procedures to guide the internal audit activity (Perf. Std. 2040).
A. Quality program assessments do not provide specific daily guidance to the staff with respect to performance standards. B. Position descriptions do not provide specific daily guidance to the staff with respect to performance standards. C. Performance appraisals do not provide specific daily guidance to the staff with respect to performance standards.
14. The key factor in the success of an internal audit activity’s human resources program is
A.
An informal program for developing and counseling staff.
B.
A compensation plan based on years of experience.
C.
A well-developed set of selection criteria.
D.
A program for recognizing the special interests of individual staff members.
Answer (C) is correct. Internal auditors should be qualified and competent. Because the selection of a superior staff is dependent on the ability to evaluate applicants, selection criteria must be well-developed. Appropriate questions and forms should be prepared in advance to evaluate, among other things, the applicant’s technical qualifications, educational background, personal appearance, ability to communicate, maturity, persuasiveness, self-confidence, intelligence, motivation, and potential to contribute to the organization.
A. The human resources program should be formal. B. The quality of the human resources is more significant than compensation. D. The quality of the human resources is more significant than special interests of the staff.
15. Written policies and procedures relative to managing the internal audit activity should
A.
Ensure compliance with its performance standards.
B.
Give consideration to its structure and the complexity of the work performed.
C.
Result in consistent job performance.
D. Prescribe the format and distribution of engagement communications and the classification of observations.
Answer (B) is correct. The form and content of policies and procedures are dependent upon the size and structure of the internal audit activity and the complexity of its work (Inter. Std. 2040).
A. No written policy or procedure can ensure compliance with standards. C. Consistent performance depends on various factors, especially adequate training and supervision.
D. The format and distribution of engagement communications and the classification of observations may vary from engagement to engagement.
16. Which of the following items would not be an appropriate staffing issue?
A.
Selecting qualified and competent individuals.
B.
Providing a competitive selection of employee benefits.
C.
Providing continuing educational opportunities for each internal auditor.
D.
Appraising each internal auditor’s performance at least annually.
Answer (B) is correct. Internal auditors must have the knowledge, skills, and other competencies to perform their responsibilities. For example, they (1) might use the competency framework for self-assessment and (2) should demonstrate proficiency by obtaining professional certifications and qualifications (IG 1210, Proficiency). But a professional development program for internal auditors does not address employee compensation.
A. Staffing addresses the proficiency of internal auditors individually and the internal audit activity as a whole. C. Internal auditors should enhance their competencies through continuing professional development (Att. Std. 1230). D. Regularly reviewing the performance of internal auditors provides insight regarding training requirements and feedback to aid in their professional development (IG 1210, Proficiency).
17. In most cases, an internal audit activity should document policies and procedures to ensure the consistency and quality of its work. The exception to this principle is directly related to
A.
Departmentation.
B.
Division of labor.
C.
Size of the internal audit activity.
D.
Authority.
Answer (C) is correct.
The form and content of policies and procedures are dependent upon the size and structure of the internal audit activity and the complexity of its work (Inter. Std. 2040). Thus, all internal audit activities are not required to have a detailed policies and procedures manual.
A. Departmentation can improve communications among team members, but sufficient direct supervision may be lacking if spans of control are large. B. Division of labor produces highly specialized individuals, but formalized guidance is necessary for newer employees if the internal audit activity is large. D. Regardless of the degree of authority wielded by the chief audit executive, formal policies are needed in a large internal audit activity.
18. Policies and procedures must be established to guide the internal audit activity. Which of the following statements is false with respect to this requirement?
A. The form and content of written policies and procedures depend on the size of the internal audit activity. B.
All internal audit activities must have a detailed policies and procedures manual.
C.
Formal administrative and technical manuals may not be needed by all internal audit activities.
D. A small internal audit activity may be managed informally through close supervision and memoranda.
Answer (B) is correct. The form and content of policies and procedures are dependent upon the size and structure of the internal audit activity and the complexity of its work (Inter. Std. 2040). Thus, all internal audit activities are not required to have a detailed policies and procedures manual.
A. The form and content of policies and procedures depend on the size of the internal audit activity. C. Formal administrative and technical manuals may not be needed by all internal audit activities. D. A small internal audit activity may be managed informally through close supervision and memos
19. Which of the items below most likely reflects differences between the policies of a relatively large and a relatively small internal audit activity? The policies for the large activity should
A.
Define the scope of internal auditing.
B.
Contain the authority to carry out engagements.
C.
Be specific as to activities to be carried out.
D.
Be in considerable detail.
Answer (D) is correct. The form and content of policies and procedures are dependent upon the size and structure of the internal audit activity and the complexity of its work (Inter. Std. 2040). Thus, the policies of a relatively large internal audit activity are likely to be more detailed than those of a relatively small internal audit activity.
A. The scope of internal auditing is covered in the charter. B. The authority to carry out engagements is covered in the charter. C. Whether the internal audit activity is large or small, it must have policies that specifically state its functions.
20. The chief audit executive for a large decentralized organization has developed a manual containing comprehensive detailed written procedures as a guide for the decentralized engagement work groups, each of which has 20 to 30 internal auditors. The organization recently acquired a small organization that has an internal audit activity consisting of a supervisor and two staff personnel. Which of the following actions is the most practical in providing administrative guidance for this new internal audit activity?
A. Select key procedures from the manual and use informal supervisory direction for other engagement management issues. B.
Use informal supervisory direction for engagement management issues.
C.
Use the already developed manual.
D. Adopt the administrative procedures being followed by the internal auditors of the acquired organization.
Answer (A) is correct. Orientation to acquaint the acquired organization’s staff with the established environment should be through exposure to selected key procedures from the formal manual. The form and content of policies and procedures are dependent upon the size and structure of the internal audit activity and the complexity of its work (Inter. Std. 2040). Thus, a small internal audit activity may be managed informally, for example, through daily close supervision and written memoranda.
B. The use of informal supervisory direction alone for new staff is inadequate. C. Complete reliance on the existing manual would require more formal management than is necessary for a small internal audit activity. D. Management of the new internal auditing organization should not be inconsistent with the rest of the organization.
21. Which of the following, though not appropriate for use with a large internal audit activity, is an acceptable approach for managing a small internal audit activity?
A.
Preparing comprehensive policies and procedures.
B.
Writing detailed instructions and guidelines for each engagement area.
C.
Using only daily, close supervision and written memoranda.
D.
Developing technical manuals to guide performance.
Answer (C) is correct. Formal administrative and technical audit manuals may not be needed by all internal audit entities. A small internal audit activity may be managed informally. Its audit staff may be directed and controlled through daily, close supervision and written memoranda. In a large internal audit activity, more formal and comprehensive policies and procedures are essential to guide the internal audit staff in the execution of the internal audit plan.
A. Preparing comprehensive policies and procedures is more appropriate for managing a large internal audit activity. B. Writing detailed instructions and guidelines for each engagement area is more appropriate for managing a large internal audit activity. D. Developing technical manuals to guide performance is more appropriate for managing a large internal audit activity.
22. Any program for selecting and developing the human resources of the internal audit activity will fail unless compensation is adequate at all levels of responsibility. Policies concerning compensation should
A. Link internal auditors’ compensation to the pay for comparable positions in the controller’s department. B.
Provide for cost-of-living, longevity, and merit increases annually.
C. Be informal and as flexible as possible to allow the chief audit executive to respond to unusual situations. D.
Be clearly stated and based on evaluations of position requirements and individual performance.
Answer (D) is correct. Internal auditing job descriptions are important because, among other things, they may be used to justify adequate salaries. As part of an overall personnel management and development program, they should be used together with periodic, formal performance appraisals as a basis for compensation adjustments and promotions.
A. No necessary correlation exists between the work of internal auditors and of the controller’s staff. B. Increases need not necessarily be annual. C. Formal, well-defined policies are preferable to avoid misunderstandings.
23. Inquiring how an employment candidate handled situations in their past is an example of which interview method?
A.
Behavioral.
B.
Stress.
C.
Structured.
D.
Unstructured.
Answer (A) is correct. Behavioral interviews determine how candidates handled situations in their past. It is based on the belief that past performance is generally indicative of future performance. The behavioral interview is a widely-used interview method and may include questions that ask the candidate to describe a past situation and how it was handled.
B. Stress interviews deliberately place candidates in a stressful situation to see how they react. For example, the interviewer may appear distracted or contrary, the questions may be strange, or candidates may be placed in an uncomfortable situation. The interviewer is looking for candidates who will remain calm and keep their composure.
C. Structured interviews use a set of job-related questions with standardized answers, which are then scored. This type of interview is more formal. Questions may focus on job knowledge, job sample simulations, worker requirements, and hypothetical situational inquiries. D. Unstructured interviews are informal and more conversational in nature. For example, the candidate may be asked to talk about themselves and their hobbies. Employers may intentionally use this casual interview style to put the candidate at ease, and the candidate may say more than they intended. In this situation, the candidate provides the structure of the conversation and should be sure to convey his or her skills and qualifications.
24. According to the International Professional Practices Framework, the internal audit activity is effectively managed when
A. Policies on responsibilities of the internal audit activity are included in the organization’s operations manual. B.
Its individual members conform with the Code of Ethics and the Standards.
C.
Management oversees the day-to-day operations of the internal audit activity.
D.
It has the skill set and knowledge to help the organization achieve its objectives.
Answer (B) is correct. According to the Interpretation of Standard 2000, the internal audit activity is effectively managed when It achieves the purpose and responsibility included in the internal audit charter. It conforms with the Standards. Its individual members conform with the Code of Ethics and the Standards. It considers trends and emerging issues that could impact the organization. The internal audit activity adds value to the organization and its stakeholders when it considers strategies, objectives, and risks; strives to offer ways to enhance governance, risk management, and control processes; and objectively provides relevant assurance.
A. A large, mature internal audit activity may have a formal operations manual that includes policies and procedures. A smaller and less mature internal audit activity’s policies and procedures may reside in separate documents or in audit management software. The organization is not required to have an operations manual to be effectively managed by the internal audit activity. C. Day-to-day operations of the internal audit activity are overseen by management. However, management overseeing the day-to-day operations does not ensure that the internal audit activity is effectively managed.
D. Internal auditors should be qualified and competent and possess a diverse set of skills to perform their jobs effectively. However, merely having the necessary skill set and knowledge does not ensure that the internal audit activity is effectively managed.
25. Which of the following statements is false regarding the administration of the internal audit activity?
A.
Management oversees the day-to-day operations of the internal audit activity.
B. An internal audit manager may be assigned to monitor internal audit processes and emerging issues. C. The audit committee is responsible for creating the operating and financial budget for the internal audit function. D.
Selection criteria for hiring internal auditors should be well-developed.
Answer (C) is correct. Budgeting is included in the administrative activities of the internal audit activity. The CAE, not the audit committee, is responsible for creating the operating and financial budget for the internal audit function. Generally, the CAE, audit managers, and the internal audit activity work together to develop the budget annually. The budget is then submitted to management and the board for their review and approval.
A. Management oversees the day-to-day operations of the internal audit activity, including some administrative activities. B. Administration of the internal audit activity’s policies and procedures is included in the administrative activities of the internal audit activity. According to the Interpretation of Standard 2040, “The form and content of the organization’s policies and procedures are dependent upon the size and structure of the internal audit activity and the complexity of its work.” D. Human resource administration, including personnel evaluations and compensation, are included in the administrative activities of the internal audit activity. Additionally, internal auditors need to possess a diverse set of skills to perform their jobs effectively. These skills are not always apparent in a standard resume. Selection of superior staff is dependent on the ability to evaluate applicants and selection criteria must be well-developed.
26. An audit committee should be designed to enhance the independence of both the internal and external auditing functions and to insulate these functions from undue management pressures. Using this criterion, audit committees should be composed of
A.
A rotating subcommittee of the board of directors or its equivalent.
B.
Only members from the relevant outside regulatory agencies.
C. Members from all important constituencies, specifically including representatives from banking, labor, regulatory agencies, shareholders, and officers. D.
Only external members of the board of directors or its equivalent.
Answer (D) is correct. The audit committee of the board of directors should be composed entirely of outside directors. Outside directors are members of the board who are independent of internal management. Because the primary purpose of the audit committee is to promote the independence of the internal and external auditors from management, an audit committee composed of inside directors would be ineffective.
A. The audit committee is not required to be rotated periodically. B. Regulators ordinarily do not serve as directors. C. Officers are not outside directors.
27. Audit committees have been identified as a major factor in promoting the independence of both internal and external auditors. Which of the following is the most important limitation on the effectiveness of audit committees?
A. Audit committees may be composed of independent directors. However, those directors may have close personal and professional friendships with management. B.
Audit committee members are compensated by the organization and thus favor an owner’s view.
C. Audit committees devote most of their efforts to external audit concerns and do not pay much attention to the internal audit activity and the overall control environment. D.
Audit committee members do not normally have degrees in the accounting or auditing fields.
Answer (A) is correct. The audit committee is a subcommittee made up of outside directors who are independent of management. Its purpose is to help keep external and internal auditors independent of management and to ensure that the directors are exercising due care. However, if independence is impaired by personal and professional friendships, the effectiveness of the audit committee may be limited.
B. The compensation audit committee members receive is usually minimal. They should be independent and therefore not limited to an owner’s perspective. C. Although audit committees are concerned with external audits, they also devote attention to the internal audit activity.
D. Audit committee members do not need degrees in accounting or auditing to understand engagement communications.
28. The audit committee strengthens the control processes of an organization by
A.
Assigning the internal audit activity responsibility for interaction with governmental agencies.
B.
Using the chief audit executive as a major resource in selecting the external auditors.
C.
Following up on recommendations made by the chief audit executive.
D.
Approving internal audit activity policies.
Answer (C) is correct. Among the audit committee’s functions are ensuring that engagement results are given due consideration and overseeing appropriate corrective action for deficiencies noted by the internal audit activity, which includes following up on recommendations by the CAE.
A. A direct strengthening of controls does not result from this activity. B. A direct strengthening of controls does not result from this activity. D. A direct strengthening of controls does not result from this activity.
29. The audit committee may serve several important purposes, some of which directly benefit the internal audit activity. The most significant benefit provided by the audit committee to the internal audit activity is
A.
Protecting the independence of the internal audit activity from undue management influence.
B.
Reviewing annual engagement work schedules and monitoring engagement results.
C. Approving engagement work schedules, scheduling, staffing, and meeting with the internal auditors as needed. D. Reviewing copies of the procedures manuals for selected organizational operations and meeting with organizational officials to discuss them.
Answer (A) is correct. The audit committee is a subcommittee of the board of directors composed of outside directors who are independent of corporate management. Its purpose is to help keep external and internal auditors
independent of management and to ensure that the directors are exercising due care. This committee often selects the external auditors, reviews their overall audit plan, and examines the results of external and internal audits.
B. Reviewing the audit plan and the results can be performed by the entire board. C. Reviewing the audit plan and staffing requirements can be performed by the entire board. D. Reviewing procedures manuals can be performed by the entire board.
30. To avoid creating conflict between the chief executive officer (CEO) and the audit committee, the chief audit executive (CAE) should
A.
Submit copies of all engagement communications to the CEO and audit committee.
B.
Strengthen independence through organizational status.
C.
Discuss all pending engagement communications to the CEO with the audit committee.
D. Request board establishment of policies covering the internal audit activity’s relationships with the audit committee.
Answer (D) is correct. Independence is not sufficient to prevent conflict unless reporting relationships are well defined.
A. The CEO and audit committee most likely should receive summary reports. Senior management and the board ordinarily are not involved in the details of internal audit work. B. Independence is not sufficient to prevent conflict unless reporting relationships are well defined. C. The CEO and audit committee most likely should receive summary reports. Senior management and the board ordinarily are not involved in the details of internal audit work.
31. Which of the following actions is an appropriate response by organizations wishing to improve the public’s perception of their financial reporting?
A.
Increased adoption of audit committees composed of outside directors.
B.
Viewing internal auditing as a transient profession—a stepping stone to managerial positions.
C. Requiring internal auditors to report all significant observations of illegal activity to the chief executive officer.
D.
Keeping external and internal auditing work separated to maintain independence.
Answer (A) is correct. The audit committee consists of outside directors who are independent of management. Its purpose is to help keep external and internal auditors independent of management and to assure that the directors are exercising due care. This committee (1) selects the external auditors; (2) reviews their overall audit plan; (3) examines the results of external and internal auditing engagements; (4) meets regularly with the CAE; and (5) reviews the internal audit activity’s engagement work schedule, staffing plan, and financial budget. These functions should increase public confidence that financial statements are fairly presented.
B. Transience of internal auditors impairs the proficiency of the internal audit activity. c. If illegal activities involve senior management, distribution of engagement communications should be to the audit committee, not the CEO. D. The work of the internal and external auditors should be coordinated to minimize duplicate efforts. Coordination does not impair independence or reduce public confidence.
32. Which of the following is not an appropriate member of an audit committee?
A.
The vice president of the local bank used by the organization.
B.
An academic specializing in business administration.
C.
A retired executive of a firm that had been associated with the organization.
D.
The organization’s vice president of operations.
Answer (D) is correct. The audit committee consists of outside directors who are independent of management. Its purpose is to help keep external and internal auditors independent of management and to assure that the directors are exercising due care. The organization’s vice president is not an outside director. The vice president of the local bank used by the organization, an academic specializing in business administration, and a retired executive of a firm that had been associated with the organization are all external parties who are usually independent of the organization’s internal operations.
A. The vice president of the local bank used by the organization is an external party who is usually independent of the organization’s internal operations. B. An academic specializing in business administration is an external party who is usually independent of the organization’s internal operations.
C. A retired executive of a firm that had been associated with the organization is an external party who is usually independent of the organization’s internal operations.
33. Which of the following audit committee activities is of the greatest benefit to the internal audit activity?
A.
Review and approval of engagement work programs.
B. Assurance that the external auditor will rely on the work of the internal audit activity whenever possible. C. Review and endorsement of all internal auditing engagement communications prior to their release. D. Determine whether scope limitations impede the ability of the internal audit activity to execute its responsibilities.
Answer (D) is correct. The CAE should report functionally to the board (audit committee) to achieve organizational independence and allow the internal audit activity to fulfill its responsibilities. Functional reporting to the board typically involves, among other things, making appropriate inquiries of management and the CAE to determine whether audit scope or budgetary limitations impede the ability of the internal audit activity to fulfill its responsibilities.
A. Review and approval of engagement work programs is the responsibility of internal audit supervisors. B. Whether the external auditor will make use of the work of internal auditing is not for the audit committee to decide. C. Review and approval of internal audit engagement communications is the responsibility of the chief audit executive or his or her designee.
34. Which of the following features of a large manufacturer’s organizational structure is a control weakness?
A. The information systems department is headed by a vice president who reports directly to the president. B.
The chief financial officer is a vice president who reports to the chief executive officer.
C. The audit committee of the board consists of the chief executive officer, the chief financial officer, and a major shareholder. D.
The controller reports to the chief financial officer.
Answer (C) is correct. The audit committee has a control function because of its oversight of internal as well as external auditing. It should be made up of directors who are independent of management. The authority and independence of the audit committee strengthen the position of the internal audit activity.
A. This reporting relationship is a strength. It prevents the information systems operation from being dominated by a user. B. It is a normal and appropriate reporting relationship. D. It is a normal and appropriate reporting relationship.
35. An audit committee of the board of directors of an organization is being established. Which of the following is normally a responsibility of the committee with regard to the internal audit activity? A.
Approval of the selection and dismissal of the chief audit executive.
B.
Development of the annual engagement work schedule.
C.
Approval of engagement work programs.
D.
Determination of engagement observations appropriate for specific engagement communications.
Answer (A) is correct. Independence is enhanced when the board concurs in the appointment or removal of the CAE. The audit committee is a subcommittee of outside directors who are independent of management. The term “board” includes the audit committee.
B. Development of the annual engagement work schedule is an operational function of the CAE and the internal audit activity staff. A summary of the (1) audit plan, (2) work schedule, (3) staffing plan, and (4) financial budget is submitted annually to senior management and the board. C. Approval of engagement work programs is a technical responsibility of the internal audit activity staff. D. The determination of engagement observations appropriate communications is a field operation of the internal audit activity staff.
for
specific
engagement
36. What is the reason the CAE must have direct and unrestricted access to the board?
A. The board is composed of financial experts and are a great resource for collaboration on financial decisions. B.
The internal audit activity needs to achieve organizational independence.
C.
Stock exchanges require that all listed organizations have an audit committee.
D. The CAE must build and maintain strong constructive relationships with managers and other stakeholders.
Answer (B) is correct. The CAE must have direct and unrestricted access to senior management and the board for the internal audit activity to achieve organizational independence. The CAE should report functionally to the board. The IIA defines a board, in part, as “[t]he highest level governing body . . . charged with the responsibility to direct and/or oversee the organization’s activities and hold senior management accountable.”
A. Being a financial expert is not a requirement to serve on a board. Boards are often made up of a diverse group of individuals. The board is the highest level governing body for the organization and is not a resource for the CAE to assist with the making of financial decisions. C. Many stock exchanges require that all listed organizations have an audit committee. However, this is not the reason the CAE must have direct and unrestricted access to senior management and the board. D. According to Sawyer’s Guide for Internal Auditors, 6th edition, for internal auditors to be effective, they must build and maintain strong constructive relationships with managers and other stakeholders within the organization. But this does not explain why the CAE must have direct and unrestricted access to senior management and the board.
37. Which of the following statements regarding the external auditor is true?
A.
Disputes between the external auditor and management are resolved through an arbitrator.
B. Review of the external auditor’s internal control and audit reports during each engagement is done by a different accounting firm.
C.
The external auditor’s work is overseen and reviewed by the audit committee.
D.
Negotiation of the external auditor’s fee is the responsibility of the corporate officers.
Answer (C) is correct. The most important function of the audit committee is to promote the independence of the internal and external auditors by protecting them from management’s influence. The audit committee (1) selects the external auditing firm and negotiates its fee, (2) oversees and reviews the work of the external auditor, (3) resolves disputes between the external auditor and management, and (4) reviews the external auditor’s internal control and audit reports.
A. Disputes between the external auditor and management are resolved through the audit committee, not an arbitrator. B. The audit committee, not a different accounting firm, is responsible for reviewing the external auditor’s internal control and audit reports. However, accounting firms often perform peer reviews on a periodic basis. C. The audit committee, not the corporate officers, is responsible for negotiating the external audit fee.
38. Johnny Hagert, Chief Audit Executive, is determining the sufficiency of his resource allocation. Mr. Hagert must consider all of the following except
A.
Communication received from management and the board.
B.
The audit universe.
C.
Knowledge of the internal audit staff.
D.
Consequences of not completing the engagement on time.
Answer (B) is correct. Sufficiency relates to the quantity of resources needed to accomplish the audit plan. The audit universe includes all possible audits within an organization. The audit plan only includes a portion of those audits. A. To determine the sufficiency of resource allocation, the CAE must consider all relevant factors, including (1) communications received from management and the board; (2) information about ongoing and new engagements; (3) consequences of not completing an engagement on time; and (4) knowledge, skills, and competencies of the internal audit staff. C. To determine the sufficiency of resource allocation, the CAE must consider all relevant factors, including (1) communications received from management and the board; (2) information about ongoing and new engagements; (3) consequences of not completing an engagement on time; and (4) knowledge, skills, and competencies of the internal audit staff.
D. To determine the sufficiency of resource allocation, the CAE must consider all relevant factors, including (1) communications received from management and the board; (2) information about ongoing and new engagements; (3) consequences of not completing an engagement on time; and (4) knowledge, skills, and competencies of the internal audit staff.
39. Gator Financial Service is considering outsourcing its internal audit activity. Gator Financial Service
A.
Cannot outsource the activity because it will impair the effectiveness of the engagement.
B. Can outsource the services as long as it places responsibility for maintaining effective internal controls in the hands of the external auditor. C.
Must outsource all internal audit activity to maintain independence.
D. Can outsource the services as long as Gator Financial Service continues to have the responsibility for maintaining effective internal controls.
Answer (D) is correct. An organization’s governing body may decide that an external service provider is the most effective means of obtaining internal audit services. In these cases, Performance Standard 2070 requires that the external audit service provider remind the organization that the responsibility for maintaining effective internal controls lies with the organization.
A. An organization’s governing body may decide that an external service provider is the most effective means of obtaining internal audit services. B. An organization’s governing body may decide that an external service provider is the most effective means of obtaining internal audit services. In these cases, the external audit service provider must remind the organization that the responsibility for maintaining effective internal controls lies with the organization. C. The internal audit function is most often performed through internal sources and does not impair the independence of the engagement.
40. Which of the following parties is (are) primarily responsible for resource management in an internal auditing engagement? 1. The chief audit executive 2. Senior management 3. The board of directors
A.
1 and 2.
B.
2 and 3.
C.
1 only.
D.
1 and 3.
Answer (C) is correct. The CAE is primarily responsible for the sufficiency and management of resources of the internal audit activity, including communication of needs and status to senior management and the board. These parties must ensure the adequacy of resources.
A. Senior management is not primarily responsible for the sufficiency and management of resources of the internal audit activity. Senior management and the board must ensure the adequacy of resources. B. Senior management and the board of directors are not primarily responsible for the sufficiency and management of resources of the internal audit activity. These parties must ensure the adequacy of resources. D. The board of directors is not primarily responsible for the sufficiency and management of resources of the internal audit activity. Senior management and the board must ensure the adequacy of resources.
41. Which of the following statements about the chief audit executive’s responsibilities for internal audit resources is most accurate?
A. The CAE is responsible for ensuring that audit coverage is based on the skills of the internal audit activity. B.
The CAE is responsible for presenting a detailed summary of audit resources to management.
C. The CAE is responsible for the effective deployment of resources to achieve the approved audit plan. D.
The CAE is responsible for administering the organization’s compensation program.
Answer (C) is correct. The CAE must ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved audit plan. This responsibility includes the effective communication of resource needs and reporting of status to senior management and the board.
A. The CAE has responsibility for ensuring that the skills assessment is driven by the needs of the audit coverage, not by the capabilities already present in the internal audit activity. B. The CAE has responsibility for presenting a detailed summary of the status and adequacy of internal audit resources to the board. D. The human resources (personnel) department ordinarily is responsible for administering the organization’s compensation program.
42. Internal audit resources should be appropriate, sufficient, and effectively deployed. Consequently,
A.
Resource planning should be limited to expected activities.
B.
The chief audit executive should perform a periodic skills assessment.
C.
Only members of the internal audit staff should perform internal audit activities.
D.
The chief audit executive ultimately must ensure the adequacy of resources.
Answer (B) is correct. The skills, technical knowledge, and capabilities of the internal audit staff should be appropriate for the planned work. Thus, the chief audit executive should perform a periodic skills assessment based on the needs identified in the risk assessment and the audit plan.
A. Resource planning considers (1) the audit universe, (2) relevant risks, (3) the internal audit plan, (4) coverage expectations, and (5) an estimate of unexpected activities. C. The CAE’s consideration of resourcing needs and available resources should address whether needed skills are present. If not, other appropriate ways to meet needs include (1) external service providers, (2) specialized consultants, or (3) other employees of the organization. D. The CAE is primarily responsible for the sufficiency and management of internal audit resources, including communication of needs and status, to senior management and the board. These parties ultimately must ensure the adequacy of internal audit resources.
43. When determining the number and experience level of an internal audit staff to be assigned to an engagement, the chief audit executive should consider which of the following? 1. Complexity of the engagement. 2. Length of the engagement. 3. Available internal audit activity resources. 4. Lapsed time since the last engagement.
A.
1 and 2 only.
B.
2 and 3 only.
C.
1 and 3 only.
D.
1, 2, 3, and 4.
Answer (C) is correct. The complexity of the engagement determines the experience and skills required of the assigned staff. Available resources also are a factor in a staffing decision. A. Length of the engagement is not a factor affecting engagement staffing. B. Length of the engagement is not a factor affecting engagement staffing. D. Length of the engagement is not a factor affecting engagement staffing. Lapsed time since the last engagement is a factor affecting engagement scheduling, not staffing.
44. Which of the following statements most accurately reflects the chief audit executive’s responsibilities for internal audit resources?
A. The CAE is responsible for ensuring that audit coverage is based on the periodic skills assessment. B. The CAE is responsible for evaluating the detailed summary of audit resources presented by management to the board. C.
The CAE is not responsible for such human resource functions as evaluation and development.
D. The CAE is responsible for communicating resource needs to the board but has no explicit responsibility for administering the organization’s compensation program.
Answer (D) is correct. The CAE must ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan. This includes the effective communication of resource needs and reporting of status to senior management and the board. Responsibility for administering the organization’s compensation program normally resides in the human resources (personnel) area.
A. The CAE has responsibility for ensuring that the skills assessment is driven by the needs of the audit coverage, not by the capabilities already present in the internal audit activity. B. The CAE has responsibility for presenting a detailed summary of the status and adequacy of internal audit resources to the board.
C. The CAE has responsibility for considering human resource disciplines, such as succession planning and staff evaluation and development programs.
45. The most important reason for the chief audit executive to ensure that the internal audit department has adequate and sufficient resources is to
A.
Ensure that the function is adequately protected from outsourcing.
B.
Demonstrate sufficient capability to meet the audit plan requirements.
C.
Establish credibility with the audit committee and management.
D.
Fulfill the need for effective succession planning.
Answer (B) is correct. The CAE must ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan (Perf. Std. 2030).
A. The decision to outsource the internal audit function is not primarily based on existing resources. C. The amount of resources is not a significant factor in establishing credibility. D. Succession planning is not related to the amount of audit resources.
46. The internal audit activity has recently experienced the departure of two internal auditors who cannot be immediately replaced due to budget constraints. Which of the following is the least desirable option for efficiently completing future engagements, given this reduction in resources?
A.
Using self-assessment questionnaires to address audit objectives.
B.
Employing information technology in audit planning, sampling, and documentation.
C.
Eliminating consulting engagements from the engagement work schedule.
D.
Filling vacancies with personnel from operating departments that are not being audited.
Answer (C) is correct.
The chief audit executive must ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan (Perf. Std. 2030). The audit schedule is reduced as a last resort once all other alternatives have been explored, including the request for additional resources.
A. Using self-assessment questionnaires is an efficient means of addressing the objectives of certain internal audits. B. Use of technology is an appropriate means of achieving efficiencies in audit execution. D. Using operating personnel with internal audit expertise and corporate experience is an appropriate way to enhance internal audit resources.
47. Numerous environmental laws and regulations have recently changed. Senior management has asked the chief audit executive to perform an environmental audit to be completed as soon as possible. The internal audit activity currently is performing an operational audit. As a result, the chief audit executive must make difficult decisions about resource allocation. Which of the following is the least significant issue in determining whether to reallocate audit resources?
A.
The potential fraud discovered during the operational audit.
B. Potential cost to the organization for noncompliance with the new environmental laws and regulations. C.
The knowledge, skills, and competencies of the internal audit staff.
D.
The results from the prior financial audits.
Answer (D) is correct. When determining resource allocation under time constraints, the auditor must consider all relevant factors. Relevant factors include (1) information about both the ongoing and new engagement; (2) the consequences of not completing either engagement in a timely manner; and (3) the knowledge, skills, and competencies of the internal audit staff. Information about other unrelated engagements, such as prior financial audits, is irrelevant.
A. The potential fraud or other illegal actions discovered during the operational audit are relevant. Fraud always must be evaluated for its effect on achievement of organizational objectives. B. Potential consequences, such as fines, penalties, and legal action, may be material. C. The knowledge, skills, and competencies of the internal audit staff are crucial. Proficiency is an ethical obligation of internal auditors.
48. When assigning individual staff members to actual engagements, internal auditing managers are faced with a number of important considerations related to needs, abilities, and skills. Which of the following is the least appropriate criterion for assigning a staff internal auditor to a specific engagement?
A.
The staff internal auditor’s desire for training in the area.
B.
The complexity of the engagement.
C.
The experience level of the internal auditor.
D.
Special skills possessed by the staff internal auditor.
Answer (A) is correct. A staff internal auditor’s desire for specific training is necessarily secondary to carrying out the responsibilities of the internal audit activity with regard to proper staffing.
B. The complexity of the engagement determines the experience and skills required of the assigned staff. C. Experience is a factor in a staffing decision. D. Special expertise is a factor in a staffing decision.
49. Staff members of the internal audit activity should be assigned to engagements and training projects that will enable them to develop their potential. Which of the following should be the most important consideration in making assignments that will allow staff members to develop properly?
A.
The skills and experience levels of individual auditors.
B.
Specific training requirements imposed by the Standards.
C.
The importance of giving all staff members extensive supervisory experience.
D.
Special interests of individual staff members.
Answer (A) is correct.
The program for selecting and developing the human resources of the internal audit activity should provide for written job descriptions for each level of the staff, selection of qualified and competent individuals, training and continuing educational opportunities, performance appraisals at least annually, and counsel on performance and professional development. Obviously, work assignments inconsistent with an internal auditor’s abilities will defeat the purposes of human resources development.
B. The Standards contain no specific requirements. C. All staff members may not be ready for supervisory responsibility. D. Although interests are not irrelevant, they are secondary to skills and experience.
50. In selecting an instructional strategy for developing internal audit staff, a chief audit executive begins by reviewing
A.
Organizational objectives.
B.
Learning content.
C.
Learners’ readiness.
D.
Budget constraints.
Answer (A) is correct. The chief audit executive must ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan (Perf. Std. 2030). The approved plan must be consistent with the goals of the organization.
B. The learning content cannot be prepared without first reviewing the organizational objectives. C. Learners’ readiness should be considered later in the program development process. D. Budget constraints should be considered later in the process.
51. The advantage attributed to the establishment of internal auditing field offices for work at foreign locations is best described as
A.
The possibility of increased objectivity of personnel assigned to a field office.
B.
A reduction of travel time and related travel expense.
C.
The increased ease of maintaining uniform organization-wide standards.
D.
More contact with senior personnel leading to an increase in control.
Answer (B) is correct. The advantages of field offices compared with sending internal auditors from the home office include (1) reduced travel time and expense, (2) improved service in the operating locations served by the field offices, (3) better morale of internal auditors as a result of increased authority, and (4) the possibility of employing persons who do not wish to travel.
A. Field office personnel are more likely to lose objectivity through increased contact with engagement client personnel in the area served. C. Maintenance of organization-wide standards is more difficult after decentralization. D. Contact with and control over field office personnel will be reduced.
52. According to the International Professional Practices Framework, the CAE must ensure that internal audit resources are
A.
Relevant, adequate, and practical.
B.
Applicable, competent, and well-founded.
C.
Appropriate, sufficient, and effectively deployed.
D.
Suitable, satisfactory, and competently displayed.
Answer (C) is correct. According to Performance Standard 2030, Resource Management, “The chief audit executive must ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan.” As stated in the Interpretation of Standard 2030, “Appropriate refers to the mix of knowledge, skills, and other competencies needed to perform the plan. Sufficient refers to the quantity of resources needed to accomplish the plan. Resources are effectively deployed when they are used in a way that optimizes the achievement of the approved plan.”
A. “Relevant, adequate, and practical” are not attributes of the internal audit resources defined in the IPPF. B. “Applicable, competent, and well-founded” are not attributes of the internal audit resources defined in the IPPF. D. “Suitable, satisfactory, and competently displayed” are not attributes of the internal audit resources defined in the IPPF.
53. According to the International Professional Practices Framework, internal audit resources are effectively deployed when
A.
The internal audit staff has the necessary attributes for the planned activities.
B.
The resources needed to accomplish the plan are adequate.
C.
There are more opportunities to achieve operating benefits for the engagement client.
D.
They are used in a way that optimizes the achievement of the approved plan.
Answer (D) is correct. According to the Interpretation of Standard 2030, “Resources are effectively deployed when they are used in a way that optimizes the achievement of the approved plan.” The CAE is primarily responsible for the sufficiency and management of resources, including communication of needs and status to senior management and the board. Resources are effectively deployed by assigning qualified auditors and developing an appropriate resourcing approach and organizational structure.
A. The internal audit staff should have the necessary attributes for the planned audit activities. Whether or not the audit staff has the attributes needed does not determine whether the audit resources are effectively allocated. B. The resources needed to accomplish the approved audit plan must be sufficient. Sufficient refers to the quantity of resources needed to accomplish the plan. But the sufficiency of internal audit resources does not indicate that resources are effectively deployed. C. The achievement of operating benefits for the engagement client is not a consideration in the effective deployment of audit resources.
54. In managing internal audit resources, the CAE considers all of the following except
A.
Benchmarking.
B.
Succession planning.
C.
Staff evaluation and development.
D.
Resourcing needs.
Answer (A) is correct.
Benchmarking is a continuous evaluation of the practices of the best organizations in their class and the adaptation of processes to reflect the best of these practices. It is not used in managing internal audit resources. In managing internal audit resources, the CAE considers succession planning, staff evaluation and development, and other human resource disciplines. The CAE also addresses resourcing needs, including whether those skills are present in the internal audit staff.
B. The CAE considers succession planning when managing internal audit resources. Through succession planning, organizations prepare employees for advancement. C. The CAE considers staff evaluation and development when managing internal audit resources. The CAE considers whether the competencies of the internal audit staff are appropriate for the planned activities D. The CAE is primarily responsible for the sufficiency and management of resources, including communication of needs and status to senior management and the board. These parties ultimately must ensure the adequacy of resources.
55. In addressing internal audit resource needs for a complex engagement, the CAE may include all of the following except
A.
Other employees of the organization.
B.
Members of the audit committee.
C.
Specialized consultants.
D.
External service providers.
Answer (B) is correct. Resources must be effectively deployed by assigning qualified auditors and developing an appropriate resourcing approach and organizational structure. Additionally, resources need to be sufficient for audit activities to be performed in accordance with the expectations of senior management and the board. Members of the audit committee may not be employees of the organization except in their capacity as a board member. Therefore, an audit committee member should not be included in addressing internal audit resource needs. The CAE may meet these needs through external service providers, specialized consultants, or other employees of the organization.
A. Using other employees of the organization is an appropriate way to meet the additional resource needs of the internal audit activity. C. Specialized consultants may be used as a resource for a complex engagement. D. External service providers may be considered by the CAE to meet the resource needs for an engagement.
56.Which of the following is the best source of a chief audit executive’s information for planning staffing requirements?
A.
Discussions of internal audit needs with senior management and the board.
B.
Review of internal audit staff education and training records.
C. Review internal audit staff size and composition of similarly sized organizations in the same industry. D.
Interviews with existing internal audit staff.
Answer (A) is correct. Ensuring the sufficiency of internal audit resources is ultimately a responsibility of the organization’s senior management and board. The CAE should assist them in discharging this responsibility (PA 2030-1, para. 1).
B. The scheduled work is the first consideration in determining the number and qualifications of the staff required. Review of staff education and training records is a subsequent step. C. The staffing plan must consider the unique needs of a particular organization. The review of staff size and composition of similarly sized organizations in the same industry may not satisfy the engagement objectives for a particular organization D. The scheduled work is the first consideration in determining the number and qualifications of the staff required. Interviews with existing staff occur later.
57. The capabilities of individual staff members are key features in the effectiveness of an internal audit activity. What is the primary consideration used when staffing an internal audit activity?
A.
Background checks.
B.
Job descriptions.
C.
Continuing education.
D.
Organizational orientation.
Answer (B) is correct. The skills, capabilities, and technical knowledge of the internal audit staff are to be appropriate for the planned activities (PA 2030-1, para. 2). Properly formulated job descriptions provide a basis for
identifying job qualifications (including training and experience). Hence, they facilitate recruiting human resources with the necessary attributes.
A. Background checks help ensure that statements made by prospective employees are accurate. However, they are not the primary requisite. C. Continuing education occurs after the proper people are hired. D. A thorough orientation helps the new employee become productive more rapidly. However, it will not compensate for hiring the wrong person.
58.By comparing job descriptions with the qualifications and duties of the individuals currently holding those jobs, a manager can
A.
Complete the human resource planning cycle.
B.
Determine whether the organization is appropriately staffed.
C.
Forecast future personnel needs.
D.
Determine which employees should be promoted.
Answer (B) is correct. A job description summarizes the duties and qualifications required for a job. It is prepared based on a job analysis, which is a systematic procedure for observing work and determining what tasks should be accomplished to achieve organizational goals. By comparing the job description with the actual employees and their qualifications, a manager can determine whether the organization has placed appropriate individuals in jobs best suited to their abilities.
A. The human resource planning cycle refers to the entire process. Examining job descriptions is merely a part of the job analysis process. C. A forecast of future needs requires knowledge of future plans and a projection of resource and staff requirements. D. To determine which employees should be promoted, a manager needs performance data.
59. When determining the number and experience level of an internal audit staff to be assigned to an engagement, the chief audit executive should consider all of the following except the
A.
Complexity of the engagement.
B.
Available internal audit activity resources.
C.
Training needs of internal auditors.
D.
Lapsed time since the last engagement.
Answer (D) is correct. Lapsed time since the last engagement is a factor affecting engagement scheduling, not staffing. A. The complexity of the engagement determines the experience and skills required of the assigned staff. B. Available resources are a factor in a staffing decision. C. The training needs of individual auditors are a factor in a staffing decision.
60. In most organizations, the rapidly expanding scope of internal auditing responsibilities requires continual training. What is the main purpose of such a training program?
A.
To comply with continuing education requirements of professional organizations.
B.
To use slack periods in engagement scheduling.
C.
To help individuals to achieve personal career goals.
D.
To achieve both individual and organizational goals.
Answer (D) is correct. By being informed and up to date, internal auditors are better prepared to reach their personal goals. In addition, internal audit responsibilities are more readily discharged by auditors having the required knowledge, skills, and other competencies.
A. The CAE should establish a program for selecting and developing human resources, but compliance with continuing education requirements of professional organizations is not the primary purpose. B. Training can be conducted during slack periods, but this is not the primary objective C. Both personal and internal audit goals should be achieved.
61. Although all the current members of an internal audit activity have good records of performance, the manager is not sure if any of the members are ready to assume a management role. Which of the following is an advantage of bringing in an outsider rather than promoting from within?
A.
Management training costs are reduced when a qualified outsider is hired.
B.
The manager can be sure that the new position will be filled by a competent employee.
C.
Bringing in an outsider is a less expensive alternative than promoting from within.
D.
The “modeling” effect is strengthened by bringing in a new role model.
Answer (A) is correct. Hiring an experienced manager reduces management training costs because the person has already been trained. B. The manager is relying on outside information to evaluate the candidate and cannot be certain the employee is competent until (s)he begins work. C. Hiring an outsider is usually more expensive than promoting from within. D. The “modeling” effect occurs when employees see that deserving co-workers are promoted to better-paying, higher-status jobs.
62. Exchange of engagement communications and management letters by internal and external auditors is
A.
Consistent with the coordination responsibilities of the chief audit executive.
B.
Not consistent with the independence guidelines of the Standards.
C.
A violation of the Code of Ethics.
D.
Not addressed by the Standards
Answer (A) is correct. Exchange of engagement communications and management letters is properly a component of coordination between internal and external audit.
B. The standard independence guidelines are not relevant to this exchange between internal and external auditors. C. The exchange does not violate the Code of Ethics D. The Standards address the coordination of internal and external auditing work
63. Coordination of internal and external auditing can reduce the overall costs. Who is responsible for actual coordination of internal and external auditing efforts?
A.
The chief audit executive.
B.
The external auditor.
C.
The board.
D.
Management.
Answer (A) is correct. Coordination of internal and external audit work is the responsibility of the CAE. The CAE obtains the support of the board to coordinate audit work effectively.
B. The external auditor is an interested party but not one that has direct responsibility for coordinating internal and external auditing efforts. C. The board has oversight responsibility, but the CAE is responsible for the actual coordination of internal and external auditing work. D. Management is an interested party but not one that has direct responsibility for coordinating internal and external auditing efforts.
64. Which of the following are responsibilities of the chief audit executive (CAE)? 1. Coordinating activities with other providers of assurance and consulting services. 2. Understanding the work of external auditors. 3. Providing sufficient information to the external auditors to permit them to understand the internal auditors’ work.
A.
1 and 2 only.
B.
2 and 3 only.
C.
1 and 3 only.
D.
1, 2, and 3.
Answer (D) is correct. Organizations may use the work of external auditors to provide assurance related to activities within the scope of internal auditing. In these cases, the CAE takes the steps necessary to understand the work performed by the external auditors. Moreover, the external auditor may rely on the work of the internal audit activity in performing their work. In this case, the CAE needs to provide sufficient information to enable external auditors to understand the internal auditor’s techniques, methods, and terminology to facilitate reliance by external auditors on work performed.
A. Providing sufficient information to the external auditors to permit them to understand the internal auditors’ work is a responsibility of the CAE when external auditors rely on the internal audit activity’s work. B. Coordinating activities with other providers of assurance and consulting services is a responsibility of the CAE. C. Understanding the work of external auditors is necessary whenever external auditors provide assurance about matters within the scope of the internal audit activity.
65. Which of the following is responsible for coordination of internal and external audit work?
A.
The board.
B.
The chief audit executive.
C.
Internal auditors.
D.
External auditors.
Answer (B) is correct. Oversight of the work of external auditors, including coordination with the internal audit activity, is the responsibility of the board. Coordination of internal and external audit work is the responsibility of the chief audit executive (CAE). The CAE obtains the support of the board to coordinate audit work effectively.
A. The board oversees but is not actually responsible for the coordination. C. Internal auditors carry out the coordinated directions from the CAE D. External auditors perform their work in coordination with information provided by the CAE.
66. Coordinating internal and external audit activity can increase efficiency by using which of the following? 1. Similar techniques 2. Similar methods 3. Similar terminology
A.
1 only.
B.
1 and 3 only.
C.
1 and 2 only.
D.
1, 2, and 3.
Answer (D) is correct. It may be efficient for internal and external auditors to use similar techniques, methods, and terminology to coordinate their work effectively and to rely on the work of one another.
A. Similar methods and terminology also increase efficiency. B. Similar methods also increase efficiency. C. Similar terminology also increases efficiency.
67. Who has primary responsibility for providing information to the board on the professional and organizational benefits of coordinating internal audit activities with those of other providers of similar services?
A.
The external auditor.
B.
The chief audit executive.
C.
The chief executive officer.
D.
Each assurance and consulting function.
Answer (B) is correct. The chief audit executive should share information and coordinate activities with other internal and external providers of assurance and consulting services to ensure proper coverage and minimize duplication of efforts (Perf. Std. 2050). The CAE also must periodically report to the board and senior
management on the internal audit activity’s purpose, authority, responsibility, and performance (Perf. Std. 2000).
A. The CAE is responsible for ensuring that the internal audit activity’s work maximizes the benefits achievable from coordination with other assurance and consulting activities. Comments on this function should always form part of any activity reports by the CAE, not the external auditor, to the board. C. The CEO normally is not responsible for planning, work, and coordination related to internal audit assurance and consulting engagements or coordination with other assurance and consulting activities. D. Not all other assurance and consulting activities are organizationally responsible to the board for their work. Moreover, they may not have the opportunity to report information directly to the board.
68. Which of the following is a false statement about the relationship between internal auditors and external auditors?
A.
Oversight of the work of external auditors is the responsibility of the chief audit executive.
B. Sufficient meetings are scheduled between internal and external auditors to ensure timely and efficient completion of the work. C. Internal and external auditors may exchange engagement communications and management letters. D. Internal auditors may provide engagement work programs and working papers to external auditors.
Answer (A) is correct. Oversight of the work of external auditors, including coordination with the internal audit activity, is the responsibility of the board. Coordination of internal and external audit work is the responsibility of the CAE (Perf. Std. 2050).
B. Coordination between internal and external auditors involves, among other things, sufficient meetings to both ensure coordination of work and efficient and timely completion of activities and to determine whether observations and recommendations from work performed to date require that the scope of planned work be adjusted. C. Coordination between internal and external auditors involves, among other things, access to internal audit communications and external auditors’ management letters. D. Coordination between internal and external auditors involves, among other things, access to each other’s work programs and working papers.
69. To improve their efficiency, internal auditors may rely upon the work of external auditors if it is
A.
Performed after the internal auditing work.
B.
Primarily concerned with operational objectives and activities.
C.
Coordinated with internal auditing work.
D.
Conducted in accordance with the Code of Ethics.
Answer (C) is correct. Organizations may use the work of external auditors to provide assurance related to activities within the scope of internal auditing. Coordination of internal and external audit work is the responsibility of the CAE (Perf. Std. 2050).
A. Duplication of effort may result if the external audit is performed after the internal auditing engagement. B. Internal auditing encompasses both financial and operational objectives and activities. Thus, internal auditing coverage could also be provided by external audit work that included primarily financial objectives and activities. D. External auditing work is conducted in accordance with auditing standards generally accepted in the host country.
70. Fact Pattern: You are the chief audit executive of a parent organization that has foreign subsidiaries. Independent external audits performed for the parent are not conducted by the same firm that conducts the foreign subsidiary audits. Because the internal audit activity occasionally provides direct assistance to both external firms, you have copies of audit programs and selected working papers produced by each firm.
The foreign subsidiary’s auditors would like to rely on some of the work performed by the parent organization’s audit firm, but they need to review the working papers first. They have asked you for copies of the working papers of the parent organization’s audit firm. What is the most appropriate response to the foreign subsidiary’s auditors? A.
Provide copies of the working papers without notifying the parent’s audit firm.
B. Notify the parent’s auditors of the situation and request that they either provide the working papers or authorize you to do so. C.
Provide copies of the working papers and notify the parent’s audit firm that you have done so.
D.
Refuse to provide the working papers under any circumstances.
Answer (B) is correct. Organizations may use the work of external auditors to provide assurance related to activities within the scope of internal auditing. In these cases, the CAE takes the steps necessary to understand the work performed by the external auditors, including access to the external auditors’ programs and working papers. Internal auditors are responsible for respecting the confidentiality of those programs and working papers.
A. The working papers are the property of the parent’s external auditors, and their confidentiality should be respected. C. The external auditors must give prior authorization for the release of their working papers. D. The CAE has the responsibility to ensure proper coordination with external auditors.
71. Fact Pattern: You are the chief audit executive of a parent organization that has foreign subsidiaries. Independent external audits performed for the parent are not conducted by the same firm that conducts the foreign subsidiary audits. Because the internal audit activity occasionally provides direct assistance to both external firms, you have copies of audit programs and selected working papers produced by each firm.
The foreign subsidiary’s external audit firm wants to rely on an audit of a function at the parent organization. The audit was conducted by the internal audit activity. To place reliance on the work performed, the foreign subsidiary’s auditors have requested copies of the working papers. What is the most appropriate response to the foreign subsidiary’s auditors? A.
Provide copies of the working papers.
B.
Ask the parent’s audit firm if it is appropriate to release the working papers.
C.
Ask the board for permission to release the working papers.
D.
Refuse to provide the working papers under any circumstances.
Answer (A) is correct. Coordination involves access to each other’s work programs, working papers, and reports (IG 2050). Access is provided to external auditors for them to be satisfied as to the acceptability, for external audit purposes, of relying on the internal auditors’ work.
B. The working papers are the property of the organization. The responsibility of the CAE is to maintain the security of the working papers and to coordinate efforts with the external auditors. Thus, the decision belongs not to the parent’s external auditors but to the CAE. C. Access to working papers by external auditors is subject to the approval of the CAE. D. The CAE ensures proper coordination with external auditors by, among other things, granting the external auditors access to the internal auditors’ working papers.
72. Which of the following is not a true statement about the relationship between internal auditors and external auditors?
A.
External auditors must assess the competence and objectivity of internal auditors.
B. There may be periodic meetings between internal and external auditors to discuss matters of mutual interest. C.
There may be an exchange of engagement communications and management letters.
D. Internal auditors may provide engagement work programs and working papers to external auditors. Answer (A) is correct. The external auditor assesses the objectivity and competence of the internal auditors only if (s)he intends to rely on their work.
B. The relationship involves intermittent meetings to determine whether the timing of planned work needs to be revised. C. The relationship involves reasonable mutual access to engagement communications and management letters. D. The relationship involves reasonable mutual access to engagement work programs, working papers, and reports.
73. Assessments of the work of external auditors may be made by the chief audit executive
A.
When the external auditor is appointed.
B.
When the CAE oversees their work.
C.
When their work is relied upon by the internal auditors.
D.
As part of the evaluation of the coordination between the internal and external auditors.
Answer (D) is correct. The CAE is responsible for regular evaluations of the coordination between internal and external auditors. Such evaluations may also include assessments of the overall efficiency and effectiveness of internal and external audit activities, including aggregate audit cost. The CAE communicates the results of these evaluations to senior management and the board, including relevant comments about the performance of external auditors.
A. The assessment is part of the regular evaluation of the coordination of audit work. B. The board oversees external audit work. C. The assessment arises from the evaluation of coordination, not reliance.
74. An internal audit activity is often requested to coordinate its work with that of the external auditors. Which of the following activities is most likely to be restricted to the external auditor?
A.
Evaluating the system of controls over cash collections and similar transactions.
B.
Attesting to the fairness of presentation of cash position.
C.
Evaluating the adequacy of the organization’s overall system of internal controls.
D.
Reviewing the system established to ensure compliance with laws, regulations, and contracts.
Answer (B) is correct. Professional standards place sole responsibility for the attest function on the external auditors. Only the external auditors have the necessary independence to permit the provision of assurance to external parties. Unlike circumstances in which the external auditors use the work of other independent auditors, the responsibility cannot be shared with the internal auditors.
A. Evaluating controls is part of the internal auditor’s scope of work. C. Senior management and the board normally expect that the internal audit activity will perform sufficient engagement work and gather other available information during the year to form an overall
judgment about the adequacy and effectiveness of the control process. The CAE should communicate that judgment to senior management and the board. D. Evaluating compliance is part of the internal auditor’s scope of work.
75.Which of the following statements is true regarding coordination of internal and external auditing efforts?
A. The chief audit executive should not give information about illegal acts to an external auditor because external auditors may be required to report the matter to the board or regulatory agencies. B. Ownership and the confidentiality of the external auditor’s working papers prohibit their review by internal auditors. C. The chief audit executive should determine that appropriate follow-up and corrective action was taken by management when required regarding matters discussed in the external auditor’s management letter. D. If internal auditors provide assistance to the external auditors in connection with the annual audit, such assistance is not subject to the Standards.
Answer (C) is correct. Internal auditors need access to the external auditors’ presentation materials and management letters. Matters discussed in presentation materials and included in management letters need to be understood by the CAE and used as input to internal auditors in planning the areas to emphasize in future internal audit work. After review of management letters and initiation of any needed corrective action by appropriate members of senior management and the board, the CAE should ensure that appropriate follow-up and corrective actions have been taken.
A. Internal auditors should give external auditors access to their engagement work programs, working papers, and communications. Thus, information about illegal acts should be communicated to the external auditor. B. Internal auditors and external auditors may grant access to each other’s working papers. D. All work done by internal auditors should be done in accordance with the Standards.
76. The chief audit executive plans to meet with the independent external auditor to discuss joint efforts regarding an upcoming external audit of the organization’s pension plan. The
independent external auditor has performed all external audit work in this area in the past. The CAE’s objective is to
A.
Determine whether work in this area could not be performed exclusively by the internal auditors.
B. Coordinate the external audit so as to fulfill professional responsibilities and not duplicate work of the independent external auditor. C. Ascertain which account balances have been tested by the independent external auditor so that the internal auditors may test the internal controls to determine the reliability of these balances. D. Determine whether the independent external auditor’s techniques, methods, and terminology should be used by internal auditors in this area to conform with past work or to use techniques consistent with those used by other internal auditors.
Answer (B) is correct. Planned audit activities of internal and external auditors need to be discussed to ensure that audit coverage is coordinated and duplicate efforts are minimized if possible.
A. The independent external auditor is not permitted to delegate certain work to the internal auditors, for example, the verification of material account balances related to a pension plan. C. Testing internal controls to determine the reliability of account balances is an example of duplicate work. D. Common understanding of techniques, methods, and terminology is involved in coordination of activities with other internal and external providers of relevant assurance and consulting services, and the use of common techniques, methods, and terminology may be efficient. However, the objective of coordination of efforts is to ensure adequate engagement coverage and to minimize duplication of efforts, not to determine whether one set of techniques should be used to the exclusion of another.
77. If a department outside of the internal audit activity is responsible for reviewing a function or process, the internal auditors should
A.
Consider the work of the other department when assessing the function or process.
B.
Ignore the work of the other department and proceed with an independent audit.
C.
Reduce the scope of the audit since the work has already been performed by the other department.
D.
Yield the responsibility for assessing the function or process to the other department.
Answer (A) is correct.
The chief audit executive should share information and coordinate activities with other internal and external providers of relevant assurance and consulting services to ensure proper coverage and minimize duplication of efforts (Perf. Std. 2050). This standard applies not only to external auditors but also to other “providers,” such as regulatory bodies (e.g., governmental auditors) and certain of the organization’s other subunits (e.g., a health and safety department). Review and testing of the other department’s work may reduce necessary audit coverage of the function or process.
B. Concentrating on the function or process might lead to a duplication of efforts. C. The internal auditor cannot rely on the work of others without verifying the results. D. The internal audit activity’s overall responsibility for assessing the function or process is not affected by the other department’s coverage.
78. Several members of an organization’s senior management have questioned whether the internal audit activity should report to the newly established quality audit function as part of the total quality management process within the organization. The chief audit executive (CAE) has reviewed the quality audit standards and the programs that the quality audit manager has proposed. The CAE’s response to senior management should include which of the following?
A. Changing the applicable standards for internal auditing within the organization to provide compliance with quality audit standards. B. Changing the qualification requirements for new staff members to include quality audit experience. C. Estimating departmental cost savings that would result from the elimination of the internal audit activity. D. Identifying appropriate liaison activities with the quality audit function to ensure coordination of audit schedules and overall audit responsibilities.
Answer (D) is correct. The CAE should share information, coordinate activities, and consider relying upon the work of other internal and external assurance and consulting providers to ensure proper coverage and minimize duplication of efforts (Perf. Std. 2050). The quality audit function is an internal assurance and consulting provider. Thus, whether reporting administratively to the quality audit function or to senior management, the CAE should identify appropriate liaison activities with the quality audit function to ensure coordination of audit schedules and overall audit responsibilities.
A. The quality audit standards proposed by the quality audit manager should comply with the applicable standards for internal auditing (i.e., the Standards), not vice-versa.
B. The internal audit activity as a whole, not each auditor individually, must be proficient in all necessary competencies (Attr. Std. 1210). C. The issue is whether the internal audit activity should report to the quality audit function, not be replaced by the function. Accordingly, the CAE’s response is not expected to include information on the cost savings from the elimination of the internal audit activity.
79. Which of the following best describes the purpose of the Three Lines of Defense?
A. To improve stakeholder relationships between the board of directors and senior management and to clarify the organization’s risk management and control processes. B. To support the organization through the utilization of specialized skills in monitoring of noncompliance with applicable laws and regulations. C. To enhance communications on risk management and control by clarifying how specific duties should be assigned and coordinated within the organization. D. To define operational management’s responsibility in the execution of risk and control procedures for the organization on a day-to-day basis.
Answer (C) is correct. According to The IIA Position Paper, The Three Lines of Defense in Effective Risk Management and Control, the Three Lines of Defense model provides a simple and effective way to enhance communications on risk management and control by clarifying how specific duties should be assigned and coordinated within the organization. Operational management provides the first line of defense, business-enabling functions provide the second line of defense, and internal auditors provide the third line of defense.
A. The board of directors and senior management are the primary stakeholders served by the Three Lines of Defense, and they are the parties best positioned to help ensure that this model is reflected in the organization’s risk management and control processes. B. Business-enabling functions provide the second line of defense and support to the entity through specialized skills and typically may include various risk management, compliance, inspection, and financial control functions. A compliance function is established to monitor various risks, such as noncompliance with applicable laws and regulations or the organization’s ethics program. The Three Lines of Defense model includes more than the monitoring of noncompliance. D. To ensure compliance, there should be adequate managerial controls in place. Therefore, operational management serves as the first line of defense. However, the Three Lines of Defense model includes more than the responsibilities of operational management.
80. Which of the following is least accurate in describing the functions that serve as the three lines of defense in an organization?
A.
Functions that calculate and measure risk liability.
B.
Functions that oversee risks.
C.
Functions that provide independent assurance.
D.
Functions that own and manage risk.
Answer (A) is correct. The calculation and measurement of risk liability is not one of the three lines of defense. According to the IIA Position Paper, The Three Lines of Defense in Effective Risk Management and Control, the three lines of defense include functions that (1) own and manage risk, (2) oversee risks, and (3) provide independent assurance.
B. Functions that oversee risks provide the second line of defense for effective management of risk and control. These functions support the entity through specialized skills and typically may include various risk management, compliance, inspection, and financial control functions. Additionally, these functions are typically responsible for the ongoing monitoring of control and risk. C. Functions that provide independent assurance provide the third line of defense for effective management of risk and control. The third line of defense provides assurance on the effectiveness of governance, risk management, and internal controls, including the manner in which the first and second lines of defense achieve risk management and control objectives. D. Functions that own and manage risk provide the first line of defense for effective management of risk and control. The first line of defense develops and implements control and risk management processes; it also implements corrective actions to address process and control deficiencies.
81. All of the following are true regarding the process and methods of coordinating assurance activities except
A.
Assurance mapping connects significant risk categories and sources of assurance.
B. In the combined assurance model, the internal audit activity coordinates with compliance activities. C. The formality of assurance activity coordination may vary with the size of the entity and any regulatory requirements. D.
Sharing results with other providers violates the coordinating services agreement.
Answer (D) is correct.
The CAE should share information, coordinate activities, and consider relying upon the work of other internal and external assurance and consulting service providers to ensure proper coverage and minimize duplication of efforts (Perf. Std. 2050). Coordinating activities include (1) simultaneity of the nature, extent, and timing of scheduled work; (2) mutual understanding of methods and vocabulary; (3) the parties’ access to each other’s programs, workpapers, and communications of results; (4) reliance on others’ work to avoid overlap; and (5) meeting to adjust the timing of scheduled work given results to date.
A. Assurance mapping is a method of coordinating assurance coverage. It connects significant risk categories and sources of assurance and assesses each category. B. The internal audit activity coordinates activities such as compliance to minimize “the nature, frequency and redundancy of internal audit engagements.” C. The process and methods of coordinating assurance activities varies by organization. Smaller entities may have informal coordination. Large or regulated entities may have formal and complex coordination. Businesses and not-for-profit organizations are subject to governmental regulation in many countries.
82. Criteria the CAE may consider in determining whether to rely on the work of another service provider include all of the following except
A.
The due professional care of the service provider relating to the relevant service.
B.
The scope, objectives, and results of the service provider’s work.
C.
Whether the service provider’s findings meet the information criteria in the Standards.
D.
The reasonableness of audit fees.
Answer (D) is correct. In determining whether to rely on the work of another service provider, the CAE may consider 1.The objectivity, independence, competency, and due professional care of the provider relating to the relevant assurance or consulting service; 2.The scope, objectives, and results of the service provider’s work to evaluate the degree of reliance; 3.Assessing the service provider’s findings to determine whether they are reasonable and meet the information criteria in the Standards; and 4.The incremental effort required to obtain sufficient, reliable, relevant, and useful information as a basis for the degree of planned reliance.
A. The objectivity, independence, competency, and due professional care of the provider relating to the relevant assurance or consulting service is a criterion that the CAE may consider in determining whether to rely on the work of another service provider. B. The scope, objectives, and results of the service provider’s work to evaluate the degree of reliance is a criterion that the CAE may consider in determining whether to rely on the work of another service provider C. Assessing the service provider’s findings to determine whether they are reasonable and meet the information criteria in the Standards is a criterion that the CAE may consider in determining whether to rely on the work of another service provider.
PART-2 UNIT 2 1.What is the best description of information technology (IT) assurance?
A.Review of controls that focus on an organization’s ability to comply with established labor laws and policies. B.Review and testing of IT to assure the integrity of information. C.Determining that year-to-year growth in sales is measurable using accounting methods. D.Reviewing credit policies to determine whether only qualified customers are being granted favorable credit terms.
Answer (B) is correct. IT assurance is the review and testing of IT (for example, computers, technology infrastructure, IT governance, mobile devices, and cloud computing) to assure the integrity of information. Traditionally, IT auditing has been done in separate projects by IT audit specialists, but increasingly it is being integrated into all audits.
A.laws, regulations, policies, plans, procedures, contracts, and other requirements. C.Financial assurance provides analysis of the economic activity of an entity as measured and reported by accounting methods. D.Operational assurance is the review of a function (credit policy) to appraise the efficiency and economy of operations and the effectiveness with which those functions achieve their objectives.
2.The primary difference between operational engagements and financial engagements is that, in the latter, the internal auditors
A.Are not concerned with whether the client entity is generating information in compliance with financial accounting standards. B.Are seeking to help management use resources in the most effective manner possible. C.Can use analytical skills and tools that are not necessary in financial engagements. D.Start with the financial statements of the client entity and work backward to the basic processes involved in producing them.
Answer (D) is correct.
A financial engagement starts with financial statements to determine whether financial information was properly recorded and adequately supported. It also assesses whether the financial statement assertions about past performance are fair, accurate, and reliable.
A.The reliability and integrity of financial information are important in financial engagements. Information systems provide data for decision making, control, and compliance with external requirements. B.Operational engagements evaluate accomplishment of established objectives and goals for operations or programs and economical and efficient use of resources. Financial engagements are primarily concerned with forming an opinion on the fairness of the financial statements. C.Analytical skills are necessary in all types of engagements.
3.The chief executive officer wants to know whether the purchasing function is properly meeting its charge to “purchase the right materials at the right time in the right quantities.” Which of the following types of engagements addresses this request?
A.A financial engagement relating to the purchasing department. B.An operational engagement relating to the purchasing function. C.A compliance engagement relating to the purchasing function. D.A full-scope engagement relating to the manufacturing operation
Answer (B) is correct. An operational engagement (audit) assesses the efficiency and effectiveness of an organization’s operations.
A.A financial engagement involves the analysis of the economic activity of an entity as measured and reported by accounting methods. C.A compliance engagement is a review of both financial and operating controls to assess conformance with established standards. It tests adherence to management’s policies, procedures, and plans designed to ensure certain actions. D.A full-scale engagement relating to the manufacturing operation has financial, compliance, and operational aspects. It exceeds the chief executive officer’s request.
4.The primary difference between operational engagements and financial engagements is that, in the former, the internal auditors
A.Are not concerned with whether the client entity is generating information in compliance with financial accounting standards. B.Are seeking to help management use resources in the most effective manner possible. C.Start with the financial statements of the client entity and work backward to the basic processes involved in producing them. D.Can use analytical skills and tools that are not necessary in financial engagements.
Answer (B) is correct. The primary objective of a financial engagement is to express an opinion on the fairness of the financial statements. Operational engagements evaluate accomplishment of established objectives and goals for operations or programs and economical and efficient use of resources.
A.The reliability and integrity of financial information are important in operational engagements. Information systems provide data for decision making, control, and compliance with external requirements. C.A financial engagement entails using financial statements as a starting point. D.Analytical skills are necessary in all types of engagements.
5.During an operational engagement, the internal auditors compare the current staffing of a department with established industry standards to
A.Identify bogus employees on the department’s payroll. B.Assess the current performance of the department and make appropriate recommendations for improvement. C.Evaluate the adequacy of the established internal controls for the department. D.Determine whether the department has complied with all laws and regulations governing its personnel.
Answer (B) is correct. An operational engagement (audit) assesses the efficiency and effectiveness of an organization’s operations.
A.The internal auditors would not be concerned with payroll processing during this type of testing and evaluation. C.Comparison of staffing levels with industry standards will not test the adequacy of internal controls
D.The internal auditors would be more concerned with legal requirements during a compliance engagement.
6.An operational engagement relating to the production function includes a procedure to compare actual costs with standard costs. The purpose of this engagement procedure is to
A.Determine the accuracy of the system used to record actual costs. B.Measure the effectiveness of the standard cost system. C.Assess the reasonableness of standard costs. D.Assist management in its evaluation of effectiveness and efficiency.
Answer (D) is correct. An operational engagement (audit) assesses the efficiency and effectiveness of an organization’s operations. A comparison of actual and standard costs addresses efficiency and effectiveness.
A.The comparison will not determine the accuracy of actual costs. B.The comparison will not determine the effectiveness of the system. C.The comparison will not determine the reasonableness of standard costs.
7.A determination of cost savings is most likely to be an objective of a(n)
A.Program-results engagement. B.Financial engagement. C.Compliance engagement. D.Operational engagement.
Answer (D) is correct. An operational engagement (audit) assesses the efficiency and effectiveness of an organization’s operations.
A.A program-results engagement addresses accomplishment of program objectives and not necessarily whether costs were minimized.
B.A financial engagement relates to the safeguarding of assets and the reliability and integrity of information. C.A compliance engagement relates to compliance with legal, regulatory, procedural, and other requirements.
8.The chief executive officer wants to know whether the purchasing function is properly meeting its charge to “conform to all laws at all costs.” Which of the following types of engagements addresses this request?
A.An operational engagement relating to the purchasing function. B.A financial engagement relating to the purchasing department. C.A compliance engagement relating to the purchasing function. D.A full-scope engagement relating to the manufacturing operation.
Answer (C) is correct. A compliance engagement is a review of both financial and operating controls to assess conformance with established standards. It tests adherence to management’s policies, procedures, and plans designed to ensure certain actions.
A.An operational engagement (audit) assesses the efficiency and effectiveness of an organization’s operations. B.A financial engagement involves the analysis of the economic activity of an entity as measured and reported by accounting methods. D.A full-scale engagement relating to the manufacturing operation has financial, compliance, and operational aspects. It exceeds the chief executive officer’s request.
9.A financial engagement relating to the production function includes a procedure to compare recorded costs with actual costs. The purpose of this engagement procedure is to
A.Determine the accuracy of the system used to record actual costs. B.Measure the effectiveness of the standard cost system. C.Assess the reasonableness of actual costs. D.Assist management in its evaluation of effectiveness and efficiency.
Answer (A) is correct. A financial engagement procedure includes looking at the past to determine whether financial information (e.g., recorded costs) was properly and adequately supported (i.e., whether recorded costs equal actual costs).
B.The comparison will not determine the effectiveness of the standard cost system. C.The comparison will determine the reasonableness of recorded costs, not actual costs. D.A comparison of actual and standard costs addresses efficiency and economy issue
10.Which group is charged with overseeing the establishment, administration, and evaluation of the processes of risk management and control?
A.Operating managers. B.Internal auditors. C.External auditors. D.Senior management.
Answer (D) is correct. Senior management is charged with overseeing the establishment, administration, and evaluation of the processes of risk management and control. Operating managers’ responsibilities include assessment of the risks and controls in their units. Internal and external auditors provide varying degrees of assurance about the state of effectiveness of the risk management and control processes of the organization.
A.Operating managers’ responsibilities include assessment of the risk management and control. B.Internal auditors provide varying degrees of assurance about the state of effectiveness of the risk management and control processes of the organization. C.External auditors provide varying degrees of assurance about the state of effectiveness of the risk management and control processes of the organization.
11.Which of the following statements about control self-assessment (CSA) is false?
A.CSA is usually an informal and undocumented process. B.In its purest form, CSA integrates business objectives and risks with control processes.
C.CSA is also known as control/risk self-assessment. D.Most implemented CSA programs share some key features and goals.
Answer (A) is correct. A methodology encompassing self-assessment surveys and facilitated workshops called CSA is a useful and efficient approach for managers and internal auditors to collaborate in assessing and evaluating control procedures. The process is a formal and documented way of allowing participation by those who are directly involved in the business unit, function, or process.
B.CSA does integrate business objectives and risks with control processes. C.CSA is also known as control/risk self-assessment. D.Most implemented CSA programs share some key features and goals.
12.Which forms of control self-assessment assume that managers and members of work teams possess an understanding of risk and control concepts and use those concepts in communications?
A.The self-certification approach. B.The self-certification approach and facilitated approach. C.The self-certification approach and questionnaire approach. D.All self-assessment programs.
Answer (D) is correct. All self-assessment programs assume that managers and members of the work teams possess an understanding of risk and control concepts and using those concepts in communications. For training sessions, to facilitate the orderly flow of workshop discussions and as a check on the completeness of the overall process, organizations often use a control framework, such as the COSO (Committee of Sponsoring Organizations) and CoCo (Canadian Criteria of Control Board) models.
A.Facilitated team workshops and surveys also assume that managers and members of the work teams possess an understanding of risks and controls concepts and using those concepts in communications. B.Surveys also assume that managers and members of the work teams possess an understanding of risks and controls concepts and using those concepts in communications. C.Facilitated team workshops also assume that managers and members of the work teams possess an understanding of risks and controls concepts and using those concepts in communications.
13.Why should an organization use the survey form of control self-assessment (CSA)?
A.Few respondents are required to respond. B.Respondents are not widely dispersed. C.No time constraint is involved. D.The organizational culture does not encourage openness.
Answer (D) is correct. The many approaches used for CSA processes in organizations reflect differences in industry, geography, structure, organizational culture, degree of employee empowerment, dominant management style, and the manner of formulating strategies and policies. The survey form of CSA uses a questionnaire that tends to ask mostly simple “Yes or No” questions that are carefully written to be understood by the target recipients. Surveys often are used if the desired respondents are too numerous or widely dispersed to participate in a workshop. They also are preferred (1) when the culture of the organization may hinder open, candid discussions in workshop settings or (2) if management wants to minimize the time spent and costs incurred in gathering information.
A.The survey form of CSA should be used when respondents are numerous. B.The survey form of CSA should be used when respondents are widely dispersed. C.The survey form of CSA should be used when management wants to minimize the time spent and costs incurred in gathering information.
14.Of the three primary approaches of CSA programs, which one is designed to gather information from work teams representing different levels in the business unit or function?
A.Auditor-produced analysis. B.Facilitated approach. C.Questionnaire approach. D.Self-certification approach.
Answer (B) is correct.
The three primary forms of CSA programs are the facilitated approach, the questionnaire approach, and the self-certification approach. The facilitated approach gathers information from work teams representing different levels in the business unit or function. The format of the approach may be based on objectives, risks, controls, or processes.
A.Auditor-produced analysis is not one of the recognized forms of CSA. C.The questionnaire form of CSA uses a survey, not work teams representing different levels in the business unit or function. D.The self-certification approach is produced by management, not by work teams representing different levels in the business unit or function.
15.Control self-assessment is a process that involves employees in assessing the adequacy of controls and identifying opportunities for improvement within an organization. Which of the following are reasons to involve employees in this process? 1.
Employees become more motivated to do their jobs right.
2.
Employees are objective about their jobs.
3.
Employees can provide an independent assessment of internal controls.
4.
Managers want feedback from their employees.
A.1 and 2. B.3 and 4. C.1 and 4. D.2 and 4.
Answer (C) is correct. Participation by employees has a positive effect on motivation because it tends to increase commitment to the job and results in greater personal satisfaction. Moreover, full employee participation requires two-way communication and therefore encourages feedback from employees.
A.Employees often lack the perspective required to be objective about their jobs or performance. B.Although employees can be involved in assessing internal controls, their assessments are not independent. D.Employees often lack the perspective required to be objective about their jobs or performance.
16.Which outcome can be derived from self-assessment methodologies?
A.Formal, hard controls are more easily identified and evaluated. B.Management will become involved in and knowledgeable about the self-assessment process by serving as facilitators, scribes, and reporters for the work teams. C.Auditors’ responsibility for the risk management and control processes of the organization will be reinforced. D.People are motivated to take ownership of the control processes in their units and corrective actions taken by work teams are often more effective and timely.
Answer (D) is correct. One of the possible outcomes that may be derived from self-assessment methodologies is that people are motivated to take ownership of the control processes in their units and corrective actions taken by work teams are often more effective and timely.
A.Informal, soft controls are more easily identified and evaluated. B.Internal auditors will become involved in and knowledgeable about the self-assessment process by serving as facilitators, scribes, and reporters for the work teams and as trainers of risk and control concepts supporting the CSA program. C.Management’s responsibility for the risk management and control processes of the organization is reinforced, and managers will be less tempted to abdicate those activities to specialists, such as auditors.
17.Which type of facilitated approach format begins by listing all possible barriers, obstacles, threats, and exposures that might prevent achieving an objective?
A.Objective-based format. B.Control-based format. C.Process-based format. D.Risk-based format.
Answer (D) is correct. A risk-based format focuses on listing the risks to achieving an objective. The workshop begins by listing all possible barriers, obstacles, threats, and exposures that might prevent achieving an objective and, then, examining the control procedures to determine if they are sufficient to manage the key risks.
The aim of the workshop is to determine significant residual risks. This format takes the work team through the entire objective-risks-controls formula.
A.An objective-based format begins by identifying controls currently in place, then determining the residual risks. B.A control-based format begins with the facilitator identifying the key risks and controls, then the group determining how well they are working. C.A process-based format focuses on selected activities that are elements of a chain of processes.
18.The element(s) of a control self-assessment (CSA) performed using one of the facilitated team workshop approaches include(s) 1)
Treating participating employees as process owners.
2)
Taking a simple yes/no survey of employees regarding risks and controls.
3)
Interviewing employees separately in the field.
A.1 only. B.2 only. C.2 and 3. D.1, 2, and 3.
Answer (A) is correct. According to The IIA, an element of CSA is the gathering of a group of people into a same-time/same-place meeting, typically involving a facilitation seating arrangement (U-shaped table) and a meeting facilitator. The participants are ‘process owners’, i.e., management and staff who are involved with the particular issues under examination, who know them best, and who are critical to the implementation of appropriate process controls.
B.The facilitated approach to CSA should be contrasted with an approach that merely surveys employees regarding risks and controls. C.The facilitated approach to CSA should be contrasted with an approach that merely surveys employees regarding risks and controls or performing separate interviews in the field. D.The facilitated approach to CSA should be contrasted with an approach that merely surveys employees regarding rights and controls performing separate interviews in the field
19.In which format of the facilitated approach does the facilitator identify the key controls before the beginning of the workshop?
A.Control-based format. B.Objective-based format. C.Risk-based format. D.Process-based format.
Answer (A) is correct. A control-based format focuses on how well the controls in place are working. Unlike the approach in the objective-based and risk-based formats, the facilitator identifies the key risks and controls before the beginning of the workshop. During the workshop, the work team assesses how well the controls mitigate risks and promote the achievement of objectives. The aim of the workshop is to produce an analysis of the gap between how controls are working and how well management expects those controls to work.
B.An objective-based format begins by identifying controls currently in place, then determining the residual risks. C.The risk-based format focuses on listing the risks to achieving an objective. D.A process-based format focuses on selected activities that are elements of a chain of processes.
20.The aim of which format of the facilitated approach is to decide whether procedures are working effectively?
A.Control-based format. B.Objective-based format. C.Process-based format. D.Risk-based format.
Answer (B) is correct. An objective-based format focuses on the best way to accomplish a business objective. The workshop begins by identifying the procedures presently in place to support the objective and then determines the residual risks remaining. The aim of the workshop is to decide whether the procedures are working effectively and are resulting in residual risks within an acceptable level.
A.The aim of a control-based format is to produce an analysis of the gap between how controls are working and how well management expects those controls to work. C.The aim of a process-based format is to evaluate, update, validate, improve, and even streamline the whole process and its component activities. D.The aim of a risk-based format is to determine significant residual risks.
21.Which of the three primary approaches of CSA programs should be used if management wants to minimize the time spent and costs incurred in gathering the information?
A.Self-certification approach. B.Facilitated approach. C.Auditor-produced analysis. D.Questionnaire app roach.
Answer (D) is correct. The questionnaire approach of CSA uses a questionnaire that tends to ask mostly simple “Yes/No” or “Have/Have Not” questions that are carefully written to be understood by the target recipients. They are preferred if the culture in the organization may hinder open, candid discussions in workshop settings or if management desires to minimize the time spent and costs incurred in gathering the information.
A.The self-certification approach can be time-consuming. B.The facilitated approach can be time-consuming. C.This is not one of the three primary approaches of CSA programs.
22.Which one of the three primary types of CSA programs allows for the chief audit executive (CAE) to synthesize information provided by management with other information to enhance the understanding about controls and to share the knowledge?
A.Facilitated approach. B.Self-certification approach. C.Questionnaire approach. D.Auditor-produced analysis.
Answer (B) is correct. The form of self-assessment is based on management-produced analyses to produce information about selected business processes, risk management activities, and control procedures. The internal auditor may synthesize this analysis with other information to enhance the understanding about controls and to share the knowledge with managers in business or functional units as part of the organization’s CSA program.
A.The facilitated approach gathers information from work teams representing different levels in the business unit or function. C.The questionnaire approach of CSA uses a questionnaire that tends to ask mostly simple “yes/no” or “have/have not” questions that are carefully written to be understood by the target recipients. D.Auditor-produced analysis is not one of the three primary forms of CSA programs.
23.Control self-assessment (CSA) is a method for examining and evaluating the organization’s system of control, which includes
A.Risk analysis. B.Self-assessment approaches. C.Traditional internal auditing concepts. D.All of the answers are correct.
Answer (D) is correct. Control self-assessment combines traditional auditing concepts, risk analysis, and self-assessment approaches. All three types of information are used while performing this type of assessment.
A.Control self-assessment also includes self-assessment approaches and traditional internal auditing concepts. B.Control self-assessment also includes risk analysis and traditional internal auditing concepts. C.Control self-assessment also includes risk analysis and self-assessment approaches.
24.Which type of format of control self-assessment (CSA) facilitated approaches focuses on the best way to accomplish the goals of the organization?
A.Process-based format. B.Control-based format. C.Risk-based format. D.Objective-based format.
Answer (D) is correct. An objective-based format focuses on the best way to accomplish a business objective. The workshop begins by identifying the controls presently in place to support the objective and then determines the residual risk remaining.
A.A process-based format focuses on selected activities that are elements of a chain of processes. B.A control-based format focuses on how well the controls in place are working. C.A risk-based format focuses on listing the risks to achieving an objective.
25.Which phrase best describes the control-based approach of the control self-assessment process?
A.Evaluating, updating, and streamlining selected control processes. B.Examining how well controls are working in managing key risks. C.Analyzing the gap between control design and control frameworks. D.Determining the cost-effectiveness of controls.
Answer (B) is correct. A control-based format focuses on how well the controls in place are working. This format is different than the others because the facilitator identifies the key risks and controls before the beginning of the workshop. During the workshop, the work team assesses how well the controls mitigate risks and promote the achievement of objectives. The aim of the workshop is to produce an analysis of the gap between how controls are working and how well management expects those controls to work.
A.This phrase best describes a process-based approach, although control processes are not the only processes reviewed in this approach. C.Comparing control design and control frameworks in a control-based approach does not adequately describe the process. A control-based process is more likely to examine the gap between control design and control effectiveness in managing risks.
D.Cost-effectiveness could be discussed in a control-based control self-assessment workshop, but it is not the primary focus of this process.
26.Which of the following factors is least essential to a successful control self-assessment (CSA) workshop?
A.Voting technology. B.Facilitation training. C.Prior planning. D.Group dynamics.
Answer (A) is correct. Elements of CSA include front-end planning, preliminary audit work, a structured agenda, and reporting and development of action plans. Furthermore, according to The IIA, an element of CSA is the gathering of a group of people into a same-time/same-place meeting, typically involving a facilitation seating arrangement (U-shaped table) and a meeting facilitator. The participants are ‘process owners’, i.e., management and staff who are involved with the particular issues under examination, who know them best, and who are critical to the implementation of appropriate process controls. Optional elements include the presence of a scribe to take an online transcription of the session and electronic voting technology to enable participants to voice their perceptions of the issues anonymously. Voting technology can increase efficiency, but it is not essential to success. Manual forms of recording views and giving group feedback are also effective.
B.CSA requires facilitation skills C.CSA requires careful planning. D.CSA facilitators need to understand and manage group dynamics.
27.After reviewing the prior year’s internal audit recommendations, senior management has decided to adopt a control self-assessment (CSA) program using a questionnaire approach. The survey consists of descriptions of, and questions about, key controls. What is the effect on the next audit of adopting this CSA program?
A.Audit tests will be substantially eliminated.
B.The CSA survey must be controlled by the internal audit activity. C.The internal auditors need to verify that the controls are in place and working as intended. D.The internal audit activity will receive the results directly.
Answer (C) is correct. A CSA program may reduce the effort expended, but the existence and proper operation of the controls identified must still be verified.
A.Some testing may be eliminated. B.CSA is performed by management and work teams without supervision by the internal audit activity. D.Survey results are for the immediate benefit of people in the business units assessed.
28.Which of the following are approaches to a control self-assessment (CSA) program? 1.
Facilitation
2.
Cost-benefit
3.
Survey
4.
Self-certification
A.1 and 2. B.1 and 3. C.1, 2, and 4. D.1, 3, and 4.
Answer (D) is correct. The three primary approaches of CSA programs are (1) facilitation, (2) survey, and (3) self-certification.
A.A cost-benefit approach is not one of the three approaches to a CSA program. B.Facilitation and survey are two of the three approaches to a CSA program. However, this answer excludes the third approach, self-certification. C.A cost-benefit approach is not one of the three approaches to a CSA program.
29.In reviewing a cost-plus construction contract for a new catalog showroom, the internal auditor should be cognizant of the risk that
A.The contractor could be charging for the use of equipment not used in the construction. B.Income taxes related to construction equipment depreciation may have been calculated erroneously. C.Contractor cash budgets could have been inappropriately compiled. D.Payroll taxes may have been inappropriately omitted from billings.
Answer (A) is correct. Under a cost-plus contract, the contractor receives a sum equal to cost plus a fixed amount or a percentage of cost. The disadvantages of this arrangement are that the contractor’s incentive for controlling costs is reduced and the opportunity to overstate costs is created. Consequently, internal auditors should be involved in monitoring economy and efficiency not only during the earliest phases of construction but also from the outset of the planning process.
B.Income tax provisions related to depreciation charges are not a risk; only those charges incurred under the terms of the contract constitute a risk. C.Budgets inappropriately prepared do not affect contract costs and therefore do not constitute a risk D.The omission of taxes does not involve a risk of contract overcharges or inadequacies in construction. Possible delays in payment or underpayments from the omission are of less concern. 30.Which of the following does the internal auditor of a contracting company not have to review as thoroughly in a lump-sum contract?
A.Progressive payments. B.Adjustments to labor costs. C.Work completed in accordance with the contract. D.Incentives associated with the contract.
Answer (C) is correct. The internal auditor usually has little to evaluate when the work is performed in accordance with the contract. Further, the internal auditor may lack the technical expertise to know if the contract is being completed according to the terms.
A.The internal auditor should ensure that the contractor is receiving payment to meet expenses and complete the contract. B.Adjustments to labor cost may change the profitability of the contract and are of great importance to the internal auditor. D.Incentives such as a bonus for early completion affect the overall profitability of the contract and are frequently reviewed by the internal auditor.
31.In reviewing a unit-price construction contract for a new catalog showroom, the internal auditor should be cognizant of the risk that
A.The contractor could be charging for the use of equipment not used in the construction. B.Income taxes related to construction equipment depreciation may have been calculated erroneously. C.The man-hours used to complete the project are overstated. D.Payroll taxes may have been inappropriately omitted from billings.
Answer (C) is correct. Under unit-price contracts, the price of the project is determined using a measure of work. The disadvantage of this arrangement is that the contractor may be tempted to overstate the measure of work used to compute the cost of the project. In this case, the measure of work could be man-hours needed to complete the project. Consequently, internal auditors should be involved in monitoring economy and efficiency not only during the earliest phases of construction but also from the beginning of the planning process.
A.The risk of charging for the use of equipment not used in the construction arises in a cost-plus contract. The contractor receives a sum equal to cost plus a fixed amount or a percentage of cost. B.Income tax provisions related to depreciation charges are not a risk; only those charges incurred under the terms of the contract constitute a risk. D.The omission of taxes does not involve a risk of contract overcharges or inadequacies in construction. Possible delays in payment or underpayments from the omission are of less concern.
32.An auditor is scheduled to audit payroll controls for an organization that has recently outsourced its information processing to an external service provider (ESP). The ESP’s external auditor has issued reports pertaining to the ESP’s controls and made it readily available to the internal auditor. What action should the auditor take, considering the outsourcing decision?
A.Review only the ESP’s external auditor. B.Review only the organization’s controls over data sent to and received from the ESP.
C.Review the control reports and ensure that the ESP’s external auditor is credible and reliable. D.Cancel the engagement because the processing is being performed outside of the organization.
Answer (C) is correct. Engagements involving third parties may be necessary when vital controls affecting transactions exist outside the organization. One example is the outsourcing of the organization’s information processing function to an ESP. Although the processing is being performed outside the organization, the ESP is an extension of the organization’s information systems. As a result, control risk may be higher because an external organization’s controls are part of the organization’s controls. The added control risk can be mitigated by the issuance of control reports (e.g., Service Organization Control reports). These reports must be reviewed for accuracy by the internal auditor. Additionally, the ESP’s external auditor should be evaluated for reliability and credibility to satisfy relying on the report.
A.Reviewing only the ESP’s external auditor provides no assurance on the work performed by the ESP. B.The internal controls at the ESP and the user organization interact with each other. Both must be reviewed. D.Controls must be evaluated regardless of their location.
33.A company would like to contract for janitorial services for 1 year with 4 option years. The specifications require the potential contractor to perform certain cleaning services at specified intervals. Which of the following is the best contract type for this requirement?
A.Cost-reimbursable. B.Indefinite delivery. C.Fixed-price. D.Time-and-materials.
Answer (C) is correct. Fixed-price contracts are used when the requirements are well-defined, uncertainties can be identified and costs estimated, and there is adequate competition.
A.Cost-reimbursable contracts are used when the requirements are complex and costs cannot be easily identified and estimated. B.Indefinite delivery contracts are used only when the supplies and/or service of future deliveries are not known at the time of contract award.
D.Time-and-materials contracts are used when it is not possible at the time of placing the contract to estimate accurately the duration of the work.
34.An internal auditor is conducting an audit of environmental protection and alarm devices. Which is the most significant objective of such an assignment? To determine whether
A.The devices are installed and operating properly. B.The costs of the devices were properly recorded. C.The device specification documents are complete. D.Acquisitions and disposals are properly authorized.
Answer (A) is correct. The objective should be to determine whether the devices are working properly. For this purpose, the internal auditor must observe an actual test of the operation.
B.Recordkeeping is not as important as the effectiveness of such devices. C.Specification documents become important only when repairs are needed. D.Authorization is less important than effectiveness.
35.No incentive for efficiency or economy may exist in a cost-plus construction contract for small, unique projects. The potential exists for inflated costs. An appropriate control to encourage efficiency and economy in these contracts is
A.Elimination of change orders to the contract. B.Provision for maximum costs and sharing any savings. C.Use of an agreed-upon price for each unit of work. D.A checklist approach to the review of contract costs.
Answer (B) is correct. Under a cost-plus contract, the contractor receives a sum equal to cost plus a fixed amount or a percentage of cost. This arrangement has the benefit to the contractor of allowing for the effects of events that cannot be specifically anticipated. The disadvantages are that the contractor’s incentive for controlling costs is reduced and the opportunity to overstate costs is created. Consequently, the contract
should include a provision for maximum costs and sharing of any savings. The contractor will be encouraged to be efficient.
A.Elimination of all change orders is unreasonable. C.The use of an agreed-upon price for each unit of work constitutes a unit-price contract, not a cost-plus contract. D.A checklist approach to the review of contracts results in sterile reviews.
36.An auditor is scheduled to audit payroll controls for an organization that has recently outsourced its information processing to an external service provider (ESP). What action should the auditor take, considering the outsourcing decision?
A.Review the controls over payroll in both the organization and the ESP. B.Review only the organization’s controls over data sent to and received from the ESP. C.Review only the controls over payments to the ESP based on the contract. D.Cancel the engagement because the processing is being performed outside of the organization.
Answer (A) is correct. Engagements involving third parties may be necessary when vital controls affecting transactions exist outside the organization. One example is the outsourcing of the organization’s information processing function to an external service provider (ESP). Although the processing is being performed outside the organization, the ESP is an extension of the organization’s information systems. As a result, control risk may be higher because an external organization’s controls are part of the organization’s controls. Also, the recency of the change and the complexity of communicating between the organization and the ESP increase the risk.
B.The internal controls at the ESP and the user organization interact with each other. Both must be reviewed. C.Reviewing only the controls over payments to the ESP based on the contract narrows the scope of the engagement. D.Controls must be evaluated regardless of their location.
37.Which of the following best describes a function of contract auditing?
A.Reviewing the adequacy and effectiveness of the controls over hazardous waste.
B.Determining whether the business justification for a major transaction is valid. C.Addressing the security of personal information. D.Monitoring and evaluating significant construction contracts.
Answer (D) is correct. Contract audits monitor and evaluate significant construction contracts and operating contracts that involve the provision of services. The usual arrangements are (1) lump-sum (fixed-price), (2) cost-plus, and (3) unit-price contracts.
A.Environmental audits review the adequacy and effectiveness of the controls over hazardous waste. B.Due diligence audits determine whether the business justification for a major transaction is valid. C.Privacy audits address the security of personal information.
38.An internal auditor is conducting an audit of a contract to build a new branch office. The auditor should consider whether the 1)
Materials used in construction meet specified contractual standards.
2)
Contractor has established a fraud hotline.
3)
Construction is on schedule.
A.1 and 2 only. B.1 and 3 only. C.2 and 3 only. D.1, 2, and 3.
Answer (B) is correct. The purpose of a contract audit is to determine whether the contractor is performing as specified in the contract. Whether the contractor has a fraud hotline is of no concern to the entity and is beyond the scope of a contract audit.
A.Whether the entity has a fraud hotline is not the contractor’s responsibility. Whether the construction is on schedule, however, is the contractor’s responsibility.
C.Whether the entity has a fraud hotline is not the contractor’s responsibility. Whether the materials used in construction meet specified contractual standards is the contractor’s responsibility. D.Whether the contractor has a fraud hotline is of no concern to the entity.
39.Which of the following is the most important provision for an internal auditor to recommend for inclusion in a contract for the purchase of a business application system from a small start-up company?
A.Source code escrow clause. B.Limitation-of-liabilities clause. C.Copyright clause. D.Right-to-audit clause.
Answer (A) is correct. A source code escrow clause requires the application source code to be held in escrow by a trusted third party. The third party releases the source code to the purchaser, or licensee, on the occurrence of an event, or events, specified in the clause.
B.A limitation-of-liabilities clause is likely to be an inclusion by the seller, not the purchaser. C.A copyright clause is likely to be an inclusion by the seller, not the purchaser. D.Although an internal auditor might recommend a right-to-audit clause in the context of an external business relationship (EBR) agreement, such a clause is not applicable in the context of a one-time purchase transaction.
40.Which of the following statements about TQM is false?
A.This approach can increase revenues and decrease costs significantly. B.TQM is a comprehensive approach to quality. C.TQM begins with internal suppliers’ requirements. D.TQM concepts are applicable to the operations of the internal audit activity itself.
Answer (C) is correct. The emergence of the total quality management (TQM) concept is one of the most significant developments in recent years because this approach can increase revenues and decrease costs
significantly. TQM is a comprehensive approach to quality. It treats the pursuit of quality as a basic organizational function that is as important as production or marketing. TQM emphasizes the supplier’s relationship with the customer. Thus, TQM begins with external customer requirements, identifies internal customer-supplier relationships and requirements, and establishes requirements for external suppliers. TQM concepts also are applicable to the operations of the internal audit activity itself. For example, periodic internal assessments of those operations may include benchmarking of the internal audit activity’s practices and performance metrics against relevant best practices of the internal audit profession.
A.TQM can increase revenues and decrease costs significantly. B.TQM is a comprehensive approach to quality. D.TQM is a comprehensive approach to quality.
41.TQM is the continuous pursuit of quality in every aspect of organizational activities through a number of goals. Which of the following is not one of those goals? A.A philosophy of doing it right the first time. B.Promotion of individual work. C.Employee training and empowerment. D.Improvement of processes.
Answer (B) is correct. TQM is the continuous pursuit of quality in every aspect of organizational activities through (1) a philosophy of doing it right the first time, (2) employee training and empowerment, (3) promotion of teamwork, (4) improvement of processes, and (5) attention to satisfaction of customers, both internal and external.
A.This goal is included in the definition of TQM. C.This goal is included in the definition of TQM. D.This goal is included in the definition of TQM.
42.Fact Pattern: The management and employees of a large household goods moving company decided to adopt total quality management (TQM) and continuous improvement (CI). The company believes that if it became nationally known as adhering to TQM and CI, one result would be an increase in the company’s profits and market share.
Q:The primary reason for adopting TQM was to achieve
A.Greater customer satisfaction. B.Reduced delivery time. C.Reduced delivery charges. D.Greater employee participation.
Answer (A) is correct. TQM is an integrated system that anticipates, meets, and exceeds customers’ needs, wants, and expectations.
B.Reduced delivery time is one of many potential activities that need improvement C.Reduced delivery charges is one of many potential activities that need improvement. D.Increased employee participation is necessary to achieve TQM, but it is not the primary purpose for establishing the program.
43.Under a total quality management (TQM) approach,
A.Measurement occurs throughout the process, and errors are caught and corrected at the source. B.Quality control is performed by highly trained inspectors at the end of the production process. C.Upper management assumes the primary responsibility for the quality of the products and services. D.A large number of suppliers are used in order to obtain the lowest possible prices.
Answer (A) is correct. Total quality management emphasizes quality as a basic organizational function. TQM is the continuous pursuit of quality in every aspect of organizational activities. One of the basic tenets of TQM is doing it right the first time. Thus, errors should be caught and corrected at the source.
B.Total quality management emphasizes discovering errors throughout the process, not inspection of finished goods. C.All members of the organization assume responsibility for the quality of the products and services. D.The total quality management philosophy recommends limiting the number of suppliers to create a strong relationship.
44.Focusing on customers, promoting innovation, learning new philosophies, driving out fear, and providing extensive training are all elements of a major change in organizations. These elements are aimed primarily at
A.Copying leading organizations to better compete with them. B.Focusing on the total quality of products and services. C.Being efficient and effective at the same time, in order to indirectly affect profits. D.Managing costs of products and services better, in order to become the low-cost provider.
Answer (B) is correct. TQM is a comprehensive approach to quality. It treats the pursuit of quality as a basic organizational function that is as important as production or marketing. TQM is the continuous pursuit of quality in every aspect of organizational activities through (1) a philosophy of doing it right the first time; (2) employee training and empowerment; (3) promotion of teamwork; (4) improvement of processes; and (5) attention to satisfaction of customers, both internal and external. TQM emphasizes the supplier’s relationship with the customer, identifies customer needs, and recognizes that everyone in a process is at some time a customer or supplier of someone else, either inside or outside of the organization.
A.Competitive benchmarking is just one tool for implementing TQM. C.TQM’s primary focus is not profitability. D.TQM’s primary focus is not cost reduction.
45.Total quality management (TQM) in a manufacturing environment is best exemplified by
A.Identifying and reworking production defects before sale. B.Designing the product to minimize defects. C.Performing inspections to isolate defects as early as possible. D.Making machine adjustments periodically to reduce defects.
Answer (B) is correct. Total quality management emphasizes quality as a basic organizational function. TQM is the continuous pursuit of quality in every aspect of organizational activities. One of the basic tenets of TQM is doing it right the first time. Thus, errors should be caught and corrected at the source, and quality should be built in (designed in) from the start.
A.TQM emphasizes prevention, not rework. The approach of TQM is to build in and design in quality, not to “fix it in” or “inspect it in.” C.TQM emphasizes prevention, not inspection. The approach of TQM is to build in and design in quality, not to “fix it in” or “inspect it in.” D.TQM emphasizes prevention, not adjustment. The approach of TQM is to build in and design in quality, not to “fix it in” or “inspect it in.”
46.Under a total quality management (TQM) approach,
A.Value-added activities are performed in all processes under constant management supervision. B.Quality control is performed by highly trained inspectors at the end of the production process. C.Management assumes responsibility for all processes in the system. D.A large number of suppliers are used in order to obtain the lowest possible prices.
Answer (A) is correct. Total quality management emphasizes quality as a basic organizational function. TQM is the continuous pursuit of quality in every aspect of organizational activities. One of the basic tenets of TQM is doing it right the first time. Thus, errors should be caught and corrected at the source.
B.Total quality management emphasizes discovering errors throughout the process, not inspection of finished goods. C.All members of the organization assume responsibility for the quality of the products and services produced by the system. D.The total quality management philosophy recommends limiting the number of suppliers to create a strong relationship.
47.Providing assurance that the approved quality structures are in place is the responsibility of the
A.Audit committee. B.Production manager. C.Internal audit activity. D.Chief audit executive.
Answer (C) is correct. The internal audit activity’s role is to provide assurance that the approved quality structures are in place and quality processes are functioning as intended.
A.The audit committee is an operating committee made up of members of the board and charged with oversight of financial reporting and disclosure for the organization. The audit committee does not provide assurance. B.The management of quality is not limited to the production manager, quality management staff, engineers, production personnel, etc. The production manager does not provide assurance. D.The CAE is responsible for effectively managing the internal audit activity in accordance with the internal audit charter and the mandatory elements of the International Professional Practices Framework. It is not the CAE’s role to provide assurance.
48.The organization is evaluating whether it should implement total quality management (TQM). Which of the following would least likely be a supporting factor for its decision?
A.Quality of the product is of paramount consideration for management. B.The improvement of quality will be achieved mainly through the reworking of defective goods. C.The supplier’s relationship with the customer will be emphasized. D.The organization strives for continuous quality improvement and innovation in products and services.
Answer (B) is correct. The traditional view of quality focuses on the detection of defective or rejected products. TQM 1) focuses its attention on satisfying both internal and external customers, 2) believes that quality is a value-added activity performed throughout all processes, and 3) is the continuous pursuit of quality in every aspect of organizational activities. Therefore, improving quality mainly through the reworking of defective goods demonstrates the traditional view of quality, and therefore is not a supporting factor for TQM.
A.The modern view of TQM is that quality is a value-added activity performed throughout all TQM processes. It treats the pursuit of quality as a basic organizational function that is as important as production or marketing. Therefore, “quality of the product is of paramount consideration for management” would be a supporting factor for TQM.
C.TQM emphasizes the supplier’s relationship with the customer and identifies customer needs. It also recognizes that everyone in a process is at some time a customer or supplier of someone else, either inside or outside of the organization. Therefore, “the supplier’s relationship with the customer will be emphasized” would be a supporting factor for TQM. D.TQM is the continuous pursuit of quality in every aspect of organizational activities. Therefore, “the organization strives for continuous quality improvement and innovation in products and services” would be a supporting factor for TQM.
49.The reliability and integrity of all critical information of an organization, regardless of the media in which the information is stored, is the responsibility of
A.Shareholders. B.IT department. C.Management. D.All employees.
Answer (C) is correct. Internal auditors determine whether senior management and the board have a clear understanding that information reliability and integrity is a management responsibility. Information reliability and integrity includes accuracy, completeness, and security.
A.Management has a responsibility to shareholders and other stakeholders (customers, vendors, etc.) to ensure information is secure and reliable. B.The IT department is generally the functional department charged by management to monitor and ensure all information is controlled in accordance with company policies and rules. D.Management has a responsibility to employees to ensure employee information (employee social security numbers, direct deposit account information, etc.) is secure and accurate.
50.Freedom from monitoring best defines
A.Personal privacy. B.Privacy of space. C.Privacy of communication. D.Privacy of information.
Answer (C) is correct. Privacy may encompass (1) personal privacy (physical and psychological), (2) privacy of space (freedom from surveillance), (3) privacy of communication (freedom from monitoring), and (4) privacy of information (collection, use, and disclosure of personal information by others).
A.Personal privacy is physical and psychological. B.Privacy of space is freedom from surveillance. D.Privacy of information is freedom from collection, use, and disclosure of personal information by others.
51.Fact Pattern: The legislative auditing bureau of a country is required to perform compliance engagements involving organizations that are issued defense contracts on a cost-plus basis. Contracts are clearly written to define acceptable costs, including developmental research cost and appropriate overhead rates. During the past year, the government has engaged in extensive outsourcing of its activities. The outsourcing included contracts to run cafeterias, provide janitorial services, manage computer operations and systems development, and provide engineering of construction projects. The contracts were modeled after those used for years in the defense industry. The legislative internal auditors are being called upon to expand their efforts to include compliance engagements involving these contracts. Upon initial investigation of these outsourced areas, the internal auditor found many areas in which the outsourced management has apparently expanded its authority and responsibility. For example, the contractor that manages computer operations has developed a highly sophisticated security program that may represent the most advanced information security in the industry. The internal auditor reviews the contract and sees reference only to providing appropriate levels of computing security. The internal auditor suspects that the governmental agency may be incurring developmental costs that the outsourcer may use for competitive advantage in marketing services to other organizations.
Q:Management has asked the internal auditor to recommend monitoring controls that management could establish to provide timely oversight of the information systems contract. Which of the following is the least effective monitoring control?
A.Require monthly internal reports summarizing overhead rates used in billings. B.Require monthly reports by the outsourcer of total costs billed and services rendered. C.Use internal auditors to investigate the appropriateness of costs, as part of a yearly engagement to evaluate the outsourcer. D.Randomly investigate selected cost accounts throughout the year to determine that all the expenses are properly charged to the governmental unit.
Answer (C) is correct. A yearly engagement to evaluate the outsourcer pertains to compliance, not monitoring. This control procedure is not timely because it occurs only once a year and does not provide prompt feedback for corrective action.
A.Monthly reporting is a monitoring control that provides timely information to management as to whether this activity is out of control. B.Monthly reporting is a monitoring control that provides timely information to management as to whether this activity is out of control. D.Randomly selecting transactions throughout the year is an ongoing process of testing the validity of expenses.
52.Which of the following is part of the board’s role in protecting against privacy threats?
A.Establishing a privacy framework. B.Identifying the information gathered by the organization that is deemed personal or private. C.Identifying the methods used to collect information. D.Determining whether the use of the information collected is in accordance with its intended use and the laws.
Answer (A) is correct. The board is ultimately accountable for ensuring that the principal risks of the organization have been identified, and the appropriate control processes have been implemented to mitigate those risks. This includes establishing the necessary privacy framework for the organization and monitoring its implementation.
B.Identification of the information gathered by the organization that is deemed personal or private is a duty of the internal auditors. C.Identification of the collection methods used is a duty of the internal auditors. D.Determining whether the use of the information collected is in accordance with its intended use and the laws is a duty of the internal auditors.
53.Personal information may include 1.
Medical status
2.
Social status
3.
Credit records
4.
Disciplinary actions
A.1, 2, and 4 only. B.1 only. C.1 and 2 only. D.1, 2, 3, and 4.
Answer (D) is correct. Personal information may include the following: (1) medical status, (2) social status, (3) family relationships, (4) disciplinary actions, (5) name, (6) address, (7) identification numbers, (8) income, (9) financial status, (10) comments, (11) employee files, (12) evaluations, and (13) credit records.
A.Credit records are considered personal information. B.Social status, credit records, and disciplinary actions are considered personal information. C.Credit records and disciplinary actions are considered personal information.
54.When evaluating management of the organization’s privacy framework, the internal auditor considers
A.The applicable laws relating to privacy. B.Conferring with in-house legal counsel. C.Conferring with information technology specialists. D.All of the answers are correct.
Answer (D) is correct. In an evaluation of the privacy framework, the internal auditor considers the following:
The various laws, regulations, and policies relating to privacy in the jurisdictions where the organization operates.
Conferring with in-house legal counsel to determine the exact nature of laws, regulations, and other standards and practices applicable to the organization and the countries where it operates.
Conferring with information technology specialists to determine that information security and data protection controls are in place and regularly reviewed and assessed for appropriateness.
The level or maturity of privacy practices.
A.The internal auditor also considers conferring with in-house counsel and information technology specialists. B.The internal auditor also considers the applicable laws, regulations, and policies relating to privacy and conferring with information technology specialists. C.The internal auditor also considers the applicable laws, regulations, and policies relating to privacy and conferring with in-house legal counsel.
55.Which of the following privacy terms is matched with an accurate example of the term?
Term
Example
A.Privacy of space
Freedom from surveillance
B.Privacy of information
Freedom from monitoring
C.Personal privacy
Freedom from monitoring
D.Privacy of communication
Freedom from surveillance
Answer (A) is correct. Risks associated with the privacy of information encompass personal privacy (physical and psychological), privacy of space (freedom from surveillance), privacy of communication (freedom from monitoring), and privacy of information (collection, use, and disclosure of personal information by others).
B.Privacy of information includes collection, use, and disclosure of personal information by others C.Personal privacy includes physical and psychological. D.Privacy of communication includes freedom from monitoring.
56.Who determines whether the internal audit activity has access to resources sufficient to evaluate the reliability and integrity of information?
A.The chief executive officer. B.The chief audit executive.
C.The external auditor. D.The chief operating officer.
Answer (B) is correct. The chief audit executive determines whether the internal audit activity possesses, or has access to, competent audit resources to evaluate information reliability and integrity and associated risk exposures. This includes both internal and external risk exposures and exposures relating to the organization’s relationships with outside entities.
A.The CAE must make a determination of whether the internal audit activity has the resources to meet its obligations. C.The CAE must make a determination of whether the internal audit activity has the resources to meet its obligations. D.The CAE must make a determination of whether the internal audit activity has the resources to meet its obligations.
57.Which of the following statements is false with respect to information security?
A.Internal auditors should determine that senior management and the board, audit committee, or other governing body have a clear understanding that information reliability and integrity is the responsibility of the internal audit activity. B.The chief audit executive should determine that the internal audit activity possesses, or has access to, competent auditing resources to evaluate information security and associated risk exposures. C.Internal auditors should periodically assess the organization’s information security practices and recommend, as appropriate, enhancements to, or implementation of, new controls and safeguards. D.Internal auditors should assess the effectiveness of preventive, detective, and mitigative measures against past attacks, as deemed appropriate, and future attempts or incidents deemed likely to occur.
Answer (A) is correct. Internal auditors determine whether senior management and the board have a clear understanding that information reliability and integrity is a management responsibility. This responsibility includes all critical information of the organization, regardless of how the information is stored.
B.These statements about information security are correct. C.These statements about information security are correct. D.These statements about information security are correct.
58.The internal auditors’ ultimate responsibility for information security includes
A.Identifying technical aspects, risks, processes, and transactions to be examined. B.Determining the scope and degree of testing to achieve engagement objectives. C.Periodically assessing information security practices. D.Documenting engagement procedures.
Answer (C) is correct. Internal auditors should periodically assess the organization’s information security practices and recommend, as appropriate, enhancements to, or implementation of, new controls and safeguards. Following an assessment, an assurance report should be provided to the board. Such assessments can either be conducted as separate stand-alone engagements or as multiple engagements integrated into other audits or engagements conducted as part of the approved audit plan.
A.An engagement work program is part of the planning process, which includes identifying technical aspects, risks, processes, and transactions to be examined. B.An engagement work program is part of the planning process, which includes determining the scope and degree of testing to achieve engagement objectives. D.An engagement work program is part of the planning process, which includes documenting engagement procedures.
59.Which of the following is not a role of the internal audit activity in performing assurance services?
A.Assessing information systems security risks. B.Working with information system users and system security personnel to implement controls. C.Monitoring the implementation of corrective action. D.Evaluating security controls.
Answer (B) is correct.
The role of the internal audit activity with respect to assurance services is to assess information systems security risks, monitor the implementation of corrective action, and evaluate security controls. The internal audit activity may also function in a consulting capacity by identifying security issues and by working with users of information systems and with systems security personnel to devise and implement controls.
A.Assessing information systems security risks is part of the role of the internal audit activity with respect to assurance services. C.Monitoring the implementation of corrective action is part of the role of the internal audit activity with respect to assurance services. D.Evaluating security controls is part of the role of the internal audit activity with respect to assurance services.
60.A privacy audit focuses on an organization’s ability to
A.Measure performance and analyze deficiencies. B.Achieve its objectives efficiently and effectively. C.Implement controls for the management of private information. D.Meet users’ needs reliably.
Answer (C) is correct. An internal auditor must understand and comply with privacy-related laws, regulations, and policies in jurisdictions where the organization operates. An organization’s failure to establish controls for privacy can lead to legal problems, loss of assets, loss of consumer trust, and a damaged reputation.
A.A performance audit addresses an organization’s ability to measure performance and analyze deficiencies. B.A performance or operational audit addresses an organization’s ability to achieve its objectives efficiently and effectively. D.A performance or operational audit addresses an organization’s ability to achieve its objectives efficiently and effectively.
61.Using the balanced scorecard approach, an organization evaluates managerial performance based on
A.A single ultimate measure of operating results, such as residual income. B.Multiple financial and nonfinancial measures. C.Multiple nonfinancial measures only. D.Multiple financial measures only.
Answer (B) is correct. The trend in managerial performance evaluation is the balanced scorecard approach. Multiple measures of performance permit a determination as to whether a manager is achieving certain objectives at the expense of others that may be equally or more important. These measures may be financial or nonfinancial and usually include items in four categories: (1) financial; (2) customer; (3) internal business processes; and (4) learning, growth, and innovation.
A.The balanced scorecard approach uses multiple measures. C.The balanced scorecard approach includes financial measures. D.The balanced scorecard approach includes nonfinancial measures.
62.A performance audit engagement typically involves
A.Review of financial statement information, including the appropriateness of various accounting treatments. B.Tests of compliance with policies, procedures, laws, and regulations. C.A strategic analysis of the organization’s key components that are essential to the organization’s success. D.An evaluation of the board of directors’ role in the operations of the organization.
Answer (C) is correct. Performance audit engagements involve review of the business and control environment and key performance indicators against set criteria using balanced scorecards, SWOT analysis, and management control evaluation. A balanced scorecard is an evaluation of company performance against established criteria. SWOT analysis appraises the business and potentially the control environment.
A.Financial engagements involve review of financial information.
B.Compliance engagements involve examining control procedures and compliance with them. D.Operational engagements involve reviewing organizational and departmental structures.
63.Which of the following criteria would be most useful to a sales department manager in evaluating the performance of the manager’s customer-service group? A.The customer is always right. B.Customer complaints should be processed promptly. C.Employees should maintain a positive attitude when dealing with customers. D.All customer inquiries should be answered within 7 days of receipt.
Answer (D) is correct. A criterion that requires all customer inquiries to be answered within 7 days of receipt permits accurate measurement of performance. The quantitative and specific nature of the appraisal using this standard avoids the vagueness, subjectivity, and personal bias that may afflict other forms of personnel evaluations.
A.Customer orientation is difficult to quantify. B.The standard specified is vague. C.No measure of a positive attitude has been specified for the employee.
64.An organization’s managerial decision-making model for capital budgeting is based on the net present value of discounted cash flows. The same organization’s managerial performance evaluation model is based on annual divisional return on investment. Which of the following is true?
A.Divisional managers are likely to maximize the measures in the decision-making model. B.Divisional managers are likely to maximize the measures in the performance evaluation model. C.The manager has an incentive to accept a project with a positive net present value that initially has a negative effect on net income. D.The use of models with different criteria promotes goal congruence.
Answer (B) is correct.
Effective management control requires performance measurement and feedback. This process affects allocation of resources to organizational subunits. It also affects decisions about managers’ compensation, advancement, and future assignments. Furthermore, evaluating their performance serves to motivate managers to optimize the measures in the performance evaluation model. However, that model may be inconsistent with the organization’s model for managerial decision making.
A.Self-interest provides an incentive to maximize the measures used in performance evaluation. C.A manager evaluated on the basis of annual ROI has an interest in maximizing short-term net income, not long-term NPV. D.The models should be synchronized so that the goals of the organization and the manager are congruent.
65.On a balanced scorecard, which of the following is not a customer satisfaction measure?
A.Market share. B.Economic value added. C.Response time. D.Customer retention.
Answer (B) is correct. Customer satisfaction measures include market share, retention, response time, delivery performance, number of defects, and lead time. Economic value added, or EVA, is a profitability (financial) measure.
A.Customer satisfaction measures reflect customer needs and satisfaction. Market share is a macro-level measurement of customer satisfaction. C. Customer satisfaction measures reflect customer needs and satisfaction. Response time can be a critical service factor in customers’ overall satisfaction. D.Customer satisfaction measures reflect customer needs and satisfaction. Customer retention is an ultimate indicator of an entity’s success
66.A performance audit engagement typically involves
A.Review of financial statement information, including the appropriateness of various accounting treatments. B.Tests of compliance with policies, procedures, laws, and regulations.
C.Appraisal of the business and control environment and comparison against established criteria. D.Evaluation of organizational and departmental structures, including assessments of process flows.
Answer (C) is correct. Performance audit engagements involve review of the business and control environment and key performance indicators against set criteria using balanced scorecards, SWOT analysis, and management control evaluation. A balanced scorecard is an evaluation of performance against established criteria. SWOT analysis appraises the business and potentially the control environment.
A.Financial engagements involve review of financial information B.Compliance engagements involve examining control procedures and compliance with them. D.Operational engagements involve reviewing organizational and departmental structures.
67.An auditor is reviewing an organization’s plan for developing a performance scorecard. Which of the following potential performance measures should the auditor recommend excluding from the performance scorecard?
A.Product innovation. B.Market share. C.Customer satisfaction. D.Employee development.
Answer (A) is correct. The trend in managerial performance evaluation is the balanced scorecard approach. Multiple measures of performance permit a determination as to whether a manager is achieving certain objectives at the expense of others that may be equally or more important. For example, an improvement in operating results at the expense of new product development would be apparent using this approach. The scorecard is a goal congruence tool that informs managers about the nonfinancial factors that top management believes to be important. Measures may be financial or nonfinancial, internal or external, and short term or long term. A typical scorecard includes measures in four categories: profitability; customer satisfaction; innovation; and efficiency, quality, and time. Innovations in the production of goods or services do not typically lend themselves to ongoing performance measurement.
B.Key results in market share track changes in the organization’s competitive position. C.Key results in customer satisfaction help predict future sales.
D.Key results in employee development help predict the ability to attract and retain good employees.
68.An auditor is conducting a review of an organization’s balanced scorecard. The organization’s main objective is to increase market share by 7% in the coming year. Management diverted 5% of the operating budget from the customer service department to the research and development department to increase product innovation. Management had predicted that increased product innovation would increase market share. However, market share did not increase substantially in the first quarter. Which measure should the auditor review as a result of the failure to increase market share?
A.Product innovation. B.Market share. C.Customer satisfaction. D.Employee development.
Answer (C) is correct. The balanced scorecard approach uses multiple measures of performance to determine whether a manager is achieving certain objectives at the expense of others that may be equally or more important. For example, an improvement in product innovation at the expense of customer satisfaction would be apparent using this approach. The scorecard is a goal congruence tool that informs managers about the nonfinancial factors that top management believes to be important. Measures may be financial or nonfinancial, internal or external, and short term or long term. A typical scorecard includes measures in four categories: (1) financial; (2) customer; (3) internal; and (4) learning, growth, and innovation. Key results in customer satisfaction help predict future sales. The effect of diverting funds from the customer service department can be analyzed by reviewing any changes affecting customer satisfaction on the performance scorecard.
A.Innovations in the production of goods or services do not typically lend themselves to ongoing performance measurement. Because increased funding for innovation is correlated with no growth in market share, analyzing product innovation on the performance scorecard is not useful. B.The internal auditor is aware of the organization’s inability to increase market share. This performance measure is quantitative and provides little evidence about the reasons for the lack of increased market share. D.Key results in employee development help predict the ability to attract and retain good employees.
69.Which type of engagement focuses on operations and how effectively and efficiently the organizational units affected will cooperate?
A.Program-results engagement.
B.Process engagement. C.Privacy engagement. D.Compliance engagement.
Answer (B) is correct. Process engagements tend to be challenging because of their scope and the need to deal with subunits that may have conflicting objectives.
A.A program-results engagement obtains information about the costs, outputs, benefits, and effects of a program. C.Privacy engagements address the security of personal information. D.Compliance engagements address compliance with all laws and regulations.
70.An operational assurance engagement may include an assessment of all of the following except
A.Accuracy of financial reporting. B.Development and effectiveness of the budgeting process. C.Quantity of output. D.Disposal of scrap.
Answer (A) is correct. An evaluation of the accuracy of financial reporting is performed during a financial assurance engagement
B.A process engagement is an operational audit engagement that follows a process crossing organizational lines. An assessment of the budgeting process is such an engagement. C.An assessment of the quantity of output is performed during a program-results engagement. D.An assessment of scrap handling and disposal methods is performed during a process engagement.
71.An engagement to evaluate a transportation department is being conducted. Review procedures include an analysis of “rush shipment” requests. The engagement objective in this case is the
A.Financial settlement of the rush shipment. B.Transportation arrangements to be used for rush shipments. C.Determination of the need for rush shipment services. D.Handling of claims for undelivered rush shipment goods.
Answer (C) is correct. An internal auditor concerned with the efficiency and effectiveness of the transportation function should inquire about the entity’s procedures for addressing the appropriate means of moving items from one location to another. Because rush shipment methods tend to be more expensive than the alternatives, the internal auditor should examine the authorization procedures and criteria for such treatment and the possibilities for reducing or eliminating the need.
A.The emphasis in an analysis of requests for a service is on need, not how the service will be paid for. B.The engagement objective is to examine the generation of requests, not the methods by which they are granted. D.Analysis of claims against shipment agencies ordinarily does not shed light on the reasons for rush shipment requests.
72.An operational engagement communication that concerns the scrap disposal function in a manufacturer should address
A.The efficiency and effectiveness of the scrap disposal function and include any observations requiring corrective action. B.Whether the scrap material inventory is reported as a current asset. C.Whether the physical inventory count of the scrap material equals the recorded amount. D.Whether the scrap material inventory is valued at the lower of cost or market.
Answer (A) is correct. An operational engagement (audit) assesses the efficiency and effectiveness of an organization’s operations. Thus, an engagement communication should inform management about the efficiency and effectiveness of the given operations and should discuss observations requiring corrective action.
B.An engagement communication should address the efficiency and effectiveness of the function being evaluated, not reporting in the financial statements.
C.Agreement between the records and the items being evaluated is a primary concern in a financial audit. D.Valuation is an issue in a financial audit.
73.Which type of engagement attempts to measure the accomplishment and relative success of the undertaking?
A.Program-results engagement. B.Privacy engagement. C.Process engagement. D.Compliance engagement.
Answer (A) is correct. A program-results engagement obtains information about the costs, outputs, benefits, and effects of a program. It attempts to measure the accomplishment and relative success of the undertaking. Because benefits often cannot be quantified in financial terms, a special concern is the ability to measure effectiveness. A program is a funded activity not part of the normal, continuing operations of the organization.
B.A privacy engagement addresses the security of personal information. C.A process engagement addresses how effectively and efficiently operating units cooperate. D.A compliance engagement addresses compliance with related laws and regulations.
74.A program-results engagement
A.Obtains information about the costs of the program. B.Attempts to measure the accomplishment and success of the program. C.Concerns the ability to measure the effectiveness of the program. D.All of the answers are correct.
Answer (D) is correct.
A program-results engagement is intended to obtain information about the costs, outputs, benefits, and effects of the program. It attempts to measure the accomplishment and relative success of the undertaking. Because benefits often cannot be quantified in financial terms, a special concern is the ability to measure effectiveness.
A.A program-results engagement also attempts to measure the accomplishment and success of the program and concerns the ability to measure the effectiveness of the program. B.A program-results engagement also obtains information about the costs of the program and concerns the ability to measure the effectiveness of the program. C.A program-results engagement also obtains information about the costs of the program and attempts to measure the accomplishment and success of the program
75.During an operational engagement, an internal auditor observes a large number of above-ground storage containers and a large amount of black emissions from a smokestack. The organization has an environmental safety department. The engagement is not designed to consider environmental concerns. The best course of action is to
A.Make a note to consider environmental risk concerns when developing the engagement plan for the next year, but do not expand the scope of the existing engagement because the budget and risk priorities are already set. B.Report the observations to the audit committee and seek their advice on whether the engagement should be expanded for the environmental audit. C.Document the observations and report them to the environmental safety department. Determine if their response will be timely, and follow-up to determine if they have taken timely action. D.Inquire of local management as to the use of the storage tanks to determine if they are properly classified as an asset. Do not take action on the environmental issues because the internal auditor is untrained in the area, and such action is the responsibility of an already existing department.
Answer (C) is correct. An internal auditor cannot ignore information gathered regardless of whether it is pertinent to the engagement. Because environmental issues have potentially large risks to most organizations, the internal auditor should determine that the environmental safety department is aware of the concerns and is actively monitoring the situation. Follow-up is necessary.
A.internal auditor cannot ignore information about a potentially large risk. B.More information is needed before reporting to the audit committee. The internal auditor should first contact the organization’s environmental safety departme D.The internal auditor should contact the environmental safety department and follow-up the department’s actions. (S)he cannot ignore information gathered.
76.A sales department has been giving away expensive items in conjunction with new product sales to stimulate demand. The promotion seems successful, but management believes the cost may be too high and has asked for a review by the internal audit activity. Which of the following procedures would be the least useful to determine the effectiveness of the promotion?
A.Comparing product sales during the promotion period with sales during a similar non-promotion period. B.Comparing the unit cost of the products sold before and during the promotion period. C.Performing an analysis of marginal revenue and marginal cost for the promotion period, compared to the period before the promotion. D.Performing a review of the sales department’s benchmarks used to determine the success of a promotion.
Answer (B) is correct. The facts do not indicate that the cost of the products sold has changed. Moreover, this procedure does not consider the revenue effects of the promotion. The challenge is to address the overall effectiveness of the promotion.
A.This comparison helps highlight the effectiveness of the promotion in increasing revenues. C.The key analysis is to determine the effect on the organization’s contribution margin (revenues – variable costs D.This procedure is helpful if the sales department has useful information on new customers and repeat purchases.
77.A city operates a job retraining program funded by a governmental agency that requires periodic reports on the program’s effectiveness. The internal auditors randomly select participants in the job retraining program for the past year to determine how many have retained a job. This type of engagement relates to
A.Compliance. B.Operational effectiveness. C.Economy and efficiency. D.Program results.
Answer (D) is correct.
Internal auditors may conduct an operational audit to assess the efficiency and effectiveness of an organization’s operations. A program-results engagement attempts to measure accomplishments and relative success of the program.
A.A compliance audit addresses compliance with laws, regulations, and contracts. B.An operational effectiveness engagement consists of a comprehensive review of the overall job retraining program. C.An economy and efficiency engagement considers the cost of the program compared with objectives achieved.
78.In which type of assurance engagement should an auditor focus on organizational objectives?
A.Financial audit engagement. B.Quality audit engagement. C.Performance audit engagement. D.Operational audit engagement.
Answer (C) is correct. In a performance audit engagement, auditors perform efficient and cost-effective audits by focusing on achievement of organizational objectives, that is, key performance indicators.
A.A financial audit engagement provides assurance about financial reporting to management and the board. B.A quality audit engagement provides assurance that the approved quality structures are in place, and quality processes are functioning as intended. D.An operational audit engagement allows internal auditors to assess the efficiency and effectiveness of an organization’s operations.
79.Direct staff as a percentage of total staff is an example of which of the following types of efficiency measures?
A.Productivity ratio. B.Productivity index. C.Operating ratio.
D.Resource utilization rate.
Answer (C) is correct. The operating ratio measures the operational efficiency of an organization. Staffing is a component of operations, and direct staff as a percentage of total staff is an example of an operating ratio.
A.The productivity ratio measures output relative to input. B.The productivity ratio measures output relative to input. D.The resource usage rate measures resource use relative to available resources.
80.Compliance programs most directly assist organizations by doing which of the following? 1.
Developing a plan for business continuity management.
2.
Determining director and officer liability.
3.
Planning for disaster recovery.
A.1 only. B.2 only. C.1 and 2 only. D.1, 2, and 3.
Answer (B) is correct. Compliance is “adherence to policies, plans, procedures, laws, regulations, contracts, or other requirements” (The IIA Glossary). Such programs assist organizations in preventing inadvertent employee violations, detecting illegal activities, and discouraging intentional employee violations. They also can help (1) prove insurance claims, (2) determine director and officer liability, (3) create or enhance corporate identity, and (4) decide the appropriateness of punitive damages. However, developing a plan for business continuity management and planning for disaster recovery are operational activities not performed during a compliance program.
A.Developing a plan for business continuity management is an operational activity, not part of a compliance program. E-commerce activities, not compliance programs, assist an organization C.Determining director and officer liability is the only activity listed that is performed as part of a compliance program.
D.Developing a plan for business continuity management and planning for disaster recovery are operational activities, not parts of a compliance program.
81.Discipline of employees may be limited by all of the following except
A.Whistleblower laws. B.A requirement to report certain employee violations to a governmental entity. C.Union contracts. D.Exceptions to the employee-at-will doctrine.
Answer (B) is correct. Termination or other discipline of employees may be limited by (1) whistleblower laws; (2) exceptions to the employee-at-will doctrine (the right of an employer to fire an employee for any reason); (3) employee or union contracts; and (4) employer responsibilities with regard to discrimination, wrongful discharge, and requirements to act in good faith. However, a governmental requirement that an entity report certain employee violations is not itself a limitation on the employer’s power to discipline employees.
A.Whistleblower laws limit the termination or other discipline of employees. C.Union contracts limit the termination or other discipline of employees. D.Exceptions to the employee-at-will doctrine limit the termination or other discipline of employees
82.An organization establishes compliance standards and procedures and develops a written business code of conduct to be followed by its employees. Which of the following is true concerning business codes of conduct and the compliance standards?
A.Compliance standards should be straightforward and reasonably capable of reducing the prospect of criminal conduct. B.The compliance standards should be codified in the charter of the audit committee. C.Companies with international operations should institute various compliance programs, based on selective geographic locations, that reflect appropriate local regulations. D.In order to prevent future legal liability, the code should consist of legal terms and definitions.
Answer (A) is correct.
The code of conduct should clearly identify prohibited activities, making compliance standards reasonably capable of reducing the prospect of criminal conduct (i.e., discouraging intentional employee violations). In addition, codes that are straightforward and fair tend to decrease the risk that employees will engage in unethical or illegal behavior.
B.Among the items that must be included in the audit committee’s charter is reviewing the process for communicating the code of conduct to company personnel and for monitoring compliance therewith; actually codifying the compliance standards is inappropriate. C.Companies with international operations should institute a compliance program on a global basis, not just for selective geographic locations. Such programs should reflect appropriate local conditions, laws, and regulations.
D.
The code should be written in a language that all employees can understand, avoiding legalese.
83.Employees have the most confidence in a hotline monitored by which of the following?
A.An expert from the legal department, backed by a nonretaliation policy. B.An in-house representative, backed by a retaliation policy. C.An on-site ombudsperson, backed by a nonretaliation policy. D.An off-site attorney who can better protect attorney-client privilege.
Answer (C) is correct. Although an attorney monitoring the hotline is better able to protect attorney-client and work-product privileges, one study observed that employees have little confidence in hotlines answered by the legal department or by an outside service. The same study showed that employees have even less confidence in write-in reports or an off-site ombudsperson, but have the most confidence in hotlines answered by an in-house representative (or an on-site ombudsperson) and backed by a nonretaliation policy.
A.Employees have little confidence in hotlines answered by the legal department. B.A retaliation policy would dissuade whistleblowers from coming forth due to concern over possible backlash. D.Employees have little confidence in hotlines monitored by the legal department or by an external service provider. Thus, they would have even less confidence in an outside attorney.
84.Internal audit engagements vary in their degree of objectivity. Of the following, which is likely to be the most objective?
A.Compliance engagement relating to an organization’s overtime policy. B.Operational engagement relating to the personnel function’s hiring and firing procedures. C.Performance engagement relating to the marketing department. D.Financial control engagement relating to payroll procedures.
Answer (A) is correct. A compliance engagement relating to overtime policy is likely to be the most objective. It determines whether actual operations conform to specific management policies and procedures, which are likely to be well defined and documented. For example, determining whether overtime was properly paid requires less judgment than whether a control is properly designed.
B.An operational engagement relating to hiring and firing procedures involves substantial subjectivity. Personnel decisions are difficult to quantify. C.Evaluating the creative activities of the marketing department is highly subjective D.Assessment of financial control over payroll procedures is somewhat subjective. Control may be achieved in various ways.
85.Fact Pattern:A certified internal auditor is the chief audit executive for a large city and is planning the engagement work schedule for the next year. The city has a number of different funds, some that are restricted in use by government grants and some that require compliance reports to the government. One of the programs for which the city has received a grant is job retraining and placement. The grant specifies certain conditions a participant in the program must meet to be eligible for the funding.
Q.The internal auditors randomly select participants in the job retraining program for the past year to verify that they had met all the eligibility requirements. This type of engagement is concerned with
A.Compliance. B.Operational effectiveness. C.Economy and efficiency. D.Program results.
Answer (A) is correct. The scope of work of internal auditing includes assurance services that involve evaluating the risk exposures and controls relating to the organization’s governance, operations, and information systems. This evaluation extends to risk exposures and controls regarding compliance with laws, regulations, and contracts. Selection of participants in the job retraining program to verify satisfaction of eligibility requirements is a compliance procedure.
B.An operational effectiveness engagement consists of a comprehensive review of the overall job retraining program. C.An economy and efficiency engagement considers the cost of the program compared with objectives achieved. D.A program-results engagement attempts to measure accomplishments and relative success of the program.
86.A certified internal auditor is the chief audit executive for a large city and is planning the engagement work schedule for the next year. The city has a number of different funds, some that are restricted in use by government grants and some that require compliance reports to the government. One of the programs for which the city has received a grant is job retraining and placement. The grant specifies certain conditions a participant in the program must meet to be eligible for the funding. The chief audit executive plans an engagement to verify that the job retraining program complies with applicable grant provisions. One of the provisions is that the city adopt a budget for the program and subsequently follow procedures to ensure that the budget is adhered to and that only allowable costs are charged to the program. In performing an engagement concerning compliance with this provision, the internal auditors should perform all of the following procedures except
A.Determine that the budget was reviewed and approved by supervisory personnel within the city. B.Determine that the budget was reviewed and approved by supervisory personnel within the granting agency. C.Select a sample of expenditures to determine that the expenditures are (1) properly classified as to type, (2) appropriate to the program, and (3) designed to meet the program’s objectives. D.Compare actual results with budgeted results and determine the reason for deviations. Determine if such deviations have been approved by appropriate officials.
Answer (B) is correct. The activities of the granting agency are not relevant to a compliance engagement relating to the city’s use of the grant funds. The internal auditors are responsible only for determining whether the city is in compliance with the requirements of the grant.
A.The internal auditors should determine that the city has complied with the requirement to adopt a budget. C.Checking a sample of expenditures might reveal expenditures charged to the wrong account to bypass budgeting control. D.The internal auditors should verify that the city has complied with the requirement to adhere to the budget.
87.Fact Pattern: A certified internal auditor is the chief audit executive for a large city and is planning the engagement work schedule for the next year. The city has a number of different funds, some that are restricted in use by government grants and some that require compliance reports to the government. One of the programs for which the city has received a grant is job retraining and placement. The grant specifies certain conditions a participant in the program must meet to be eligible for the funding.
Q:The internal auditors must determine the applicable laws and regulations. Which of the following procedures is the least effective in learning about the applicable laws and regulations?
A.Make inquiries of the city’s chief financial officer, legal counsel, or grant administrators. B.Review prior-year working papers and inquire of officials as to changes. C.Review applicable grant agreements. D.Discuss the matter with the board and make inquiries as to the nature of the requirements and the board’s objectives for the engagement.
Answer (D) is correct. Discussing the matter with the board would not be helpful. The members are not likely to know the applicable laws and regulations. The board’s oversight activities do not provide specific expertise needed to help the internal auditors understand the applicable laws and regulations.
A.Making inquiries of the city’s chief financial officer, legal counsel, or grant administrators is an effective way to learn about the applicable laws and regulations. B.Reviewing prior-year working papers is an effective way to learn about the applicable laws and regulations. D.Reviewing applicable grant agreements is an effective way to learn about the applicable laws and regulations.
88.Which organization is least likely to have a good compliance environment?
A.An international organization that creates a global compliance program that reflects local conditions, laws, and regulations. B.An organization that creates an organizational chart, identifying personnel who are responsible for implementing compliance programs. C.An organization whose code of conduct provides guidance to employees on relevant issues. D.An organization that rewards employees for charging travel hours to take advantage of the tax benefits.
Answer (D) is correct. An organization using reward systems that attach financial incentives to apparently unethical or illegal behavior can expect a poor compliance environment. For instance, an organization rewarding employees for charging travel hours makes itself vulnerable to fraud. Employees may charge false travel hours to receive additional rewards. Thus, the tax benefit of such an incentive may be negated by fraudulent employee practices. A good compliance environment is created when an organization
Develops a written, straightforward business code of conduct that clearly identifies prohibited activities, provides guidance to employees on relevant issues, and decreases the risk that employees will engage in unethical or illegal behavior.
Creates an organizational chart identifying board members, senior officers, a senior compliance officer, and department personnel who are responsible for implementing compliance programs.
Creates a compliance program on a global basis, not just for selective geographic locations, to reflect appropriate local conditions, laws, and regulations.
A.This represents an environment that exemplifies good compliance. B.This represents an environment that exemplifies good compliance. C.This represents an environment that exemplifies good compliance.
89.The chief compliance officer of an organization should report to the
A.Chief executive officer. B.Chief general counsel. C.Chief operating officer. D.Chief audit executive.
Answer (A) is correct.
It is not enough for an organization to create the position of chief compliance officer and to select the rest of the compliance unit. The organization should also ensure that these personnel are appropriately empowered and supplied with the resources necessary for carrying out their mission. Furthermore, compliance personnel should have adequate access to senior management. A reporting structure in which the chief compliance officer reports directly to the chief executive officer is optimal.
B.The chief general counsel in many organizations is assigned chief compliance responsibilities. In many organizations, however, this structure may convince employees that management is not committed to the program and that the program is important only to the legal department. Anyone assigned chief compliance responsibilities should report to the chief executive officer. C.The chief compliance officer should report to the chief executive officer, not the chief operating officer. D.The chief compliance officer should report to the chief executive officer, not the chief audit executive.
90.An organization should use due care not to delegate substantial discretionary authority to individuals the organization knows have a propensity to engage in illegal activities. Which of the following are steps an organization can take to ensure that such individuals are detected? 1)
Screening of applicants for employment at all levels for evidence of past wrongdoing, especially past criminal convictions within the company’s industry.
2)
Asking professionals about any history of discipline in front of licensing boards.
3)
Performing background checks without permission on employees’ or applicants’ credit reports to ensure that they are financially sound and are unlikely to commit theft or fraud.
A.1 only. B.3 only. C.1 and 2 only. D.1, 2, and 3.
Answer (C) is correct. As part of the exercise of due care, an organization can take a number of steps to protect itself against individuals who have a tendency to engage in illegal activities. For instance, an organization can screen applicants for employment at all levels for evidence of past wrongdoing, especially wrongdoing within the organization’s industry. Furthermore, it may inquire as to past criminal convictions, and professionals may be asked about any history of discipline in front of licensing boards. Care should be taken, however, to ensure that the organization does not infringe upon employees’ and applicants’ privacy rights under applicable laws. Many jurisdictions have laws limiting the amount of information an organization may obtain in performing background checks on employees.
A.It is not the only step out of those given that a company can take to protect itself against individuals that have a propensity to engage in illegal activities. B.Performing checks on an employee’s or applicant’s credit report, no matter how noble the reason, infringes upon their privacy rights, under applicable laws. Thus, such an act is considered illegal, and the organization can be held liable. D.Performing checks without permission on an employee’s or applicant’s credit report infringes upon their privacy rights, under applicable laws.
91.An ombudsperson is most effective when the individual 1.
Is located on-site.
2.
Reports to the chief compliance officer or the board of directors.
3.
Is located off-site.
4.
Reports to no one, thus ensuring a whistleblower’s secrecy.
A.2 only. B.1 and 2 only. C.1 and 4 only. D.3 and 4 only.
Answer (B) is correct. Use of an ombudsperson is more effective if the ombudsperson is located on-site, reports directly to the chief compliance officer or the board of directors, keeps the names of whistleblowers secret, provides guidance to whistleblowers, and undertakes follow-up review to ensure that retaliation has not occurred. An ombudsperson must report to someone at a high level in the organization who is empowered to initiate a change in organization policies based on the ombudsperson’s findings; thus, reporting to no one is not an option. In addition, an ombudsperson’s location on-site promotes employee confidence in the ombudsperson.
A.Being located on-site also promotes an ombudsperson’s effectiveness. C.An ombudsperson must report to someone at a high level in the organization that can initiate a change in organization policies, based on the ombudspersons’ findings. D.An ombudsperson should report to someone high-up in the organization that can initiate change based on the ombudsperson’s findings, and the ombudsperson should be located on-site to promote employee confidence.
92.An internal audit plan should include a review of the organization’s compliance program and its procedures, including reviews to determine all but which of the following?
A.The effectiveness of written materials. B.The receipt of communications by employees. C.The appropriate handling of detected violations. D.The performance of full background checks on employees and new hires.
Answer (D) is correct. The audit plan should include a review of the compliance program and its procedures. The review should determine whether (1) written materials are effective, (2) communications have been received by employees, (3) detected violations have been appropriately handled, (4) discipline has been even-handed, (5) whistleblowers have been protected, and (6) the compliance unit has fulfilled its responsibilities. The auditors should review the compliance program to determine whether it can be improved and should solicit employee input. Moreover, organizations should screen applicants for employment at all levels and inquire as to past criminal convictions, taking care not to infringe upon employees’ and applicants’ privacy rights. However, a review of the performance of full background checks is not included in an audit plan as part of the review of an organization’s compliance program.
A.This is a review that is included in an internal audit plan, with regard to the organization’s compliance program and procedures. B.This is a review that is included in an internal audit plan, with regard to the organization’s compliance program and procedures. C.This is a review that is included in an internal audit plan, with regard to the organization’s compliance program and procedures.
93.Which of the following is an effective tool for uncovering unethical or illegal activity in an organization?
A.The screening of applicants. B.The ethics interview. C.The background check. D.The ethics questionnaire.
Answer (D) is correct.
An effective tool for uncovering unethical or illegal activity is the ethics questionnaire. Each employee of the organization should receive a questionnaire that asks whether the employee is aware of kickbacks, bribes, or other wrongdoing.
A.Screening applicants for employment is a way to detect past criminal activity and wrongdoing. Thus, it is of no use in uncovering unethical or currently ongoing illegal activity. B.An ethics interview may cause discomfort to an employee, and an employee may not believe that the interview is protected by privilege or as confidential as an ethics questionnaire. C.The background check is a way to detect past wrongdoing, not ongoing unethical or illegal activities.
94.Which of the following are forms of punishment for those who violate an organization’s code of conduct? 1)
A warning
2)
Loss of pay
3)
Suspension
4)
Termination
A.1 and 2 only. B.1, 3, and 4 only. C.1, 2, and 3 only. D.1, 2, 3, and 4.
Answer (D) is correct. Those who violate the code of conduct should receive punishment appropriate to the offense, such as a warning, loss of pay, suspension, transfer, or termination. Thus, if an employee is found to have committed some illegal act, the organization might have to terminate that employee. This action is consistent with the organization’s obligation to use due care not to delegate substantial discretionary authority to individuals whom the organization knew, or should have known through the exercise of due diligence, had a tendency to commit crimes.
A.All of the choices are ways in which an organization can punish a code of conduct violator. B.All of the choices are ways in which an organization can punish a code of conduct violator. C.All of the choices are ways in which an organization can punish a code of conduct violator.
95.An organization with an effective regulatory compliance program displays which of the following characteristics?
A.It punishes unethical or illegal activity based on seniority. B.It disciplines those who knew of the misconduct and did not report it, but not those who should have known but did not know. C.After an offense is detected, the organization takes the necessary steps, short of modifying its program, to prevent further similar offenses. D.It thoroughly documents employee discipline.
Answer (D) is correct. Organizations should be thorough in documenting employee discipline. The organization should be able to prove that it made its best efforts to collect information with regard to any incident and took appropriate action based upon the information available.
A.Discipline under the program must be fair. The program has only a slight chance of succeeding if unethical or illegal activity goes unpunished, especially if tied to the activities of senior management or big producers. Ignored wrongdoing by such persons will encourage wrongful behavior in the rest of the workforce. B.The program should provide for the discipline of managers and other responsible persons who knew or should have known of misconduct and did not report it. C.After an offense has been detected, the organization should take all reasonable steps to respond appropriately and prevent further similar offenses. Any necessary modifications to its program to prevent and detect violations of law should be made.
96.Which of the following is true regarding appropriate responses to an offense detected by an organization’s compliance program? 1.
Disciplinary action taken against those engaged in misconduct is an appropriate response.
2.
Self-reporting the violation to the government is an appropriate response.
3.
Acceptance of responsibility for the violation is an appropriate response.
4.
An appropriate response can lower the amount of an organization’s court fines.
A.1 and 2 only. B.1 and 3 only. C.1, 2, and 3 only.
D.1, 2, 3, and 4.
Answer (D) is correct. An organization should respond appropriately to each offense detected by the compliance program. Appropriate responses include disciplinary action taken with regard to those who engaged in misconduct. In some circumstances, an appropriate response could require self-reporting the violation to the government, cooperation with governmental investigations, and the acceptance of responsibility for the violation. Making these responses could result in a court’s reduction of the amount of the organization’s fine. A similar result may follow when the compliance program is effective.
A.They are all true statements regarding appropriate responses to an offense detected by an organization’s compliance program. B.They are all true statements regarding appropriate responses to an offense detected by an organization’s compliance program. C.They are all true statements regarding appropriate responses to an offense detected by an organization’s compliance program.
97.What is the role of a chief audit executive (CAE) with regard to an inspection by a regulator?
A.Meet with the regulator before and after the inspection to provide relevant information or receive advice on necessary compliance. B.Meet with the regulator after the inspection to dispute any negative findings about compliance. C.Tour the facility with the regulator to ensure that no problems are uncovered. D.Meet with specific managers to protect proprietary information.
Answer (A) is correct. The internal audit activity must evaluate, among other things, operational risk exposures and related controls regarding compliance with laws and regulations (Impl. Stds. 2120.A1 and 2130.A1). Thus, the CAE has an interest in gathering information for compliance audits and in determining whether the organizational response has been appropriate. Moreover, cooperation is part of an appropriate response.The CAE should not attempt to mislead or influence the regulator in any way. To make the process easier for all parties involved, however, the CAE may provide any relevant information before the inspection. Afterward, the CAE may confer with the regulator to discuss compliance issues.
B.The CAE is not qualified to dispute regulatory findings. C.The CAE should not be present during the process.
D.Meeting with managers or other organization personnel to mislead the regulator is most likely illegal.
98.An airline is preparing for an inspection of its operations by a government agency. The agency emphasizes inspecting whether safety modifications required by the government have been made on aircraft. Penalties for violations are severe. The chief audit executive has been asked to audit the modification records and inspect the fleet of aircraft to determine whether required modifications have been made and properly documented. The auditors will be performing a(n)
A.Operational audit. B.Financial audit. C.Due diligence audit. D.Compliance audit.
Answer (D) is correct. The internal auditors have been asked to perform a compliance audit. According to The IIA Glossary, compliance is “adherence to policies, plans, procedures, laws, regulations, contracts, or other requirements.” Moreover, in an assurance engagement, the internal audit activity must evaluate risk exposures related to the organization’s governance, operations, and information systems. Organizational compliance programs help to prevent unintentional violations, detect illegality, and deter intentional violations. Internal auditors should assess compliance in specific areas as part of their role in organizational governance. Compliance audits determine whether actual operations comply with specific standards, i.e., specific policies, procedures, laws, etc. In this audit, the auditors must review operating controls and transactions for conformity with laws and regulations applying to modifications of aircraft.
A.In an operational audit, internal auditors perform a comprehensive review of the various functions within the organization to appraise the efficiency and economy of operations and the effectiveness with which those functions achieve their objectives. This audit focuses on only one area of the organization. B.A financial audit reviews accounting and financial transactions to determine whether financial information was properly recorded and adequately supported. C.A due diligence audit is a service in which internal auditors and others (external auditors, tax experts, finance professionals, attorneys, etc.) determine the business justification for a major transaction, such as a business combination, joint venture, or divestiture. This type of audit would be performed if the airline were considering a merger with another airline.
99.Senior management has requested a compliance audit of the organization’s employee benefits package. Which of the following is considered the primary engagement objective by both the chief audit executive and senior management?
A.The level of organizational contributions is adequate to meet the program’s demands. B.Individual programs are operating in accordance with contractual requirements and government regulations. C.Participation levels support continuation of individual programs. D.Benefit payments, when appropriate, are accurate and timely.
Answer (B) is correct. The internal audit activity evaluates risk exposures related to governance, operations, and information systems regarding, among other things, compliance with laws, regulations, and contracts. Based on the risk assessment, the internal audit activity evaluates the adequacy and effectiveness of controls encompassing governance, operations, and information systems. This evaluation should include, among other things, compliance with laws, regulations, and contracts (Impl. Stds. 2110.A2 and 2120.A1). Operation in accordance with contracts and regulations takes precedence over all other objectives because it relates to the most basic aspects of the programs.
A.Contributions concern specific engagement objectives subsumed by the primary objective of compliance with laws, regulations, and contracts. C.Participation levels concern specific engagement objectives subsumed by the primary objective of compliance with laws, regulations, and contracts. D.Benefit payments concern specific engagement objectives subsumed by the primary objective of compliance with laws, regulations, and contracts.
100.In some countries, governmental units have established audit standards. For example, in the United States, the Government Accountability Office has developed standards for the conduct of governmental audits, particularly those that relate to compliance with government grants. In performing governmental grant compliance audits, the auditor should
A.Be guided only by the governmental standards. B.Be guided only by The IIA Standards because they are more encompassing. C.Be guided by the more general standards that have been issued by the public accounting profession. D.Follow both The IIA Standards and any additional governmental standards.
Answer (D) is correct. Rule of Conduct 4.2 of The IIA Code of Ethics states, “Internal auditors shall perform internal auditing services in accordance with the International Standards for the Professional Practice of Internal Auditing.” Furthermore, an internal auditor is legally obligated to adhere to governmental standards when performing governmental grant compliance audits.
A.The internal auditor should not only follow the governmental standards. B.An internal auditor is legally obligated to adhere to governmental standards when performing governmental grant compliance audits. C.The internal auditor should follow the standards established for those types of audits.
PART 2 UNIT 3
Question: 1 To better monitor the performance of operating management, executive management has requested that the internal auditors examine interim financial statements that are prepared for internal use only. Although interim financial statements have been prepared for several years, this will be the first time that the internal auditors have been involved. The primary reason for this request was that executive management was surprised at the lower-than-anticipated net profit eventually reflected in last year’s audited financial statements. Earnings had been artificially manipulated on quarterly financial statements. In their work on this year’s interim financial statements, internal auditors are likely to focus on which of the following? A.
Whether payables have been accrued properly at the end of the interim period.
B.
The timing of revenue recognition and the valuation of inventories.
C.
Whether accounting estimates are reasonable given past actual results.
D. Whether there have been changes in accounting principles that materially affect the financial statements. Answer (B) is correct. Many manipulations are possible. For example, net profit will be overstated if current-period revenues include sales that should be recognized in a subsequent period. Premature recognition may result from failure to maintain a proper cutoff of transactions at the end of the period. Overstatement of ending inventories also overstates net profit by understating cost of sales. A Understating payables affects earnings only if expenses would have been debited. C Estimates used in interim financial statements are often approximate and usually would not materially distort the financial statements. D Such changes usually must be approved by executive management and normally do not lead to surprises. Question: 2
The financial reporting process encompasses the steps to
A.
Detect all fraud that is occurring throughout the organization.
B.
Create information to help prepare the financial statements and related notes.
C.
Provide all staff with information regarding raises and promotions.
D.
Make sure the internal control matches up the specifications from the AICPA.
Answer (B) is correct.
The financial reporting process encompasses the steps to create the information and prepare financial statements, related notes, and other accompanying disclosures in the organization’s financial reports. A An auditor only needs to provide reasonable assurance about detecting fraud. All fraud does not have to be detected. C Raises and promotions are not part of the financial reporting process. D There are no guidelines that the auditor needs to match up internal controls with. They must use judgment and the AICPA does not have an internal control checklist that all companies must follow. Question: 3 The personnel department receives an edit listing of payroll changes processed at every payroll cycle. If it does not verify the changes processed, the result could be A.
Undetected errors in payroll rates for new employees.
B.
Inaccurate payroll deductions.
C.
Labor hours charged to the wrong account in the cost reporting system.
D.
Employees not being asked if they want to contribute to the company pension plan.
Answer (A) is correct. The personnel department is responsible for authorization and execution of payroll transactions, e.g., hiring of new employees and determining their pay rates. Hence, this department’s verification of the payroll changes listing used in data processing is an important control over payroll processing. B Inaccurate payroll deductions could be caused by errors in payroll rates. C Labor hours should come from the time reporting system (time card or time sheet), not the list of payroll changes. D Inspection of the listing of payroll changes would indicate whether contributions by eligible employees have begun to be deducted, not whether employees have been asked about contributing to the pension plan. Question: 4 Which of the following best describes an internal auditor’s initial responsibility regarding errors uncovered during a financial statement audit? A.
Report the material errors.
B.
Assess the risk of misrepresentation.
C.
Discuss the situation with the engagement client.
D.
Inform the audit committee.
Answer (B) is correct. The internal auditor’s initial responsibility when discovering errors is to assess the risk of misrepresentation. Only errors having a material effect on the financial statements must be reported to the client and audit committee. A Material errors are reported after they have been properly assessed. C The internal auditor first must assess the risk of misrepresentation before discussing the errors with the engagement client. D The internal auditor should only inform the audit committee if the errors have a material effect on the financial statements, which cannot be determined until after a risk assessment has been performed. Question: 5 The previous year’s audited financial statements had higher debt-to-equity than was expected. In their work on this year’s interim financial statements, internal auditors are most likely to emphasize A.
Whether payables were accrued properly at the end of the interim period.
B.
The timing of revenue recognition and the measurement of inventories.
C.
Whether accounting estimates are reasonable given past actual results.
D. Whether changes in accounting principles have occurred that materially affect the financial statements. Answer (A) is correct. Misstating payables directly affects the debt-to-equity ratio, which is used by creditors and shareholders in investing decisions. Understating liabilities understates the ratio. B Manipulations involving revenues and inventories affect earnings performance. Inventory measurements directly affect cost of goods sold and related asset accounts. C Estimates used in interim financial statements often are approximate and usually do not materially misstate the financial statements. D Changes in accounting principles usually must be approved by executive management and normally do not lead to surprises.
Question: 6 A specific objective of an audit of a company’s expenditure cycle is to determine whether all goods paid for have been received and charged to the correct account. This objective addresses which of the following primary objectives identified in the Standards? 1. 2. 3. 4.
Reliability and integrity of financial and operational information. Compliance with laws, regulations, policies, procedures, and contracts. Effectiveness and efficiency of operations and programs. Safeguarding of assets.
A.
1 and 2 only.
B.
1 and 4 only.
C.
1, 2, and 4 only.
D.
2, 3, and 4 only.
Answer (B) is correct. Determining whether all goods paid for have been received addresses safeguarding of assets. Determining whether the correct accounts have been charged addresses the reliability and integrity of financial information. A The specific engagement objective does not address compliance, but it does address safeguarding of assets. C The specific engagement objective does not address compliance. D The specific engagement objective may address effectiveness of operations but does not address efficiency or compliance. Fact Pattern: You are an internal auditing supervisor who is reviewing the working papers of a staff internal auditor’s overall examination of the firm’s sales function. The pages are not numbered or crossreferenced. Furthermore, the working papers were dropped and reassembled at random before they were brought to you. You decide to put the working papers in the proper order according to the Standards. The first stage of this activity is to identify each page as a part of the preliminary survey, the review of the adequacy of control processes, the review for effectiveness of control processes, or the review of results. Question: 7 The first page the supervisor selects documents a test of controls performed during the course of the engagement. This page belongs with which activity? A.
Preliminary survey.
B.
Review for adequacy of control processes.
C.
Review for effectiveness of control processes.
D.
Review of results.
Answer (C) is correct. Internal auditors are charged with evaluating the adequacy and effectiveness of controls in responding to risks within the organization’s governance, operations, and information systems (Impl. Std. 2130.A1). Effectiveness is present if management directs processes so as to provide reasonable assurance that objectives and goals will be achieved. A A test from a prior engagement might be reviewed in the preliminary survey as background material. A current test would not yet be performed. B Adequacy is present if management has planned and designed in a manner that provides reasonable assurance that objectives and goals will be achieved efficiently and economically. Tests of controls are not performed in reviews for adequacy of the system. D Tests of controls are not performed in a review of results. Internal auditors review operations and programs to ascertain the extent to which results are consistent with goals and objectives. The purpose is to determine whether they are being implemented or performed as intended. Fact Pattern: You are an internal auditing supervisor who is reviewing the working papers of a staff internal auditor’s overall examination of the firm’s sales function. The pages are not numbered or crossreferenced. Furthermore, the working papers were dropped and reassembled at random before they were brought to you. You decide to put the working papers in the proper order according to the Standards. The first stage of this activity is to identify each page as a part of the preliminary survey, the review of the adequacy of control processes, the review for effectiveness of control processes, or the review of results. Question: 8 The third page the supervisor selects is a blank copy of the sales contract form now in use by the organization. Annotated on the form in several places are the words “key control” followed by a brief explanation. The supervisor recognizes the writing as that of the staff internal auditor who performed the engagement. This document belongs with which activity? A.
Preliminary survey.
B.
Review for adequacy of control processes.
C.
Review for effectiveness of control processes.
D.
Review of results.
Answer (B) is correct. Internal auditors are charged with evaluating risk exposures relating to, and the adequacy and effectiveness of controls encompassing, the organization’s governance, operations, and information systems (Impl. Stds. 2120.A1 and 2130.A1). Adequacy is present if management has planned and
designed in a manner that provides reasonable assurance that objectives and goals will be achieved efficiently and economically. The sales contract form is apparently a “key control” that has been planned and designed into the system. A The standard sales contract form might be obtained during the on-site survey portion of the preliminary survey. An analysis of the form indicating the existence and adequacy of key control activities could also be performed as part of the preliminary survey. However, the activity described involves a review for adequacy regardless of its timing. C The form is blank. A completed form would be required to provide information that the system is effective. D The form is blank. No data are available for testing to determine results. Question: 9
Controls should be designed to ensure that
A.
Operations are performed efficiently.
B.
Management’s plans have not been circumvented by worker collusion.
C. The internal audit activity’s guidance and oversight of management’s performance is accomplished economically and efficiently. D.
Management’s planning, organizing, and directing processes are properly evaluated.
Answer (A) is correct. The purpose of control processes is to support the organization in the management of risks and the achievement of its established and communicated objectives. The control processes are expected to ensure, among other things, that operations are performed efficiently and achieve established results. B Collusion is an inherent limitation of internal control. C The board provides oversight of risk management and control processes administered by management. D Controls are actions by management, the board, and others to manage risk and increase the likelihood that established goals and objectives will be achieved (The IIA Glossary). The internal audit activity evaluates the effectiveness of control processes. Thus, controls do not directly address management’s planning, organizing, and directing processes. Internal auditors evaluate management processes to determine whether reasonable assurance exists that objectives and goals will be achieved. Question: 10
The function of internal auditing, as related to communicating results, is to
A.
Ensure compliance with reporting procedures.
B.
Review the expenditure items and match each item with the expenses incurred.
C.
Determine whether any employees are expending funds without authorization.
D.
Identify inadequate controls that increase the likelihood of unauthorized expenditures.
Answer (D) is correct. The internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement (Perf. Std. 2130). A Ensuring compliance is a management, not an internal audit, responsibility. B Actual outflows of funds and accrued expenses are unlikely to be equal. C Determining whether unauthorized expenditures are occurring is a management, not an internal audit, responsibility. Question: 11 The chief audit executive’s responsibility for assessing and reporting on control processes includes A. Communicating to senior management and the board an annual judgment about internal control. B.
Overseeing the establishment of internal control processes.
C.
Maintaining the organization’s governance processes.
D.
Arriving at a single assessment based solely on the work of the internal audit activity.
Answer (A) is correct. The CAE’s report on the organization’s control processes is normally presented once a year to senior management and the board. B Senior management is responsible for overseeing the establishment of internal control processes. C The board is responsible for establishing and maintaining the organization’s governance processes. D The challenge for the internal audit activity is to evaluate the effectiveness of the organization’s system of controls based on the aggregation of many individual assessments. Those assessments are largely gained from internal auditing engagements, management’s self assessments, and external assurance providers’ work. Question: 12 An internal auditor fails to discover an employee fraud during an assurance engagement. The nondiscovery is most likely to suggest a violation of the International Professional Practices Framework if it was the result of a A.
Failure to perform a detailed review of all transactions in the area.
B.
Determination that any possible fraud in the area would not involve a material amount.
C. Determination that the cost of extending procedures in the area would exceed the potential benefits. D.
Presumption that the internal controls in the area were adequate and effective.
Answer (D) is correct. The internal audit activity evaluates the adequacy and effectiveness of controls (Impl. Std. 2130.A1). Moreover, the internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement (Perf. Std. 2130). Thus, an internal auditor must not simply assume that controls are adequate and effective. A Due professional care does not require detailed reviews of all transactions. B The relative complexity, materiality, or significance of matters to which assurance procedures are applied should be considered. C The internal auditor should consider the cost of assurance in relation to potential benefits. Fact Pattern: The chief audit executive (CAE) of a mid-sized internal audit activity was concerned that management might outsource the internal auditing function. Thus, the CAE adopted a very aggressive program to promote the internal audit activity within the organization. The CAE planned to present the results to senior management and the board and recommend modification of the internal audit activity’s charter after using the new program. The following lists six actions the CAE took to promote a positive image within the organization: 1. Engagement assignments concentrated on efficiency. The engagements focused solely on cost savings, and each engagement communication highlighted potential costs to be saved. Negative observations were omitted. The focus on efficiency was new, but the engagement clients seemed very happy. 2. Drafts of all engagement communications were carefully reviewed with the engagement clients to get their input. Their comments were carefully considered when developing the final engagement communication. 3. The information technology internal auditor participated as part of a development team to review the control procedures to be incorporated into a major computer application under development. 4. Given limited resources, the engagement manager performed a risk assessment to establish engagement work schedule priorities. This was a marked departure from the previous approach of ensuring that all operations are evaluated on at least a 3-year interval. 5. To save time, the CAE no longer required that a standard internal control questionnaire be completed for each engagement. 6. When the internal auditors found that the engagement client had not developed specific criteria or data to evaluate operations, the internal auditors were instructed to perform research,
develop specific criteria, review the criteria with the engagement client, and, if acceptable, use them to evaluate the engagement client’s operations. If the engagement client disagreed with the criteria, a negotiation took place until acceptable criteria could be agreed upon. The engagement communication commented on the engagement client’s operations in conjunction with the agreed-upon criteria. Question: 13
Is Action 5 inappropriate?
A. Yes. Internal control should be evaluated on every engagement, but the internal control questionnaire is not the mandated approach to evaluate the controls. B. No. Internal auditors may omit necessary procedures if there is a time constraint. It is a matter of professional judgment. C. Yes. Internal control should be evaluated on every engagement, and the internal control questionnaire is the most efficient method to do so. D. No. Internal auditors are not required to fill out internal control questionnaires on every engagement. Answer (D) is correct. The internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement (Perf. Std. 2130). However, internal auditors are not required to fill out standard internal control questionnaires. The information documented in questionnaires may be found in other working papers, such as flowcharts, checklists, and narratives. A Internal control should be evaluated on every engagement, but the internal control questionnaire is not the mandated approach to evaluate the controls. Therefore, Action 5 is appropriate. B Internal auditors cannot omit necessary procedures as a result of a time constraint. C The internal control questionnaire is not required on every engagement. Question: 14
An internal auditor’s role with respect to operating objectives and goals includes
A.
Approving the operating objectives or goals to be met.
B.
Determining that they conform with those of the organization.
C.
Developing and implementing control procedures.
D.
Accomplishing desired operating program results.
Answer (B) is correct.
Internal auditors should ascertain the extent to which operating and program goals and objectives have been established and conform to those of the organization. A Approving the operating objectives or goals to be met is an operational matters that is the responsibility of management. C Developing and implementing control procedures is an operational matter that is the responsibility of management. D Accomplishing desired operating program results is an operational matter that is the responsibility of management. Question: 15 In any organization-wide risk management assessment, the CAE should include risks associated with which of the following activities? A.
Environmental.
B.
Health.
C.
Safety.
D.
All of the answers are correct.
Answer (D) is correct. The CAE includes environmental, health, and safety (EHS) risks in any organization-wide risk management assessment and assesses the activities in a balanced manner relative to other types of risk associated with an organization’s operations. A Environmental, health, and safety is generally conceived of as a unified function, and must be included in any organization-wide risk management assessment. B Environmental, health, and safety is generally conceived of as a unified function, and must be included in any organization-wide risk management assessment. C Environmental, health, and safety is generally conceived of as a unified function, and must be included in any organization-wide risk management assessment. Question: 16 A manufacturing organization uses hazardous materials in production of its products. An audit of these hazardous materials may include 1. Recommending an environmental management system as a part of policies and procedures. 2. Verifying the existence of “cradle to grave” (creation to destruction) tracking records for these materials. 3. Using consultants to avoid self-incrimination of the firm in the event illegalities were detected in an environmental audit. 4. Evaluating the cost provided for in an environmental liability accrual account.
A.
2 only.
B.
1 and 2 only.
C.
1, 2, and 4 only.
D.
3 and 4 only.
Answer (C) is correct. The use of external service providers by the internal audit activity is to provide knowledge, skills, and other competencies that are not available with the current staffing of internal audit. The use of consultants cannot shield the organization from liability for illegal acts. A A hazardous materials audit may also include recommending an environmental management system and evaluating the cost provided for in an environmental liability accrual account. B A hazardous materials audit may include evaluating the cost provided for in an environmental liability accrual account. D Use of consultants cannot shield the firm from liability for illegal acts. Question: 17 An organization is considering purchasing a commercial property. Because of the location of the property and the known recent history of activities on the property, management has asked the internal audit activity, in cooperation with legal counsel, to provide a preliminary identification of any environmental liability. The strongest reason supporting management’s decision to request such an investigation is A. The potential for future liability may outweigh any advantages achieved by obtaining the property. B. Management will be able to pay a lower price for the property if environmental contamination can be identified. C. The current owner would be required by law to clean up all identified contamination before the sale is closed. D. Regulatory agencies require a purchaser to identify and disclose all actual and potential instances of contamination. Answer (A) is correct. The internal auditors should conduct a transactional audit prior to the acquisition of property. A current landowner may be held responsible for environmental contamination by previous owners. Thus, a buyer (or lender) can attempt to identify and quantify a problem, determine its extent, and estimate the potential liability and cost of cleanup. This information can then be reflected in the terms of the transaction.
B Although the price of contaminated property may be lower, management may want to avoid the potential liability altogether by not purchasing the property. C The current owner may agree to clean up the site but may be under no legal obligation to do so. D Purchasers are not required to disclose any instances of contamination, whether actual or potential. Question: 18
Which of the following suggestions for the CAE related to EHS auditing is false?
A. The CAE should foster a close working relationship with the chief environmental officer and coordinate activities with the plan for environmental auditing. B. At least once every three years, the CAE should schedule a quality assurance review of the environmental audit function if it is organizationally independent of the internal audit function. C. The CAE should evaluate the organizational placement and independence of the environmental audit function to ensure that significant matters resulting from serious risks to the enterprise are reported up the chain of command. D. The CAE should evaluate whether the environmental auditors, who are not part of the CAE’s organization, are in compliance with recognized professional auditing standards and a recognized code of ethics. Answer (B) is correct. The CAE should foster a close working relationship with the chief environmental officer and coordinate activities with the plan for environmental auditing. If the environmental audit function reports to someone other than the CAE, the CAE should offer to review the audit plan and the performance of engagements. Periodically, the CAE schedules a quality assurance review of the environmental audit function if it is organizationally independent of the internal audit activity. The review determines whether the environmental risks are being adequately addressed. The CAE evaluates whether the environmental auditors, who are not part of the CAE’s organization, conform with recognized professional auditing standards and a recognized code of ethics. The CAE evaluates the organizational placement and independence of the environmental audit function to ensure that significant matters resulting from serious risks to the organization are reported up the chain of command to the board. A The CAE should foster a close working relationship with the chief environmental officer and coordinate activities. C The organizational placement and independence of the environmental audit function should be evaluated by the CAE. D The CAE should evaluate the credentials of the environmental auditors. Question: 19 An internal auditor has been requested to perform a review of an organization’s process for developing accruals for its liability to clean up toxic waste sites. The audit should determine whether
A. The organization monitors governmental investigations to identify locations where it may be potentially responsible for a waste site clean-up. B. The organization has identified the situations in which it is potentially responsible for cleaning up a waste site. C.
Clean-up costs are reasonably estimated.
D.
All of the answers are correct.
Answer (D) is correct. The internal auditor must perform an environmental liability accrual audit. Such accruals are necessary because all owners of hazardous materials in the chain of title are liable. Hence, a contingent liability may exist not only when an organization is a current owner of a toxic waste site but also when it is a former owner. The organization should therefore engage in sufficient fact finding to identify potential liabilities and estimate their amounts. A The audit should verify that the organization has identified potential clean-up sites, that it tracks governmental investigations for that purpose, and that it recognizes contingent liabilities if they are probable and the losses can be reasonably estimated. B The audit should verify that the organization has identified potential clean-up sites, that it tracks governmental investigations for that purpose, and that it recognizes contingent liabilities if they are probable and the losses can be reasonably estimated. C The audit should verify that the organization has identified potential clean-up sites, that it tracks governmental investigations for that purpose, and that it recognizes contingent liabilities if they are probable and the losses can be reasonably estimated. Question: 20 Management is evaluating the need for an environmental audit program. Which one of the following should not be included as an overall program objective? A.
Conduct site assessments at all waste-producing facilities.
B.
Verify organizational compliance with all environmental laws.
C.
Evaluate waste minimization opportunities.
D.
Ensure management systems are adequate to minimize future environmental risks.
Answer (A) is correct. Site assessment is a procedure, not an objective. B An objective in a compliance audit is to verify compliance with all environmental laws. C An objective in a pollution prevention audit is to evaluate waste minimization opportunities.
D An objective in an environmental management system audit is to ensure management systems are adequate to minimize future environmental risks. Question: 21 In many countries, the organization generating hazardous waste is responsible for the waste from “cradle to grave” (creation to destruction). A potential risk to the organization is the use of an external service provider to process hazardous waste. Which of the following steps are performed during a review of the waste vendor? A.
Review the vendor’s documentation on hazardous material.
B.
Review the financial solvency of the vendor.
C.
Review the vendor’s emergency response planning.
D.
All of these steps are performed during a review of the waste vendor.
Answer (D) is correct. In addition to the procedures listed, the internal auditor determines that the vendor is approved by the governmental entity that is responsible for environmental protection and should obtain the vendor’s permit number. The internal auditor also should conduct an inspection of the vendor’s facilities. A Each is only one of several steps to be performed when reviewing hazardous waste vendors. B Each is only one of several steps to be performed when reviewing hazardous waste vendors. C Each is only one of several steps to be performed when reviewing hazardous waste vendors. Question: 22 An advantage of conducting environmental audits under the direction of the internal audit activity is that A.
Independence and authority are already in place.
B.
Technical expertise is more readily available.
C.
The financial aspects are de-emphasized.
D.
Internal auditing work products are confidential.
Answer (A) is correct. The chief audit executive (CAE) evaluates the organizational placement and independence of the environmental audit function to ensure that significant matters resulting from serious risks to the enterprise are reported up the chain of command to the board. The CAE also facilitates the reporting of significant EHS risk and control issues to the board. Thus, an advantage of conducting environmental audits under the direction of the internal audit activity is its position in the organization. The internal audit activity has an established place in the organization and normally has a broad scope of work permitting ready assimilation of the new function. Moreover, the CAE is responsible to an individual in
the organization with sufficient authority to promote independence and to ensure broad audit coverage, adequate consideration of engagement communications, and appropriate action on engagement recommendations. B Environmental audits are highly complex and require technical expertise. This complexity is an advantage of employing an environmental audit group directed by a technically oriented department. Internal auditors normally do not have the technical expertise necessary to assume primary responsibility. C An internal audit activity is preferable when financial issues are important. D The Standards require engagement results to be disseminated to appropriate parties (Perf. Std. 2440). Question: 23 Management is exploring different ways of reducing or preventing pollution in manufacturing operations. The objective of a pollution prevention audit is to identify opportunities to minimize waste and eliminate pollution at the source. In what order should the following opportunities to reduce waste be considered? 1. 2. 3. 4. 5.
Recycling and reuse Elimination at the source Energy conservation Recovery as a usable product Treatment
A.
5, 2, 4, 1, and 3.
B.
4, 2, 1, 3, and 5.
C.
1, 3, 4, 2, and 5.
D.
3, 4, 2, 5, and 1.
Answer (B) is correct. The first step in the pollution prevention hierarchy is to determine whether production processes yield materials that can be sold as separate products. The second step is source reduction, for example, by reengineering processes. The third step is recycling and reuse. Step four is conservation of energy. Step five is treatment and disposal. The release of pollutants into the environment is not a viable alternative. A Recovery of waste and pollution as a usable product is the most appropriate goal; treatment is the least. C Recovery of waste and pollution as a usable product has a higher priority than either elimination at the source or energy conservation. D Recovery of waste and pollution as a usable product is a better solution than any of the other choices offered.
Question: 24 All of the following would be part of a factory’s control system to prevent release of wastewater that does not meet discharge standards except A. Performing chemical analysis of the water, prior to discharge, for components specified in the permit. B. Specifying (by policy, training, and advisory signs) which substances may be disposed of via sinks and floor drains within the factory. C. Periodically flushing sinks and floor drains with a large volume of clean water to ensure pollutants are sufficiently diluted. D.
Establishing a preventive maintenance program for the factory’s pretreatment system.
Answer (C) is correct. Periodic dilution may not always prevent the release of pollutants that exceed the discharge limits. In the pollution prevention hierarchy used in pollution prevention audits, release without treatment is the least desirable option. A Performing chemical analysis of the water, prior to discharge, for components specified in the permit is part of a factory’s control system. B Specifying (by policy, training, and advisory signs) which substances may be disposed of via sinks and floor drains within the factory is part of a factory’s control system. D Establishing a preventive maintenance program for the factory’s pretreatment system is part of a factory’s control system. Question: 25 As part of a manufacturing company’s environmental, health, and safety (EHS) selfinspection program, inspections are conducted by a member of the EHS staff and the operational manager for a given work area or building. If a deficiency cannot be immediately corrected, the EHS staff member enters it into a tracking database that is accessible to all departments via a local area network. The EHS manager uses the database to provide senior management with quarterly activity reports regarding corrective action. During review of the self-inspection program, an auditor notes that the operational manager enters the closure information and affirms that corrective action is complete. What change in the control system would compensate for this potential conflict of interest? A. No additional control is needed because the quarterly report is reviewed by senior management, providing adequate oversight in this situation. B. No additional control is needed because those implementing a corrective action are in the best position to evaluate the adequacy and completion of that action. C. After closure is entered into the system, review by the EHS staff member of the original inspection team should be required in order to verify closure.
D. The EHS department secretary should be responsible for entering all information into the tracking system based on memos from the operational manager. Answer (C) is correct. Someone independent of the operational area that was inspected should evaluate the adequacy and completeness of corrective action. This independent verification minimizes the potential for closure fraud by the operational manager. A Although senior managers may use the report to question why certain corrective actions may be behind schedule, they do not know whether the corrective actions were actually completed. B Although the operational managers may in fact be the most knowledgeable about the corrective action, independent verification is preferable. D The EHS staff may enter the initial inspection results. However, having the secretary enter closure data does not improve control in the absence of an independent review. This procedure is also less efficient and timely than having the data entered directly into the field. Question: 26 Internal auditors are increasingly called on to perform audits related to an organization’s environmental stewardship. Which of the following does not describe the objectives of a type of environmental audit? A. Determine whether environmental management systems are in place and operating properly to manage future environmental risks. B.
Determine whether environmental issues are considered as part of economic decisions.
C.
Determine whether the organization’s current actions are in compliance with existing laws.
D. Determine whether the organization is focusing efforts on ensuring that its products are environmentally friendly, and confirm that product and chemical restrictions are met. Answer (B) is correct. Determining whether environmental issues are considered as part of economic decisions is an audit procedure. It does not describe the objectives of an environmental audit. A An environmental management system audit determines whether environmental management systems are in place and operating properly to manage future environmental risks. C A compliance audit determines whether the organization’s current actions are in compliance with existing laws. D A product audit determines whether the organization focuses efforts on ensuring that its products are environmentally friendly and confirms that product and chemical restrictions are met.
Question: 27 What type of audit assesses the environmental risks and liabilities of land or facilities prior to a property transaction? A.
Pollution prevention audit.
B.
Compliance audit.
C.
Transactional audit.
D.
Product audit.
Answer (C) is correct. Transactional audits (also called acquisition and divestiture audits, property transfer site assessments, property transfer evaluations, and due diligence audit) assess the environmental risks and liabilities of land or facilities prior to a property transaction. A A pollution prevention audit determines how waste can be minimized and pollution can be eliminated at the source. B A compliance audit is most common for industries. They are detailed site-specific audits of current operations. D A product audit determines whether products are environmentally friendly and whether product and chemical restrictions are being met. Question: 28 Smith Ice Plant (SIP) is located on the Mississippi River. SIP has a history of leaking pollutants into the Mississippi. Among the following environmental risk exposures, which one does SIP not have to evaluate as part of its organization-wide environmental risk management assessment? A.
History of financial distress.
B.
Likelihood of water pollution fines.
C.
History of employee injuries.
D.
Likelihood of loss of public reputation.
Answer (A) is correct. As part of an environmental risk assessment, the CAE evaluates the following risk exposures: (1) organizational reporting structures; (2) likelihood of environmental harm, fines, and penalties; (3) expenditures mandated by governmental agencies; (4) history of injuries and deaths; (5) history of losing customers; and (6) episodes of negative publicity and loss of public image and reputation. The history of financial distress is not included in the list of environmental risk exposures. B The likelihood of environmental harm, fines, and penalties is included in the list of environmental risk exposures to be evaluated.
C The history of deaths and injuries is included in the list of environmental risk exposures to be evaluated. D Episodes of negative publicity and loss of public image and reputation are included in the list of environmental risk exposures to be evaluated. Question: 29 Which of the following is true about the interaction of the internal audit function and the environmental audit function? A. If the environmental audit function reports to someone other than the CAE, the CAE should not offer to review the audit plan since (s)he was not consulted to do so. B. It is not advantageous for the internal audit function to conduct environmental audits since it is too busy with its current responsibilities. C. The CAE should evaluate whether the environmental auditors are conforming to recognized professional auditing standards and a recognized code of ethics. D. The CAE should not evaluate the organizational placement and independence of the environmental audit function since the internal function has no control over a separate environmental audit function. Answer (C) is correct. This is a proper interaction between the environmental audit function and the internal audit function. A When the environmental audit function reports to someone other than the CAE, the CAE offers to review the audit plan and the performance of engagements. B The internal audit activity has an established place in the organization and normally has a broad scope of work permitting ready assimilation of the new function. Thus, it is advantageous to conduct environmental audits under the direction of the internal audit activity because of its position within the organization. D The CAE evaluates the organizational placement and independence of the environmental audit function to ensure that matters resulting from serious risks to the organization are reported up the chain of command to the board. Question: 30 An internal auditor discovers during an engagement involving the entity’s environmental, health, and safety (EHS) department that department personnel are poorly informed about legal issues resulting from discharging waste into municipal water sources. The EHS function is small. Which of the following is the best course of action for the auditor to take? A. Note the control weakness and perform additional procedures to help determine its potential effects.
B. Arrange for a training session for the EHS staff with experts in the field of wastewater legal issues. C.
Immediately narrow the scope of the engagement to examine wastewater discharge.
D.
Report possible violations to the relevant regulatory authority.
Answer (A) is correct. The most appropriate actions for the auditor are to design field work to detect possible instances of noncompliance and to recommend additional training for the EHS staff. B Arranging training is an appropriate role for management, not the internal auditor. C The client department is small. Thus, the engagement should have a broad scope. Changing the scope based only on employees’ lack of knowledge of certain legal matters is premature. D Auditors ordinarily should not report violations or suspected violations of laws or regulations to regulatory agencies unless required by law. Question: 31 include 1. 2. 3. 4.
A manufacturer uses hazardous materials in production. An audit of these materials may
Evaluating whether the organization complies with new environmental regulations. Recommending an environmental management system as a part of policies and procedures. Verifying the existence of tracking records for these materials from their creation to destruction. Examining the likelihood and magnitude of any contingent liabilities related to compliance with environmental law.
A.
3 and 4 only.
B.
2 and 3 only.
C.
2, 3, and 4 only.
D.
1, 2, 3, and 4.
Answer (D) is correct. According to The IIA Research Foundation, “An environmental management system is an organization’s structure of responsibilities and policies, practices, procedures, processes, and resources for protecting the environment and managing environmental issues. Environmental auditing is an integral part of an environmental management system whereby management determines whether the organization’s environmental control systems are adequate to ensure compliance with regulatory requirements and internal policies.”
A A hazardous materials audit may also include recommending an environmental management system and evaluating the cost provided for in an environmental liability accrual account (contingent liability related to compliance). B A hazardous materials audit also may include evaluating (1) the effects of contingent liabilities resulting from environmental compliance and (2) whether the organization complies with new regulations. C A hazardous materials audit also may include evaluating whether the organization complies with new environmental regulations. Question: 32
Which of the following is not an objective of an environmental audit program?
A.
Perform walkthroughs of all processes that contain identified environmental risks.
B.
Verify organizational compliance with all environmental laws.
C. Review the reasonableness and likelihood of contingent liabilities accrued for environmental remediation. D.
Ensure management systems are adequate to minimize future environmental risks.
Answer (A) is correct. Performing a walkthrough is a procedure, not an objective. B An objective in a compliance audit is to verify compliance with all environmental laws. C An objective in an environmental audit is to evaluate the possibility of environmental liability accruals. D An objective in an environmental management system audit is to ensure management systems are adequate to minimize future environmental risks. Fact Pattern: An organization has two manufacturing facilities. Each facility has two manufacturing processes and a separate packaging process. The processes are similar at both facilities. Raw materials used include aluminum, materials to make plastic, various chemicals, and solvents. Pollution occurs at several operational stages, including raw materials handling and storage, process chemical use, finished goods handling, and disposal. Waste products produced during the manufacturing processes include several that are considered hazardous. The nonhazardous waste is transported to the local landfill. An outside waste vendor is used for the treatment, storage, and disposal of all hazardous waste. Management is aware of the need for compliance with environmental laws. The organization recently developed an environmental policy including a statement that each employee is responsible for compliance with environmental laws.
Question: 33 If the internal audit activity is assigned the responsibility of conducting an environmental audit, which of the following actions should be performed first? A.
Conduct risk assessments for each site.
B.
Review organizational policies and procedures and verify compliance.
C.
Provide the assigned staff with technical training.
D.
Review the environmental management system.
Answer (C) is correct. The internal audit activity collectively must possess or obtain the necessary knowledge, skills, and other competencies needed to conduct the audit properly (Attr. Std. 1210). Thus, providing the assigned staff with adequate training or employing qualified external service providers is a first step in an environmental audit. A The internal auditors should conduct risk assessments for each site only after qualified people have been assigned to the project. B Audit procedures to verify compliance with company policies and procedures are performed only after an audit staff with the needed knowledge, skills, and other competencies is assigned to the audit. D Internal auditors should review the environmental management system only after qualified people have been assigned to the project. Question: 34 Internal auditors may provide consulting services that add value and improve an organization’s operations. The performance of these services A. Impairs internal auditors’ objectivity with respect to an assurance service involving the same engagement client. B.
Precludes generation of assurance from a consulting engagement.
C.
Should be consistent with the internal audit activity’s empowerment reflected in the charter.
D.
Imposes no responsibility to communicate information other than to the engagement client.
Answer (C) is correct. According to Impl. Std. 1000.C1, the nature of consulting services must be defined in the charter. A Consulting services do not necessarily impair objectivity. Decisions to implement recommendations made as a result of a consulting service are made by management. Thus, decision making by management does not impair the internal auditors’ objectivity.
B Assurance and consulting services are not mutually exclusive. One type of service may be generated from the other. D A primary internal audit value is to provide assurance to senior management and audit committee directors. Consulting engagements cannot be rendered in a manner that masks information that in the judgment of the chief audit executive (CAE) should be presented to senior executives and board members. Question: 35
Consulting services
A. May enhance the auditor’s understanding of business processes or issues related to an assurance engagement but will always impair the auditor’s or the internal audit activity’s independence. B. To be performed by the internal audit activity should be authorized by management if they do not represent a conflict of interest. C.
Should not be performed by the internal audit activity because they impair objectivity.
D. Are a natural extension of assurance and investigative services and may represent informal or formal advice, analysis, or assessments. Answer (D) is correct. Much of consulting is a natural extension of assurance and investigative services and may represent informal or formal advice, analysis, or assessments. The internal audit activity is uniquely positioned to perform this type of consulting work based on (a) its adherence to the highest standards of objectivity and (b) its breadth of knowledge about organizational processes, risk, and strategies. A Consulting services may enhance the auditor’s understanding of business processes or issues related to an assurance engagement and do not necessarily impair the internal audit activity’s objectivity and independence. B The board empowers the internal audit activity to perform additional services if they do not represent a conflict of interest or detract from its obligations to the board. C An organization may find that the internal audit activity is uniquely qualified for some formal consulting tasks. Question: 36 Advisory and related client service activities, the nature and scope of which are agreed upon with the client, are best described as A.
Internal audit services.
B.
Assurance services.
C.
Consulting services.
D.
External assurance services.
Answer (C) is correct. The IIA defines consulting services as “advisory and related client service activities, the nature and scope of which are agreed upon with the client and which are intended to add value and improve an organization’s governance, risk management, and control processes while not assuming management responsibility. Examples include counsel, advice, facilitation, and training.” A The definition that is given is The IIA definition of consulting services with The IIA’s proposed change. B The definition that is given is The IIA definition of consulting services with The IIA’s proposed change. D The definition that is given is The IIA definition of consulting services with The IIA’s proposed change. Question: 37
Which of the following statements is false?
A. A disciplined, systematic evaluation methodology is incorporated in each internal audit activity. The list of services can generally be incorporated into two broad categories of assurance and consulting. B. Assurance and consulting are mutually exclusive and do preclude other auditing services such as investigations and nonauditing roles. C.
Many audit services will have both an assurance and consultative role.
D.
Internal audit consulting enriches value-adding internal auditing.
Answer (B) is correct. Certain principles guide the performance of consulting activities of internal auditors. For example, assurance and consulting are not mutually exclusive and do not preclude other auditing services such as investigations and nonauditing roles. A This is a true statement. C This is a true statement. D This is a true statement. Question: 38 Before internal auditors begin to offer consulting services to an organization, a number of things need to happen within the organization. What is the order in which the following items should be performed? 1. The internal audit charter is amended to include authority and responsibilities for consulting activities. 2. The CAE confirms that the board understands and approves the concept of providing consulting services.
3. The internal audit activity develops appropriate policies and procedures for conducting such engagements. A.
1, 2, 3.
B.
2, 3, 1.
C.
2, 1, 3.
D.
3, 2, 1.
Answer (C) is correct. Prior to offering consulting services, the chief audit executive confirms that the board understands and approves the concept of providing consulting services. Once approved, the internal audit charter is amended to include authority and responsibilities for consulting activities. The internal audit activity then develops appropriate policies and procedures for conducting such engagements. A The order given in these solutions is incorrect. B The order given in these solutions is incorrect. D The order given in these solutions is incorrect. Question: 39 Who is responsible for determining the methodology to use for classifying engagements within the organization? A.
The chief audit executive.
B.
Management.
C.
The board.
D.
The audit committee.
Answer (A) is correct. The chief audit executive determines the methodology to use for classifying engagements within the organization. In some circumstances, it may be appropriate to conduct a blended engagement that incorporates elements of both consulting and assurance activities into one consolidated approach. In other cases, it may be appropriate to distinguish between the assurance and consulting components of the engagement. B The CAE is the individual who should determine the methodology to use for classifying engagements within the organization. C The CAE is the individual who should determine the methodology to use for classifying engagements within the organization.
D The CAE is the individual who should determine the methodology to use for classifying engagements within the organization. Question: 40 When internal auditors perform a consulting engagement, what is the best statement of their responsibility regarding risk? A.
Be alert to the existence of significant risks.
B.
Consider only the risk consistent with engagement objectives.
C.
Address risk consistent with engagement objectives and be alert to certain other risks.
D.
Assume responsibility for managing risks.
Answer (C) is correct. During consulting engagements, internal auditors must address risk consistent with the engagement’s objectives and be alert to the existence of other significant risks (Impl. Std. 2120.C1). Moreover, internal auditors must incorporate knowledge of risks gained from consulting engagements into their evaluation of the organization’s risk management processes (Impl. Std. 2120.C2). A Internal auditors also must address risk consistent with engagement objectives. B Internal auditors also must be alert to the existence of other significant risks. D A consulting engagement may involve assisting management with the establishment or improvement of risk management processes. In such an engagement, internal auditors must not assume any management responsibility by actually managing risks (Impl. Std. 2120.C3). Question: 41 Senior management of an entity has requested that the internal audit activity provide ongoing internal control training for all managerial personnel. This is best addressed by a(n) A.
Formal consulting engagement agreement.
B.
Informal consulting engagement agreement.
C.
Special consulting engagement agreement.
D.
Emergency consulting engagement agreement.
Answer (A) is correct. Consulting services are advisory and related client service activities, the nature and scope of which are agreed upon with the client and intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples include counsel, advice, facilitation, process design, and training. Thus, internal control training is a consulting service. Such training should be planned and is continuous. It should be subject to a consulting agreement that is formal and written even though it is with the internal audit activity.
Formality ensures that the needs and expectations of those who will be trained are recognized and satisfied. B An informal consulting engagement agreement applies more to routine tasks. C A special consulting engagement agreement applies more to occasional, one-time special arrangements. D An emergency consulting engagement agreement applies more to unplanned engagements. Question: 42 organization?
Which of the following is true about the principle of value proposition to an
A.
The internal audit function does not add value to an organization.
B.
Only the consulting activities of the internal audit function provide value.
C.
Both the assurance and consulting activities add value to the organization.
D.
Only the assurance activities of the internal audit function add value to the organization.
Answer (C) is correct. Both the assurance and consulting activities add value to the organization. A The value proposition of the internal audit activity is realized within every organization that employs internal auditors in a manner that suits the culture and resources of that organization. That value proposition is captured in the definition of internal auditing and includes assurance and consulting activities. B The assurance activity adds value in addition to the consulting activities. D The consulting activity also adds value in addition to the assurance activity. Question: 43
Which of the following is the proper way for an internal auditor to resolve conflict?
1. By the guidelines set out in the organization’s code of conduct 2. By the guidelines set out in The IIA’s Code of Ethics 3. The procedures designated by the CAE A.
1 and 2.
B.
3 only.
C.
1, 2, and 3.
D.
2 only.
Answer (D) is correct.
An internal auditor is first and foremost an internal auditor. Thus, in the performance of all services, the internal auditor is guided by The IIA’s Code of Ethics and the Standards. A In the performance of all services, the internal auditor is guided by The IIA’s Code of Ethics and the Standards. B In the performance of all services, the internal auditor is guided by The IIA’s Code of Ethics and the Standards. C This answer choice improperly includes the organization’s code of conduct and the procedures set out by the CAE in addition to the correct choice of the guidelines in The IIA’s Code of Ethics. Question: 44 Senior management of an entity has requested that the internal audit activity assist the purchasing function’s switch from a manual entry inventory system to a fully automated inventory system. This service is best performed in a(n) A.
Formal consulting engagement agreement.
B.
Informal consulting engagement agreement.
C.
Special consulting engagement agreement.
D.
Emergency consulting engagement agreement.
Answer (C) is correct. A special consulting engagement agreement applies to occasional, one-time special arrangements. Senior management should delegate the transition from a manual system to an automated system to the internal audit function to ensure proper design and implementation of the system. A A formal consulting engagement agreement applies to planned and continuous arrangements. B An informal consulting engagement agreement applies to routine tasks. D An emergency consulting engagement agreement applies to unplanned engagements. Question: 45 An internal auditor performed a formal consulting engagement for XYZ Corporation on June 1, Year 1. When is the earliest time the auditor can perform assurance services for XYZ Corporation and be considered independent and objective? A.
January 1, Year 2.
B.
June 1, Year 2.
C.
July 1, Year 1.
D.
June 2, Year 1.
Answer (B) is correct. Independence and objectivity may be impaired if assurance services are provided within 1 year after a formal consulting engagement. Steps can be taken to minimize the effects of impairment by assigning different auditors to perform each of the services, establishing independent management and supervision, defining separate accountability for the results of the projects, and disclosing the presumed impairment. A An internal auditor’s independence and objectivity may be impaired if they perform assurance services within 1 year after a formal consulting engagement. C An internal auditor’s independence and objectivity may be impaired if they perform assurance services within 1 year after a formal consulting engagement. D An internal auditor’s independence and objectivity may be impaired if they perform assurance services within 1 year after a formal consulting engagement. Question: 46 Internal auditors should design the scope of work in a consulting engagement to ensure that all of the following will be maintained except A.
Independence.
B.
Integrity.
C.
Credibility.
D.
Professionalism.
Answer (A) is correct. Internal auditors need to reach an understanding of the objectives and scope of the consulting engagement with those receiving the service. During a consulting engagement, the internal auditor is acting as an advocate for management, and independence is not required. B Internal auditors should design the scope of work to ensure that professionalism, integrity, credibility, and reputation of the internal audit activity will be maintained. C Internal auditors should design the scope of work to ensure that professionalism, integrity, credibility, and reputation of the internal audit activity will be maintained. D Internal auditors should design the scope of work to ensure that professionalism, integrity, credibility, and reputation of the internal audit activity will be maintained. Question: 47 The internal auditor for ABC Corporation has received a special request from management. The internal auditor believes that the objectives that should be pursued go beyond those requested by management. What should the internal auditor do?
A. Refuse to accept the engagement unless management can be persuaded to include the additional objectives in the consulting engagement. B. Include the objectives that are necessary in the current consulting engagement and inform management in the final communication of the engagement results. C. Document the fact that the objectives were not pursued and disclose that observation to the audit committee in a formal report. D.
Try to persuade management to include the additional objectives in the consulting engagement.
Answer (D) is correct. In planning formal consulting engagements, internal auditors design objectives to meet the appropriate needs of management officials receiving these services. In the case of special requests by management, internal auditors may consider the following actions if they believe that the objectives that should be pursued go beyond those requested by management: (1) persuade management to include the additional objectives in the consulting engagement; or (2) document that the objectives were not pursued, disclose that observation in the final communication of consulting engagement results, and include the objectives in a separate and subsequent assurance engagement. A The internal auditor has no reason not to accept the consulting engagement. B The internal auditor must not perform any services that go beyond the scope or objectives of the services understood and agreed upon with management. C The internal auditor is only reporting to those receiving the services during a consulting engagement, i.e., management. Question: 48 Substantial risk exposures or material control weaknesses discovered during a formal consulting engagement are brought to the attention of management. In some situations, the internal auditor’s concerns also are communicated to A.
Executive management.
B.
Audit committee.
C.
Board of directors.
D.
All of the answers are correct.
Answer (D) is correct. Internal auditors need to be observant of the effectiveness of risk management and control processes during formal consulting engagements. Substantial risk exposures or material control weaknesses are brought to the attention of management. In some situations, the auditor’s concerns should also be communicated to senior management or the board. [According to The IIA Glossary, the board includes
“a committee or other body to which the governing body has delegated certain functions (e.g., an audit committee).”] A The internal auditor may feel it is necessary to communicate his concerns to all of these groups. B The internal auditor may feel it is necessary to communicate his concerns to all of these groups. C The internal auditor may feel it is necessary to communicate his concerns to all of these groups. Question: 49 An internal auditor concludes that the results of a consulting engagement should be communicated beyond those who received or requested the services. The auditor follows a series of steps until satisfied with the resolution. In what order will the auditor perform the following steps? 1. Attempt to convince those receiving or requesting the service to expand voluntarily the communication to the appropriate parties. 2. Determine what guidance is provided in the organization’s code of conduct, code of ethics, and other relative policies, administrative directives, or procedures. 3. Determine what direction is provided in the agreement concerning the consulting engagement and related communications. A.
2, 1, 3.
B.
1, 2, 3.
C.
3, 1, 2.
D.
1, 3, 2.
Answer (C) is correct. When expanding the reporting to other parties, the auditor takes the following steps until satisfied with the resolution of the matter: 1. Determine what direction is provided in the agreement concerning the consulting engagement and related communications. 2. Attempt to persuade those receiving or requesting the service to expand voluntarily the communication to the appropriate parties. 3. Determine what guidance is provided in the internal audit charter or audit activity’s policies and procedures concerning consulting communications. 4. Determine what guidance is provided in the organization’s code of conduct, code of ethics, and other relative policies, administrative directives, or procedures. 5. Determine what guidance is provided by The IIA’s Standards and Code of Ethics, other standards or codes applicable to the auditor, and any legal or regulatory requirements that relate to the matter under consideration. A They are not listed in the correct order that should be followed.
B They are not listed in the correct order that should be followed. D They are not listed in the correct order that should be followed. Question: 50
Which statement about consulting engagements is true?
A. Documentation requirements applicable to assurance engagements apply to consulting engagements. B. The internal audit activity may assume management responsibility to the extent agreed upon with the client. C. Internal auditors keep senior management and the board informed about how audit resources are being deployed. D. Work programs for formal consulting engagements address policies and issues related to ownership of consulting engagement records to protect the organization and avoid any potential misunderstandings. Answer (C) is correct. Internal auditors disclose to management, the board, or other governing body of the organization the nature, extent, and overall results of formal consulting engagements along with other reports of internal audit activities. Internal auditors keep senior management and the board informed about how audit resources are being deployed. Neither detail reports of these consulting engagements nor the specific results and recommendations are required to be communicated. A Documentation requirements applicable to assurance engagements do not necessarily apply to consulting engagements. B Consulting services are advisory and related client service activities, the nature and scope of which are agreed with the client, and are intended to add value and improve an organization’s governance, risk management, and control processes without the internal auditor assuming management responsibilities. D Work programs for formal consulting engagements document the objectives and scope of the engagement as well as the methodology to be used in satisfying the objectives. Question: 51 The internal auditor should decline to perform which of the following types of consulting engagements? A. Engagements that have no conflict with the policies and procedures of the internal audit activity. B. Engagements in which the internal audit staff lacks the knowledge needed to perform part of the engagement.
C.
Engagements that are allowed by the terms of the internal audit charter.
D.
Engagements that add value and promote the best interests of the organization.
Answer (B) is correct. The internal auditor should decline to perform consulting engagements that are prohibited by the terms of the internal audit charter, conflict with the policies and procedures of the internal audit activity, or do not add value and promote the best interests of the organization. “The chief audit executive must decline the consulting engagement or obtain competent advice and assistance if the internal audit staff lacks the knowledge, skills, or other competencies needed to perform all or part of the engagement” (Impl. Std. 1210.C1). A Engagements that have no conflict with the policies and procedures of the internal audit activity are permissible. C Engagements that are allowed by the terms of the internal audit charter are permissible. D Engagements that add value and promote the best interests of the organization are permissible. Question: 52 After the chief audit executive receives approval from the board to offer consulting services, what should be done? A.
The CAE should begin performing consulting services.
B.
The CAE should get approval from the internal auditors.
C.
The internal audit charter should be amended.
D. The board should develop appropriate policies and procedures for conducting such engagements. Answer (C) is correct. The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter (Attr. Std. 1000). The nature of consulting services must be defined in the internal audit charter (Impl. Std. 1000.C1). A After the CAE receives board approval, the internal audit charter must be amended and the CAE must establish policies and procedures. B The CAE does not need to get additional approval from the internal auditors. Only board approval is required. D The CAE must establish policies and procedures to guide the internal audit activity.
Question: 53 George is the new internal auditor for XYZ Corporation. George was in charge of payroll for XYZ just 10 months ago. Performing what services in regard to payroll is considered an impairment of independence or objectivity if performed by George? A.
Consulting services.
B.
Assurance services.
C.
Assurance or consulting services.
D.
Neither assurance nor consulting services.
Answer (B) is correct. Objectivity is presumed to be impaired if an internal auditor provides assurance services for an activity for which the internal auditor had responsibility within the previous year. Thus, if George provides assurance services for payroll, his objectivity is presumed to be impaired. However, internal auditors may provide consulting services relating to operations for which they had previous responsibilities (Impl. Std. 1130.C1). A Internal auditors may provide consulting services relating to operations for which they had previous responsibilities (Impl. Std. 1130.C1). C Providing assurance services regarding payroll will impair the independence or objectivity of George. D Providing consulting services regarding payroll will not impair the objectivity of George. Question: 54 When an internal auditor has a potential impairment of independence or objectivity relating to a proposed consulting engagement, what action must be taken? A.
The internal auditor must immediately refuse the consulting engagement.
B.
The internal auditor must not disclose the potential impairment to the chief audit executive.
C. The internal auditor need not disclose the potential impairment and may accept the engagement. D. The internal auditor must disclose the potential impairment to the engagement client prior to accepting the engagement. Answer (D) is correct. Impl. Std. 1130.C2 states that if independence or objectivity is potentially impaired in relation to a proposed consulting service, disclosure must be made to the engagement client prior to accepting the engagement. A The internal auditor does not need to refuse the engagement but must properly disclose the potential impairment to the client.
B The internal auditor must disclose the potential impairment to the engagement client. C The internal auditor must properly disclose the potential impairment to the engagement client before accepting the engagement. Question: 55 If impairments of independence or objectivity exist prior to commencement of a consulting engagement or develop during the engagement, what action should be taken? A.
Disclosure should be made immediately to engagement client.
B.
Disclosure should be made immediately to the board.
C.
Disclosure should be made immediately to the external auditors.
D.
The internal auditor should withdraw from the engagement.
Answer (A) is correct. If internal auditors have potential impairments to independence or objectivity relating to proposed consulting services, disclosure must be made to the engagement client prior to accepting the engagement (Impl. Std. 1130.C2). B Disclosure should be made to the engagement client because it is the party benefiting from the consulting services. C No disclosure need be made to the external auditors. D An informed engagement client may not object to an impairment of independence or objectivity. Question: 56
An example of an internal nonfinancial benchmark is
A.
The labor rate of comparably skilled employees at a major competitor’s plant.
B.
The average actual cost per pound of a specific product at the company’s most efficient plant.
C.
A US $50,000 limit on the cost of employee training programs at each of the company’s plants.
D.
The percentage of customer orders delivered on time at the company’s most efficient plant.
Answer (D) is correct. Benchmarking is a continuous evaluation of the practices of the best organizations in their class and the adaptation of processes to reflect the best of these practices. It entails analysis and measurement of key outputs against those of the best organizations. This procedure also involves identifying the underlying key actions and causes that contribute to the performance difference. The percentage of orders delivered on time at the company’s most efficient plant is an example of an internal nonfinancial benchmark.
A The labor rate of comparably skilled employees at a major competitor’s plant is a financial measure. B The average actual cost per pound of a specific product at the company’s most efficient plant is a financial measure. C A US $50,000 limit on the cost of employee training programs at each of the company’s plants is a financial measure. Question: 57 The phase of the benchmarking process in which the team must be able to justify its recommendations is the A.
Prioritize benchmarking projects phase.
B.
Implementation phase.
C.
Data analysis phase.
D.
Researching and identifying best in class performance phase.
Answer (B) is correct. Leadership is most important in the implementation phase of the benchmarking process because the team must be able to justify its recommendations. Also, the process improvement teams must manage the implementation of approved changes. A This is the stage where businesses must understand key business processes and drivers. C The data analysis phase entails identifying performance gaps and understanding the reasons they exist. D This stage involves the setting up of databases and information-gathering methods. Question: 58 Which of the following is not a critical step in the researching and identifying best-inclass performance phase? A.
Setting up databases.
B.
Choosing information-gathering methods.
C.
Formatting questionnaires.
D.
Employee training and empowerment.
Answer (D) is correct. The critical steps in the researching and identifying phase are setting up databases, choosing information-gathering methods, formatting questionnaires, and selecting benchmarking partners. Employee training and empowerment is part of total quality management (TQM).
A Setting up databases is a critical step in the researching and identifying phase. B Choosing information-gathering methods is a critical step in the researching and identifying phase. C Formatting questionnaires is a critical step in the researching and identifying phase. Question: 59
Which of the following statements regarding benchmarking is false?
A. Benchmarking involves continuously evaluating the practices of best-in-class organizations and adapting company processes to incorporate the best of these practices. B.
Benchmarking, in practice, usually involves a company’s formation of benchmarking teams.
C. Benchmarking is an ongoing process that entails quantitative and qualitative measurement of the difference between the company’s performance of an activity and the performance by the best in the world or the best in the industry. D. The benchmarking organization against which a firm is comparing itself must be a direct competitor. Answer (D) is correct. Benchmarking is an ongoing process that entails quantitative and qualitative measurement of the difference between the company’s performance of an activity and the performance by a best-in-class organization. The benchmarking organization against which a firm is comparing itself need not be a direct competitor. The important consideration is that the benchmarking organization be an outstanding performer in its industry. A It is a true statement about benchmarking. B It is a true statement about benchmarking. C It is a true statement about benchmarking. Question: 60
What is the first phase in the benchmarking process?
A.
Organize benchmarking teams.
B.
Select and prioritize benchmarking projects.
C.
Researching and identifying best-in-class performance.
D.
Data analysis.
Answer (B) is correct. The first phase in the benchmarking process is to select and prioritize benchmarking projects. The next phase is to organize benchmarking teams. Researching and identifying best-in-class is the third phase in
the benchmarking process. The fourth phase is data analysis, and the final phase is the implementation phase. A Organizing benchmarking teams is a subsequent phase. C Researching and identifying best-in-class performance is a subsequent phase. D Data analysis is a subsequent phase. Question: 61
Which of the following is true of benchmarking?
A. Benchmarking is typically accomplished by comparing an organization’s performance with the performance of its closest competitors. B.
Benchmarking can be performed by using only qualitative comparisons.
C.
Benchmarking is normally limited to manufacturing operations and production processes.
D. Benchmarking is accomplished by comparing an organization’s performance to that of the bestperforming organizations. Answer (D) is correct. Benchmarking is one of the primary tools used in the implementation of a total quality management approach. It is a means of helping organizations with productivity management and business process review. It is therefore a source of consulting engagements for the internal auditors. Benchmarking is a continuous evaluation of the practices of the best organizations in their class and the adaptation of processes to reflect the best of these practices. It entails analysis and measurement of key outputs against those of the best organizations. This procedure also involves identifying the underlying key actions and causes that contribute to the performance difference. Benchmarking is an ongoing process that entails quantitative and qualitative measurement of the difference between the organization’s performance of an activity and the performance by the best in the world. The benchmark organization need not be a competitor. A Benchmarking involves a comparison with industry leaders or world-class operations. It uses either industry-wide amounts (to protect the confidentiality of information provided by participating organizations) or amounts from cooperating organizations. B Benchmarking can be performed using both qualitative and quantitative comparisons; a company does not need to choose one or the other. C Benchmarking can be applied to all of the functional areas in an organization. In fact, manufacturing often tends to be industry-specific, whereas activities such as processing an order or paying an invoice are not. Nonmanufacturing functions often provide a greater opportunity to improve by learning from global leaders.
Question: 62 An organization wants to improve on its performance measures for a new business line. Which type of benchmarking is most likely to provide information useful for this purpose? A.
Functional.
B.
Competitive.
C.
Generic.
D.
Internal.
Answer (A) is correct. Benchmarking is one of the primary tools used in the implementation of a TQM approach. It is a means of helping organizations with productivity management and business process review. It is therefore a source of consulting engagements for the internal auditors. Benchmarking is a continuous evaluation of the practices of the best organizations in their class and the adaptation of processes to reflect the best of these practices. It entails analysis and measurement of key outputs against those of the best organizations. This procedure also involves identifying the underlying key actions and causes that contribute to the performance difference. The type of benchmarking most likely to help improve performance measures for a new business line is functional benchmarking. Comparison with organizations that perform related functions within the same technological area provides information about what is being achieved elsewhere in the new business line. B Comparison with the best competitors focuses on performance in related organizations as a whole and likely includes some activities unrelated to the new business line. C Comparison of processes that are virtually the same regardless of industry (such as document processing) would not be as helpful as comparison of processes that are similar in function. D Comparison against the best within the same organization may be misleading. It does not provide information about what is being accomplished outside the organization in the new business line. Question: 63 A company with many branch stores has decided to benchmark one of its stores for the purpose of analyzing the accuracy and reliability of branch store financial reporting. Which one of the following is the most likely measure to be included in a financial benchmark? A.
High turnover of employees.
B.
High level of employee participation in setting budgets.
C.
High amount of bad debt write-offs.
D.
High number of suppliers.
Answer (C) is correct.
The level of bad debts written off as uncollectible is a benchmark stated in financial terms. A level exceeding the benchmark could indicate fraud, which compromises the accuracy and reliability of financial reports. Bad debt write-offs may result from recording fictitious sales. A Turnover of employees is not a financial benchmark. B Employee participation in setting budgets is not a financial benchmark. D The number of suppliers is not a financial benchmark. Question: 64
Which of the following best describes process (function) benchmarking?
A.
Studying an organization in the same industry.
B.
Comparing a process in one operation with a similar process but in a different industry.
C.
Studying operations of organizations with similar processes regardless of industry.
D.
Applying best practices in one part of the organization to its other parts.
Answer (C) is correct. Studying the operations of organizations with similar processes regardless of industry is process (function) benchmarking. Thus, the benchmark need not be a competitor or similar organization. A Studying an organization in the same industry is competitive benchmarking. B Comparing a process in one operation with a similar process but in a different industry is generic benchmarking. D Applying best practices in one part of the organization to its other parts is internal benchmarking. Question: 65 A manufacturer compares its accounts payable practices with those of an investment bank. This comparison is an example of A.
Generic benchmarking.
B.
Strategic benchmarking.
C.
Competitive benchmarking.
D.
Internal benchmarking.
Answer (A) is correct. Generic benchmarking observes a process in one operation and compares it with a similar process but in a different industry. B Strategic benchmarking is a search for successful competitive strategies.
C Competitive benchmarking studies an organization in the same industry. D Internal benchmarking is the application of best practices in one part of the organization to its other parts. Question: 66 A.
An example of a competitive financial benchmark is
The labor rate of comparably skilled employees at a major competitor’s plant.
B. The average actual cost per pound of a specific product at the organization’s most efficient plant. C.
A data cap on the information technology department at each plant.
D. The customer satisfaction rating of a comparable process from an organization in a different industry. Answer (A) is correct. The labor rate at a major competitor’s plant is an example of a competitive benchmark in the form of a financial measure. A competitive benchmarking studies a competitor organization. B The average actual cost per pound of a specific product at the organization’s most efficient plant is an internal financial measure. C A data cap on the information technology department is an internal control rather than a benchmark. D The customer satisfaction rating of a similar process of an organization in a different industry is a nonfinancial process benchmark. Question: 67 An organization has decided to benchmark one of its stores for the purpose of analyzing the reliability of branch store financial reporting. All of the following are financial benchmarks except A.
High employee-driven sales.
B.
High level of customer satisfaction.
C.
High amount of inventory spoilage.
D.
Decrease in branch borrowings.
Answer (B) is correct. Customer satisfaction is not a financial benchmark. Levels of customer satisfaction can be used to identify branch stores whose customer satisfaction ratings are significantly lower than anticipated. A Employee-driven sales is a financial benchmark. C The amount of inventory spoilage is a financial benchmark.
D The amount of liabilities assumed by branch stores is a financial benchmark. Fact Pattern: The legislative auditing bureau of a country is required to perform compliance engagements involving organizations that are issued defense contracts on a cost-plus basis. Contracts are clearly written to define acceptable costs, including developmental research cost and appropriate overhead rates. During the past year, the government has engaged in extensive outsourcing of its activities. The outsourcing included contracts to run cafeterias, provide janitorial services, manage computer operations and systems development, and provide engineering of construction projects. The contracts were modeled after those used for years in the defense industry. The legislative internal auditors are being called upon to expand their efforts to include compliance engagements involving these contracts. Upon initial investigation of these outsourced areas, the internal auditor found many areas in which the outsourced management has apparently expanded its authority and responsibility. For example, the contractor that manages computer operations has developed a highly sophisticated security program that may represent the most advanced information security in the industry. The internal auditor reviews the contract and sees reference only to providing appropriate levels of computing security. The internal auditor suspects that the governmental agency may be incurring developmental costs that the outsourcer may use for competitive advantage in marketing services to other organizations. Question: 68 Assuming that a high degree of security is needed, which of the following potential sources of information will also be relevant to the internal auditor’s assessment of whether the governmental unit is being charged for computer security that exceeds the entity’s needs? 1. Comparison of the security system with best practices implemented for similar systems 2. Comparison of the security system with recent publications on state-of-the-art systems 3. Tests of the functionality of the security system A.
2 only.
B.
1 and 2 only.
C.
3 only.
D.
1, 2, and 3.
Answer (B) is correct. Comparison of the security system with best practices implemented for similar systems and with recent publications on state-of-the-art systems is the best approach. It compares the system being developed with cutting edge systems and provides the internal auditor with a basis to address the outsourcer’s claim that the system is the minimum necessary for the organization. A Benchmarking (identifying the best practices of similar entities) also provides relevant information.
C Testing the functionality of the system provides information on whether the system works, not whether it is appropriate for the entity. D Testing the functionality of the system provides information on whether the system works, not whether it is appropriate for the entity. Question: 69 Reengineering is the thorough analysis, fundamental rethinking, and complete redesign of essential business processes. The intended result is a dramatic improvement in service, quality, speed, and cost. An internal auditor’s involvement in reengineering should include all of the following except A.
Determining whether the process has senior management’s support.
B.
Recommending areas for consideration.
C.
Developing audit plans for the new system.
D.
Directing the implementation of the redesigned process.
Answer (D) is correct. Internal auditors should not become directly involved in the implementation of the redesign process because of the possible conflict of professional interests. This involvement would impair their independence and objectivity. Staff assignments of internal auditors should be rotated periodically whenever it is practicable to do so. A Internal auditors may perform the functions of determining whether the process has senior management’s support, recommending areas for consideration, and developing audit plans for the new system. B Internal auditors may perform the functions of determining whether the process has senior management’s support, recommending areas for consideration, and developing audit plans for the new system. C Internal auditors may perform the functions of determining whether the process has senior management’s support, recommending areas for consideration, and developing audit plans for the new system. Question: 70 Monitoring is an important component of internal control. Which of the following items would not be an example of monitoring? A.
Management regularly compares divisional performance with budgets for the division.
B. Data processing management regularly generates exception reports for unusual transactions or volumes of transactions and follows up with investigation as to causes.
C. Data processing management regularly reconciles batch control totals for items processed with batch controls for items submitted. D. Management has asked internal auditing to perform regular audits of the controls over cash processing. Answer (C) is correct. Monitoring assesses the quality of internal control over time. Management considers whether internal control is properly designed and operating as intended and modifies it to reflect changing conditions. Reconciling batch control totals is a processing control over a single instance of accounting activity. A Budgetary comparison is a typical example of a monitoring control. B Investigation of exceptions is a monitoring control used by lower-level management to determine when their operations may be out of control. D Internal auditing is a form of monitoring. It serves to evaluate management’s other controls. Question: 71
Which of the following is an example of business process reengineering?
A.
Adding a new machine to the existing production line to speed up production.
B.
Redesigning the production line to speed up production.
C.
Repairing a machine on the process line to speed up production.
D.
Updating the computer systems involved on the production line to speed up production.
Answer (B) is correct. One approach to business process mapping is reengineering. It involves process innovation and core process redesign. Instead of improving existing procedures, it finds new ways of doing things. Redesigning the production line is an example of this. A One approach to business process mapping is reengineering. It involves process innovation and core process redesign. Instead of improving existing procedures, it finds new ways of doing things. Adding a new machine is an example of improving existing procedures. C One approach to business process mapping is reengineering. It involves process innovation and core process redesign. Instead of improving existing procedures, it finds new ways of doing things. Repairing a machine is an example of improving existing procedures. D One approach to business process mapping is reengineering. It involves process innovation and core process redesign. Instead of improving existing procedures, it finds new ways of doing things. Updating the computer systems is an example of improving existing procedures.
Question: 72
Which of the following is an example of a soft control?
A.
Passwords.
B.
Ethical culture.
C.
Segregation of duties.
D.
Authorization signatures.
Answer (B) is correct. The ethical culture of an organization is linked to the governance process and is the most important soft control. A Passwords are not an example of a soft control. C Segregation of duties is not an example of a soft control. D Authorization signatures are not an example of a soft control. Question: 73 Which of the following types of engagements, if any, involve an internal auditor conducting performance audits to measure how well an organization is achieving its targets for its key performance indicators? 1. An assurance engagement 2. A consulting engagement A.
1 only.
B.
2 only.
C.
1 and 2.
D.
Neither 1 nor 2.
Answer (A) is correct. In an assurance engagement, internal auditors conduct performance audits to measure how well an organization is achieving its targets for its key performance indicators. B In a consulting engagement, internal auditors work with clients to improve performance instead of measuring it. C The question only describes an assurance engagement.
D The question correctly describes an assurance engagement. Question: 74 Internal auditors are often called upon to either perform or assist the external auditor in performing a due diligence review. A due diligence review may be a(n) A.
Review of interim financial statements as directed by an underwriting firm.
B. Operational audit of a division of an organization to determine if divisional management is complying with laws and regulations. C. Review of operations as requested by the audit committee to determine whether the operations comply with audit committee and organizational policies. D. Review of financial statements and related disclosures in conjunction with a potential acquisition. Answer (D) is correct. A due diligence engagement is a service to determine the business justification for a major transaction, such as a business combination, and whether that justification is valid. Thus, the internal auditors and others may be part of a team that reviews the acquiree’s operations, controls, financing, or disclosures of financial information. A Although the reviews may be used by the underwriter, they are not directed by the underwriter. B The due diligence review is not an internal operational audit. C The due diligence review is not an internal review for compliance with organizational policies. Question: 75 An internal audit team is performing a due diligence audit to assess plans for a potential merger/acquisition. Which of the following would be the least valid reason for a company to merge with or acquire another company? A.
To diversify risk.
B.
To respond to government policy.
C.
To reduce labor costs.
D.
To increase stock prices.
Answer (D) is correct. A due diligence engagement is a service to determine the business justification for a major transaction, such as a business combination, and whether that justification is valid. Thus, the internal auditors and others may be part of a team that reviews the acquiree’s operations, controls, financing, or disclosures of financial information. Increasing stock prices is not often a valid reason for a merger or acquisition. A business combination should be undertaken because it offers long-term fundamental competitive
advantages. Increasing stock prices is an effect that can be achieved through other methods that directly improve the organization’s performance. A The usual justifications for a combination include risk management through diversifying the businesses in which the organization is engaged. B A change in governmental policy, for example, relaxation of antitrust laws, is also a valid reason for a business combination. A larger organization may be able to achieve greater economies of scale and competitive advantage. C A business combination may result in cost synergies, for example, by eliminating duplicative functions. Question: 76 An organization is considering purchasing a small toxic waste disposal business. The internal auditors are part of the team doing a due diligence review for the acquisition. The scope of the internal auditors’ work will most likely not include A.
An evaluation of the merit of lawsuits currently filed against the acquiree.
B. A review of the acquiree’s procedures for acceptance of waste material and comparison with legal requirements. C.
Analysis of the acquiree’s compliance with, and disclosure of, loan covenants.
D.
Assessment of the efficiency of the operations of the acquiree.
Answer (A) is correct. An evaluation of the merit of lawsuits requires legal expertise. B Compliance with laws, regulations, and contracts is within the scope of internal auditing. C Compliance with laws, regulations, and contracts is within the scope of internal auditing. D Internal auditors evaluate controls, including those over effectiveness and efficiency of operations. Question: 77
Which of the following best describes due diligence auditing?
A.
Reviewing the adequacy and effectiveness of the controls over hazardous waste.
B.
Determining whether the business justification for a major transaction is valid.
C. Addressing the security of personal information, especially information stored in computerized systems. D.
Monitoring and evaluating significant construction contracts.
Answer (B) is correct.
Due diligence audits determine whether the business justification for a major transaction (e.g., business combination, divestiture, or joint venture) is valid. The term “due diligence” also may be used for other engagements, for example, certain environmental audits. A Environmental audits review the adequacy and effectiveness of the controls over hazardous waste. C Privacy audits address the security of personal information. D Contract audits monitor and evaluate significant construction contracts and operating contracts that involve the provision of services. Question: 78 The treasury function of an entity has hired outside consultants to help prepare the organization’s bond offering. The internal auditor then performs an engagement to determine whether the consultants followed governmental regulations. The auditor has performed which type of engagement? A.
Due diligence.
B.
Compliance.
C.
Business continuity.
D.
Financial audit.
Answer (B) is correct. Compliance is adherence to policies, plans, procedures, or other requirements. Internal auditors assess compliance in specific areas as part of their role in organizational governance. A Due diligence auditing involves determining whether the business justification for a major transaction is valid. C Business continuity auditing involves determining whether the entity is sufficiently prepared for various types of interruptions of normal business processing. D A financial audit involves determining whether financial information was properly reported and adequately supported. Question: 79 A.
A due diligence review may be a(n)
Review of interim financial statements as directed by an underwriting firm.
B. Operational audit of a division of an organization to determine whether divisional management is complying with laws and regulations. C. Review of operations as requested by the audit committee to determine whether the operations comply with audit committee and organizational policies.
D. Review of the internal controls in place at an organization targeted for acquisition by a larger entity. Answer (D) is correct. A due diligence engagement is a service to determine the business justification for a major transaction, such as a business combination, and whether that justification is valid. Thus, the internal auditors and others may be part of a team that reviews the acquiree’s operations, controls, financing, or disclosures of financial information. A Although the reviews may be used by the underwriter, they are not directed by the underwriter. B The due diligence review is not an internal operational audit. C The due diligence review is not an internal review for compliance with organizational policies. Question: 80 The internal auditors are part of the team performing a due diligence review for the purchase of a waste disposal business. The scope of their work will most likely not include A.
An appraisal of the value of investments owned by the acquiree.
B. A review of the acquiree’s procedures for acceptance of waste material and comparison with legal requirements. C.
Analysis of the acquiree’s compliance with employment laws.
D.
An assessment of the benefit of integrating the acquiree with the acquirer’s business.
Answer (A) is correct. An appraisal service regarding valuation is outside the scope of a due diligence review. B Compliance with laws, regulations, and contracts is within the scope of internal auditing. C Compliance with laws, regulations, and contracts is within the scope of internal auditing. D The due diligence process establishes whether the expected benefits of the transaction (wider markets, more skilled employees, access to intellectual property, operating synergies, etc.) are likely to be realized.
PART-2 UNIT 4
1. A chief audit executive may use risk analysis in preparing work schedules. Which of the following is not considered in performing a risk analysis?
A.
Issues relating to organizational governance.
B.
Skills available on the internal audit staff.
C.
Results of prior engagements.
D.
Major operating changes.
Answer (B) is correct. The skills of the internal audit staff do not affect the risk associated with potential engagement clients.
A. Issues relating to organizational governance are factors that should be considered. C. Results of prior engagements should be considered. D. Major operating changes should be considered.
2. The term “risk” is best defined as the possibility that
A. An internal auditor will fail to detect a material misstatement that causes financial statements or internal reports to be misstated or misleading. B.
An event could occur affecting the achievement of objectives.
C. Management will, either knowingly or unknowingly, make decisions that increase the potential liability of the organization. D.
Financial statements or internal records will contain material misstatements.
Answer (B) is correct. According to The IIA Glossary, risk is “the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood.”
A. Detection risk is a component of audit risk.
C. The risk of increasing the organization’s liability could be termed management decision-making risk. D. Risk is not limited to misstated financial statements.
3. Risk modeling or risk analysis is often used in conjunction with development of long-range engagement work schedules. The key input in the evaluation of risk is
A.
Previous engagement results.
B.
Management concerns and preferences.
C.
Specific requirements of professional standards.
D.
Judgment of the internal auditors.
Answer (D) is correct. Assessing the risk of an activity entails analysis of numerous factors, estimation of probabilities and amounts of potential losses, and an appraisal of the costs and benefits of risk reduction. Consequently, in assessing the magnitude of risk associated with any factor in a risk model, informed judgment by the internal auditor is required.
A. The informed judgment of the internal auditor is still required to assess the magnitude of risk indicated by previous engagement results. B. To assess the risk posed by management concerns, informed judgment of the internal auditor is required. C. Professional standards do not specify the basic inputs for a risk analysis.
4. The chief audit executive of a manufacturer is updating the long-range engagement work schedule. There are several possible assignments that can fill a given time spot. Information on potential monetary exposure and key internal controls has been gathered. Based on perceived risk, select the assignment of greatest merit.
A. Precious metals inventory -- carrying amount, US $1,000,000; separately stored, but access not restricted. B. Branch office petty cash -- ledger amount, US $50,000; 10 branch offices, equal amounts; replenishment of accounts requires three separate approvals. C. Sales force travel expenses -- budget, US $1,000,000; 50 sales people; all expenditures over US $25 must be receipted.
D. Expendable tools inventory -- carrying amount, US $500,000; issued by tool crib attendant upon receipt of authorization form.
Answer (A) is correct. Among the many considerations in judging an item’s risk are the ease with which it can be converted to cash, its accessibility, and its monetary value. The precious metals inventory should receive special emphasis because of its high inherent risk. The inventory can be easily converted to cash, access is not restricted, and its monetary value is relatively high.
B. The monetary exposure of petty cash is much smaller than for the other proposed engagements, and the related controls are very stringent. C. Although the monetary value of the sales force travel expense is identical to that of the precious metal inventory, the exposure is divided among 50 people, and the receipting requirement provides substantial safety against false claims. D. The expendable tools inventory is subject to adequate control.
5. Risk assessment is a systematic process for assessing and integrating professional judgments about probable adverse conditions or events. Which of the following statements reflects the appropriate action for the chief audit executive to take?
A.
The CAE should generally assign engagement priorities to activities with higher risks.
B. The CAE should restrict the number of sources of information used in the risk assessment process. C.
Work schedule priorities should be established to lead the CAE in the risk assessment process.
D.
The risk assessment process should be conducted at least every 3 to 5 years.
Answer (A) is correct. Audit work schedules are based on, among other things, an assessment of risk and exposures. Prioritizing is needed to make decisions for applying resources. A variety of risk models exist to assist the CAE. Most risk models use risk factors, such as impact, likelihood, materiality, asset liquidity, management competence, quality of and adherence to internal controls, degree of change or stability, timing and results of last audit engagement, complexity, and employee and government relations.
B. Internal auditors are expected to identify and evaluate significant risk exposures in the normal course of their duties. Thus, they not only use risk analysis to plan engagements but also to assist management and the board by examining, evaluating, reporting, and recommending improvements on the adequacy and effectiveness of the management’s risk processes. For these purposes, the CAE
should incorporate information from a variety of sources into the risk assessment process. The Standards place no limit on such sources. C. The risk assessment process should be used to determine work schedule priorities. D. The risk assessment should be undertaken at least every year.
6. When developing the internal audit plan, the chief audit executive must consider the following expectations of 1. Department managers 2. Stakeholders 3. Human resource managers
A.
1 only.
B.
2 only.
C.
3 only.
D.
2 and 3.
Answer (B) is correct. During planning, the chief audit executive must identify and consider the expectations of senior management, the board, and other stakeholders for internal audit opinions and other conclusions (Impl. Std. 2010.A2).
A. During planning, the chief audit executive must identify and consider the expectations of senior management, the board, and other stakeholders for internal audit opinions and other conclusions. This does not include the expectations of department managers. C. During planning, the chief audit executive must identify and consider the expectations of senior management, the board, and other stakeholders for internal audit opinions and other conclusions. This does not include the expectations of HR managers. D. While the expectations of stakeholders must be considered, the expectations of HR managers are not.
7. The internal auditing activity of Rivers Financial Group is developing a plan for the current year. Which of the following should not be emphasized in the audit plan?
A.
All control systems.
B.
Areas where inherent risk is very high.
C.
Control systems on which the organization is most reliant.
D.
Unacceptable current risks that require management action.7
Answer (A) is correct. An internal audit plan normally focuses on control systems for which the organization is most reliant, not all control systems. B. An internal audit plan normally focuses on the following: unacceptable current risks requiring management action, control systems on which the organization is most reliant, areas where the difference between inherent risk and residual risk is great, and areas where inherent risk is very high. C. An internal audit plan normally focuses on the following: unacceptable current risks requiring management action, control systems on which the organization is most reliant, areas where the difference between inherent risk and residual risk is great, and areas where inherent risk is very high. D. An internal audit plan normally focuses on the following: unacceptable current risks requiring management action, control systems on which the organization is most reliant, areas where the difference between inherent risk and residual risk is great, and areas where inherent risk is very high.
8. The internal audit activity’s audit plan is based on all of the following except
A.
The audit universe.
B.
The cost of the engagement.
C.
Input from senior management and the board.
D.
Assessed risk and exposures.
Answer (B) is correct. The cost of the engagement is not a factor to consider when developing the audit plan.
A. The audit plan is based on the audit universe. C. The audit plan is based on input from both senior management and the board of directors. D. The internal audit activity’s audit plan is based on the assessed risk and exposures.
9.
Risk management is critical to the sound governance of which of the following?
A.
Financial activities of the organization.
B.
Manufacturing activities of the organization.
C.
All organization activities that produce more than 10% of revenue.
D.
All organizational activities, regardless of revenue.
Answer (D) is correct. Risk management is crucial to sound governance of all organizational activities.
A. Risk management is crucial to sound governance of all organizational activities, not just the financial activities. B. Risk management is crucial to sound governance of all organizational activities, not just the manufacturing activities. C. Risk management is crucial to sound governance of all organizational activities, not just the activities producing more than 10% of revenue.
10. An organization has no formal risk management framework. In developing a risk-based plan to determine the priorities of the internal audit activity, the chief audit executive (CAE) should
A.
Use the same risk-based plan developed for other clients.
B.
Not establish a risk-based plan because one is not necessary.
C.
Consult with senior management and the board and use the best judgment of risks.
D.
Limit the scope of the engagement.
Answer (C) is correct. The CAE considers the risk management framework, including the risk appetite set by management for each activity or part of the organization. If a framework does not exist, the CAE uses his or her own judgment after consulting with senior management and the board.
A. The CAE should review and adjust the plan, as necessary, in response to changes in the organization’s business, risks, operations, programs, systems, and controls. B. The CAE should establish a risk-based plan to determine the priorities of the internal audit activity, consistent with the organization’s goals. D. The CAE should develop a risk-based plan, not limit the scope of the engagement.
11. The chief audit executive (CAE) performs a risk assessment before developing the annual audit plan. Which of the following is most likely to increase the assessment of an identified risk?
A.
An immaterial, anticipated drop in cash flow after plant closings.
B.
A request from senior management to review the strategic plan.
C.
An unexpected, significant increase in receivables not related to an increase in sales.
D.
A critical activity had not been subject to a compliance audit during the past year.
Answer (C) is correct. Unexpected, unexplained, and significant changes in amounts, such as receivables, increase the assessed risk for that balance.
A. An immaterial, expected, and explainable decrease in cash flow provides no evidence of increased risk. B. A request from senior management to include an engagement in the audit plan is significant, but does not provide evidence of increased risk. D. Compliance audits do not have to be performed annually unless evidence indicates an engagement is necessary.
12. Which internal audit planning tool is general in nature and is used to ensure adequate engagement coverage over time?
A.
The audit plan.
B.
The engagement work program.
C.
The internal audit activity’s budget.
D.
The internal audit activity’s charter.
Answer (A) is correct.
According to Perf. Std. 2010, the CAE must establish a risk-based audit plan to determine the priorities of the internal audit activity. Such a plan ensures adequate engagement coverage over time.
B. The engagement work program is limited in scope to a particular project. C. The internal audit activity’s budget may be used to justify a head count, but it is not used to ensure adequate engagement coverage over time. D. The charter is not an engagement planning tool.
13. Which of the following actions by the internal audit activity is (are) appropriate in response to a risk assessment?
1.Although input of senior management and the board should be obtained, the chief audit executive does not need to consider it when developing the internal audit activity’s plan of engagements. 2.The high-risk areas should be integrated into an audit plan along with the high-priority requests of management and the audit committee. 3.The risk analysis should be used in determining an audit plan. Thus, it should be performed only on an annual basis.
A.
1 only.
B.
2 only.
C.
1 and 3 only.
D.
1 and 2 only.
Answer (B) is correct. The annual risk-based audit plan should integrate the risk analysis with input from senior management and the board (audit committee). It reflects consideration of the organization’s risk management framework and risk appetite levels set by management.
A. The internal audit activity’s plan of engagements must be based on a documented risk assessment. The input of senior management and the board must be considered in this process. C. A documented risk assessment should be undertaken at least annually. It should be updated for changes as they occur during the year, and the input of senior management and the board must be considered. D. Input of senior management and the board must be considered.
14. Which of the following comments is (are) true regarding the assessment of risk associated with two projects that are competing for limited internal audit resources?
1.Industry knowledge should be used to identify the project with the higher priority. 2.Activities with higher financial budgets always should be considered higher risk than those with lower financial budgets. 3.Activities that are requested by the board always should be considered higher risk than those requested by management. 4.Senior management’s evaluations of the risk associated with each project must be considered.
A.
2 and 4 only.
B.
2 and 3 only.
C.
1 and 4 only.
D.
1 and 3 only.
Answer (C) is correct. An understanding of the industry enables the internal auditor to identify risks of new or existing projects. The internal audit activity’s plan of engagements must be based on a documented risk assessment, undertaken at least annually. The input of senior management and the board must be considered in this process.
A. Activities with higher financial budgets do not necessarily have greater risk. B. Activities with higher financial budgets do not necessarily have greater risk. Activities requested by the board do not necessarily have greater risk. D. A ranking based on the source of a request for performance of an engagement is unlikely to reflect a comprehensive assessment based on a sufficient number of risk factors.
15. The internal auditors of Smother Corp. are considering lower-risk audits as a part of their audit plan. They should
A.
Include the lower-risk audits to give them coverage and confirm that their risks have not changed.
B.
Not include the lower-risk audits in the audit plan since they are not risky.
C.
Include only half of the lower-risk audits to see if the risks have changed.
D.
Include the lower-risk audits only with senior management approval.
Answer (A) is correct. Lower-risk audits need to be included in the audit plan to give them coverage and confirm that their risks have not changed.
B. Lower-risk audits should be included in the audit plan. C. Including only half of the lower-risk audits is not required by any guidance of The IIA. D. While the internal auditor considers input from senior management when determining the audit plan, the decision to include audits in the plan is ultimately at the discretion of the internal auditor.
16. The chief audit executive is preparing the audit work schedule for the next budget year and has limited resources. In deciding whether to schedule the purchasing or the personnel department for an engagement, which of the following is the least important factor?
A.
Major changes in operations have occurred in one of the departments.
B.
The internal audit staff has recently added an individual with expertise in one of the areas.
C. More opportunities to achieve operating benefits are available in one of the departments than in the other. D.
Updated assessed risk is significantly greater in one department than the other.
Answer (B) is correct. The CAE’s responsibility is to assign competent internal auditors to the appropriate engagements, not to adjust the workplan to the abilities of the staff.
A. A major change in operations is a reason for scheduling an engagement. C. Potential operating benefits are a reason for scheduling an engagement. D. Updated assessed risk is a reason for scheduling an engagement.
17. Which of the following factors is least likely to be considered in determining the audit work schedule?
A.
Engagement work programs.
B.
The effectiveness of risk management and control processes.
C.
Workload requirements.
D.
Issues relating to organizational governance.
Answer (A) is correct. Development of work programs occurs during the planning phase of an individual engagement.
B. Determining an engagement work schedule includes considering the effectiveness of risk management and control processes. C. Determining an engagement work schedule includes considering workload requirements. D. Determining an engagement work schedule includes considering issues relating to organizational governance.
18. During discussions with senior management, the chief audit executive identified several strategic business issues to consider in preparing the annual audit work schedule. Which of the following does not represent a strategic issue for this purpose?
A.
A monthly budgeting process will be implemented.
B. An international marketing campaign will be started to develop product recognition and also to leverage the new organization-based advertising department. C. Joint-venture candidates will be sought to provide manufacturing and sourcing capabilities in European and Asian markets. D. A human resources database will be established to ensure consistent administration of policies and to improve data retention.
Answer (A) is correct. Implementing a monthly budgeting process is an operating decision, not a strategic decision. (It does, however, involve a major change in operations.)
B. An international marketing campaign is a strategic issue. The CAE will need to ensure that the new marketing process and the centralized advertising department are recognized and monitored in risk assessment and planning activities.
C. Extending operations to European and Asian markets is a strategic issue. The addition of joint-venture partners will add new or additional concerns for risk assessment and planning in the internal audit activity. D. Establishing a human resources database is a strategic issue. The assumptions and ongoing activities related to a human resources database will require consideration in the planning of the internal audit activity.
19. The chief audit executive for an organization has just completed a risk assessment process, identified the areas with the highest risks, and assigned an engagement priority to each. Which of the following conclusions most logically follow(s) from such a risk assessment?
1.Items should be quantified as to risk in the rank order of quantifiable monetary exposure to the organization. 2.The risk priorities should be in order of major control deficiencies. 3.The risk assessment process, though quantified, is the result of professional judgments about both exposures and probability of occurrences.
A.
1 only.
B.
3 only.
C.
2 and 3 only.
D.
1, 2, and 3.
Answer (B) is correct. Any assessment of risk priority and exposure necessarily implies the exercise of professional judgment. Thus, although risk factors may be weighted to determine their relative significance, a ranking based solely on such specific criteria as monetary exposure or control deficiencies is not always indicated.
A. Quantifiable monetary exposure is not the sole criterion for ranking risk exposures. C. Major control deficiencies are not the sole criteria for ranking risk exposures. D. Ranking risk exposures strictly by quantifiable monetary exposure or by major control deficiencies downplays the importance of professional judgment.
20. Which of the following comments is (are) true regarding the assessment of risk associated with two projects that are competing for limited internal audit resources?
1.Activities that are requested by the board always should be considered higher risk than those requested by management. 2.Activities with higher financial budgets always should be considered higher risk than those with lower financial budgets. 3.Risk always should be measured by the potential monetary or other adverse exposure to the organization.
A.
1 only.
B.
2 only.
C.
3 only.
D.
1 and 3 only
Answer (C) is correct. When ranking potential engagements that are competing for limited internal audit resources, a decision criterion based on the degree of adverse exposure to the organization is preferable.
A. Activities requested by the board do not necessarily have greater risk. B. Activities with higher financial budgets do not necessarily have greater risk. C. A ranking based on the source of a request for performance of an engagement is unlikely to reflect a comprehensive assessment based on a sufficient number of risk factors.
21. Which of the following represent(s) appropriate internal audit action in response to the risk assessment process? 1.The low-risk areas may be delegated to the external auditor, but the high-risk areas should be performed by the internal audit activity. 2.The high-risk areas should be integrated into an audit work schedule along with the high-priority requests of senior management and the audit committee. 3.The risk analysis should be used in determining an annual audit work schedule. Thus, the risk analysis should be performed only on an annual basis.
A.
1 only.
B.
2 only.
C.
3 only.
D.
1 and 3 only.
Answer (B) is correct. The high-risk areas should be integrated into an audit work schedule along with the high-priority requests of senior management and the audit committee.
A. Work should be coordinated with the external auditor to avoid duplication of effort and to ensure adequate coverage, but allocation of tasks based solely on relative risk is not appropriate. C. Changing conditions may require updating risk assessment during the year. D. Work should be coordinated with the external auditor to avoid duplication of effort and to ensure adequate coverage, but allocation of tasks based solely on relative risk is not appropriate. Also, changing conditions may require updating the risk assessment during the year.
22. The internal auditor is considering making a risk analysis as a basis for determining the areas of the organization where engagements should be performed. Which one of the following statements is true regarding risk analysis?
A. The extent to which management judgments are required in an area could serve as a risk factor in assisting the internal auditor in making a comparative risk analysis. B.
The highest risk assessment should always be assigned to the area with the largest potential loss.
C. The highest risk assessment should always be assigned to the area with highest probability of occurrence. D. Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.
Answer (A) is correct. Among the common factors used in risk models for establishing the priority of engagements is management competence. Hence, the internal auditor could appropriately consider the extent of management competence, which includes judgment, as a risk factor.
B. Risk analysis considers both the potential loss (or damages) and the probability of occurrence. An area with the largest potential loss may have a very low likelihood. C. A high probability of occurrence may be associated with a small potential loss. D. The concept of risk analysis is not limited to quantitative measures.
23. The chief audit executive set up a computerized spreadsheet to facilitate the risk assessment process involving a number of different divisions in the organization. The spreadsheet included the following factors: Pressure on divisional management to meet profit goals Complexity of operations Competence of divisional personnel The monetary amount of subjectively influenced accounts in the division, such as accounts in which management’s judgment can affect the expense, e.g., postretirement benefits The CAE used a group meeting of internal audit managers to reach a consensus on the competence of divisional personnel. Other factors were assessed as high, medium, or low by either the CAE or an internal audit manager who had performed an engagement at the division. The CAE assigned a weight ranging from 0.5 to 1.0 to each factor and then computed a composite risk score. Which statement is true?
A. The risk analysis is not appropriate because it mixes both quantitative and qualitative factors, thereby making expected value calculations impossible. B. Assessing factors at discrete levels such as high, medium, and low is inappropriate for the risk assessment process because the ratings are not quantifiable. C. The weighting is subjective and should have been determined through a process such as multiple-regression analysis. D.
Using a subjective group consensus to assess personnel competence is appropriate.
Answer (D) is correct. The risk assessment incorporates information from a variety of sources, such as discussions with the board and management and with internal audit management and staff. Thus, seeking the consensus of experienced internal audit managers regarding personnel matters is appropriate. This method tends to eliminate the extreme judgments that might be made by a single evaluator.
A. Risk analysis considers all appropriate factors. It need not be limited to quantitative or expected value calculations. B. High, medium, and low may be the most precise measures available. C. Subjective analysis is acceptable. Use of multiple-regression analysis to determine a weighted average for the risk-weighting model is not feasible because no criteria exist to determine the weightings.
24. When a risk assessment process has been used to construct an audit engagement schedule, which of the following should receive attention first?
A.
The external auditors have requested assistance for their upcoming annual audit.
B. A new accounts payable system is currently undergoing testing by the information technology department. C.
Management has requested an investigation of possible lapping in receivables.
D.
The existing accounts payable system has not been audited over the past year.
Answer (C) is correct. Prioritizing is needed to make decisions about applying resources to engagements based on the relative significance of their risk and exposure estimates. Most risk models use risk factors to establish engagement priorities. Internal auditors traditionally regard fraud as significant even if the immediate exposure is not. Thus, management’s request to investigate a possible fraud in the accounts receivable unit must take precedence.
A. External audit requests for assistance should be subordinate to fraud investigations. B. Given that the new system is not yet in production, it need not receive immediate attention. D. A management request involving a fraud should take priority over a system that has not been audited over the past year.
25. Which of the following factors is considered the least important in deciding whether existing internal audit resources should be moved from an ongoing compliance engagement to a divisional-level engagement requested by management?
A.
A financial audit of the division performed by the external auditor a year ago.
B.
The potential for fraud associated with the ongoing engagement.
C.
An increase in the level of expenditures experienced by the division for the past year.
D.
The potential for significant regulatory fines associated with the ongoing engagement.
Answer (A) is correct. Prioritizing is needed to make decisions about applying relative resources based on the significance of risk and exposure. Most risk models use risk factors to establish engagement priorities. One such factor is the potential for fraud. Internal auditors traditionally regard fraud as significant even if the immediate exposure is not significant. Increased expenditures also constitute a significant risk factor because they represent an increase in potential loss. For the same reason, potential regulatory fines may also create an exposure sufficiently great to affect the determination of priorities. Thus, the result of an
external financial audit performed a year ago is the least likely to affect the current allocation of internal audit resources. Any adverse engagement observations most probably have been acted upon and, in any case, may not be germane to the ongoing compliance engagement or the proposed divisional-level engagement.
B. Potential fraud is likely to be a more important factor in the use of limited internal audit resources than the results of an external financial audit. C. Increased expenditures is likely to be a more important factor in the use of limited internal audit resources than the results of an external financial audit. D. Potential significant fines are likely to be a more important factor in the use of limited internal audit resources than the results of an external financial audit.
26. Which of the following represents the best risk assessment technique?
A. Assessment of the risk levels for future events based on the extent of uncertainty of those events and their impact on achievement of long-term organizational goals. B.
Assessment of inherent and control risks and their impact on the extent of financial misstatements.
C. Assessment of the risk levels of current and future events, their effect on achievement of the organization’s objectives, and their underlying causes. D. Assessment of the risk levels of current and future events, their impact on the organization’s mission, and the potential for elimination of existing or possible risk factors.
Answer (C) is correct. When determining the best risk assessment technique, internal auditors should choose the most comprehensive. Of the options given, assessing risks, their effects, and their causes is the technique meeting that criterion.
A. Causation also should be considered. B. Risk events include more than those classified as inherent and control risks (terms used in the audit risk model used in financial statement audits). Moreover, a comprehensive approach should be adopted. D. Elimination of risks is less likely than mitigation.
27. Fact Pattern: The internal auditing process is one of critical thinking, analysis, and careful evaluation. All mechanical procedures are integrated into a larger context of thoughtful inquiry. All engagements include a description and analysis of internal controls. Engagement clients are selected in a number of ways, with risk being the primary basis for selection. The departments being considered for possible review in the coming year and attributes of those departments are as follows:
Department
Assets
Annual Costs
Production A
US $50,000
Production B
5,000,000
10,000,000
Production C
1,000,000
1,000,000
Purchasing
50,000
150,000
Marketing
50,000
500,000
Shipping
60,000
100,000
Security
10,000
100,000
Travel
6,000
30,000
Probability of Loss
US $700,000
10%
1%
1%
10%
10%
50%
90%
50%
All of these departments, except two, are on the potential list of engagement clients because of a risk analysis performed by the chief audit executive. Production department A is on the list because the president thinks too many bottlenecks occur in that department. The marketing department is on the list because the chief of security received an anonymous phone call accusing a marketing manager of accepting substantial financial kickbacks from a media outlet. Internal controls seem adequate in all departments, with the possible exception of marketing.
What is the chief audit executive’s most logical definition of risk of loss to be used in selecting engagement clients?
A.
Amount of risk exposure times the probability of loss.
B.
Amount of annual costs in a department.
C.
Probability of loss.
D.
Amount of assets in a department.
Answer (A) is correct. The IIA Glossary defines risk as “the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood.” Thus, risk of loss is most logically defined as an expected value equal to the amount at risk times the probability of loss.
B. The amount of costs in a department is not necessarily the amount exposed to a risk of loss. C. The probability of a loss must be multiplied by the amount exposed to possible loss. D. The amount of assets in a department is not necessarily the amount exposed to a risk of loss.
28. Fact Pattern: The internal auditing process is one of critical thinking, analysis, and careful evaluation. All mechanical procedures are integrated into a larger context of thoughtful inquiry. All engagements include a description and analysis of internal controls. Engagement clients are selected in a number of ways, with risk being the primary basis for selection. The departments being considered for possible review in the coming year and attributes of those departments are as follows:
All of these departments, except two, are on the potential list of engagement clients because of a risk analysis performed by the chief audit executive. Production department A is on the list because the president thinks too many bottlenecks occur in that department. The marketing department is on the list because the chief of security received an anonymous phone call accusing
a marketing manager of accepting substantial financial kickbacks from a media outlet. Internal controls seem adequate in all departments, with the possible exception of marketing.
Which department most likely needs a pure operational (nonfinancial) engagement?
Department
Assets
Annual Costs
Probability of Loss
Production A
US $50,000
US $700,000
Production B
5,000,000
10,000,000
Production C
1,000,000
1,000,000
Purchasing
50,000
150,000
Marketing
50,000
500,000
Shipping
60,000
100,000
Security
10,000
100,000
Travel
6,000
30,000
10%
1%
1%
10%
10%
50%
90%
50
A.
Production A.
B.
Production C.
C.
Purchasing.
D.
Marketing.
Answer (A) is correct. An operational engagement includes reviewing the activities, systems, and controls within an organization to reach efficiency, effectiveness, economic, or other goals.
B. department that is causing bottlenecks needs an operational audit to aid in determining the cause of the bottlenecks and correcting the problem. C. Production department C appears to be operating efficiently and effectively. D. The purchasing department appears to be operating efficiently and effectively.
29. Fact Pattern: During the planning phase, a chief audit executive (CAE) is evaluating four audit engagements based on the following factors: the engagement’s ability to reduce risk to the organization, the engagement’s ability to save the organization money, and the extent of change in the area since the last engagement. The CAE has scored the engagements for each factor from low to high, assigned points, and calculated an overall ranking. The results are shown below with the points in parentheses:
Audit
Risk Reduction
Cost Savings
Changes
1
High (3)
Medium (2)
2
High (3)
Low (1)
3
Low (1)
High (3)
4
Medium (2)
Medium (2)
Low (1)
High (3)
Medium (2)
High (3)
Which audit engagements should the CAE pursue if all factors are weighed equally? A.
1 and 2 only.
B.
1 and 3 only.
C.
2 and 4 only.
D.
3 and 4 only.
Answer (C) is correct. Given that the areas to be audited are weighted equally, the CAE should pursue audits 2 and 4 because they have the highest total points (7).
A. Audit 1 has fewer total points than audit 4. B. Audits 1 and 3 have fewer total points than audits 2 and 4. D. Audit 3 has fewer total points than audit 2.
30. Fact Pattern: During the planning phase, a chief audit executive (CAE) is evaluating four audit engagements based on the following factors: the engagement’s ability to reduce risk to the organization, the engagement’s ability to save the organization money, and the extent of change in the area since the last engagement. The CAE has scored the engagements for each factor from low to high, assigned points, and calculated an overall ranking. The results are shown below with the points in parentheses:
Audit
Risk Reduction
Cost Savings
Changes
1
High (3)
Medium (2)
2
High (3)
Low (1)
3
Low (1)
High (3)
Low (1)
High (3)
Medium (2)
4
Medium (2)
Medium (2)
High (3)
If the organization has asked the CAE to consider the cost savings factor to be twice as important as any other factor, which engagements should the CAE pursue?
A.
1 and 2 only.
B.
1 and 3 only.
C.
2 and 4 only.
D.
3 and 4 only.
Answer (D) is correct. After doubling the cost savings points, audit 3 [1 + (2 × 3) + 2 = 9] and audit 4 [2 + (2 × 2) + 3 = 9] have the highest total points.
A. Audit 1 and audit 2 have 8 total points each. B. Audit 1 has 8 total points. C. Audit 2 has 8 total points.
31. Which of the following is the best reason for the chief audit executive to consider the strategic plan in developing the annual audit plan?
A.
To ensure that the internal audit plan supports the overall business objectives.
B.
To ensure that the internal audit plan will be approved by senior management.
C.
To make recommendations to improve the strategic plan.
D.
To emphasize the importance of the internal audit function.
Answer (A) is correct. The chief audit executive must establish risk-based plans to determine the priorities of the internal audit activity consistent with the organization’s goals (Perf. Std. 2010). Including the strategic plan in the audit universe ensures that it reflects the overall business objectives stated in the strategic plan.
B. Making the internal audit plan fit better with the strategic plan may not have an effect on management’s approval. C. Recommending improvements to the strategic plan is not the primary purpose of the CAE’s review. D. The importance of the internal audit function depends on the authority granted to it by the board and senior management.
32. A chief audit executive most likely uses risk assessment for audit planning because it provides
A. A systematic process for assessing and integrating professional judgment about probable adverse conditions. B.
A listing of potentially adverse effects on the organization.
C.
A list of auditable activities in the organization.
D.
The probability that an event or action may adversely affect the organization.
Answer (A) is correct. The chief audit executive must establish risk-based plans to determine the priorities of the internal audit activity consistent with the organization’s goals (Perf. Std. 2010).
B. A listing of potentially adverse effects might convince the CAE of the need for risk assessment. But this process is not itself a risk assessment. C. A list of auditable activities is used in the risk assessment process but is not the rationale for using risk assessment. D. The probability that an event or action may adversely affect the organization is one definition of risk.
33. A service company is currently experiencing a significant downsizing and process reengineering. Its board of directors has redefined the business goals and established initiatives using in-house developed technology to meet these goals. As a result, a more decentralized approach has been adopted to run the business functions by empowering the business branch managers to make decisions and perform functions traditionally done at a higher level.
The internal auditing staff is made up of the director, two managers, and five staff auditors, all with financial background. In the past, the primary focus of successful audit activities has been the service branches and the six regional division headquarters that support the branches. These division headquarters are the primary targets for possible elimination. The support functions, such as human resources, accounting, and purchasing, will be brought into the national headquarters, and technology will be enhanced to enable and augment these operations.
Assuming that total available resources remain the same, what activities should the internal audit activity perform to best serve the organization? A.
Decrease engagement time in systems development.
B.
Increase engagement time in service branches.
C.
Increase engagement time in functions being centralized.
D.
Continue the allocation of engagement time as before.
Answer (C) is correct. A major change in organizational structure is a significant risk factor. Of the choices provided, devoting internal audit resources to this engagement best serves the organization. A. Major technology changes require that the engagement time devoted to systems development be increased.
B. Given the major changes in other areas, limited internal audit activity resources most likely must be shifted away from their primary focus on the service branches. D. Major changes in the business, operations, programs, systems, and controls also require changes by the internal audit activity.
34. Which of the following statements is false regarding risk assessment as the term is used in internal auditing?
A. Risk assessment is a judgmental process of assigning monetary amounts to the perceived level of risk found in an activity being evaluated. These amounts allow a chief audit executive to select the engagement clients most likely to result in identifiable savings. B. The chief audit executive should incorporate information from a variety of sources into the risk assessment process, including discussions with the board, management, external auditors, review of regulations, and analysis of financial/operating data. C. Risk assessment is a systematic process of assessing and integrating professional judgments about events that could affect the achievement of organizational objectives. It provides a means of organizing an engagement work schedule.
D. As a result of an engagement or preliminary survey, the chief audit executive may revise the level of assessed risk of an engagement client at any time, making appropriate adjustments to the work schedule.
Answer (A) is correct. Risk assessment is a complex process that cannot be reduced to simple monetary terms.
B. The CAE should incorporate information from a variety of sources into the risk assessment process. The Standards place no limit on such sources. C. Risk assessment is a systematic process of assessing and integrating professional judgments about events that could affect the achievement of organizational objectives. It provides a means of organizing an engagement work schedule. D. Risk assessments may be revised on the basis of new information.
35. The chief audit executive for a retail merchandise sales organization is considering engagement assignments for inclusion in the work schedule for the upcoming year. The following areas have not been evaluated recently, and there are no known reasons that they should be given immediate attention. If resources are scarce, which project should be given priority?
A.
Corporate code of ethics and conflict of interest policy.
B.
Cash management and credit policy.
C.
Employee time reporting system.
D.
Budget preparation and forecasts.
Answer (B) is correct. Of the areas listed, cash management and credit policy in a retail merchandise sales organization would likely rank the highest in financial exposure and risk of potential loss.
A. Cash and credit policy has a greater risk of loss. C. Cash and credit policy has a greater risk of loss. D. Cash and credit policy has a greater risk of loss.
36. The chief audit executive of an organization has developed a plan that includes a detailed schedule of engagements to be performed during the coming year, an estimate of the time required for each engagement, and the approximate starting date of each engagement. The
scheduling of specific engagements was based upon the time elapsed since the last engagement in each area. The plan is inadequate because it fails to
A.
Cite authoritative support for such a plan.
B.
Consider factors such as risk and effectiveness of risk management processes.
C.
State whether all internal audit activity resources had been committed to the plan.
D.
Seek senior management approval of the plan.
Answer (B) is correct. The internal audit activity’s plan of engagements must be based on a documented risk assessment, undertaken at least annually (Impl. Std. 2010.A1).
A. The Standards contain no requirement to cite authoritative support for the plan. C. The plan should be flexible in the event of unanticipated needs for internal audit activity resources. D. Activity reports should be submitted to senior management and to the board at least annually, but the Standards contain no requirement for seeking approval of the annual engagement work schedule.
37. Which of the following is a valid reason for an internal auditing engagement involving a payroll department to receive priority over a purchasing department engagement?
A. The director of the payroll department requested that the payroll department engagement be performed first. B.
The purchasing department engagement will require more time to perform.
C.
The payroll department’s relative risk and exposure are greater.
D.
The purchasing department recently restructured its major operations.
Answer (C) is correct. The CAE must establish risk-based plans to determine the priorities of the internal audit activity consistent with the organization’s goals (Perf. Std. 2010). Audit work schedules are based on, among other factors, an assessment of risk and exposures.
A. This request is not as compelling a reason for granting priority as the greater assessed risk of another engagement client.
B. The time required may not correlate with risk and other factors that determine the internal audit activity’s priorities. D. The restructuring is a reason for giving priority to the purchasing department.
38. An organization manufactures mirror frames. Scrap is adequately accounted for at the point of generation. The scrap is sorted and sold frequently to the organization’s regular buyer at a price negotiated between the scrap manager and the buyer. A risk exposure caused by these procedures is that
A.
Excessive scrap has been generated.
B.
The price received for scrap may be inadequate.
C.
The production of scrap indicates inefficiencies in production.
D.
The collection of amounts receivable from the scrap buyer is questionable.
Answer (B) is correct. Various problems may arise. For example, the scrap manager may be tempted to collude with the regular buyer to establish an inadequate price. In the absence of fraud, the failure to seek competing bids, the line manager’s lack of expertise in negotiation, ignorance of quoted prices in established markets, and other factors may result in an inadequate price. Hence, a separate subunit of the organization may be necessary to manage all aspects of scrap disposition.
A. Nothing suggests excessive scrap generation. C. Nothing suggests inefficiency. D. A regular buyer is likely to be reliable.
39. Management has just implemented a policy that every department must downsize by immediately cutting 10% of each department’s staff and budget. The chief audit executive has reacted to the organization’s recent plans for “downsizing” (reducing the size of staff across the board) by notifying the internal audit managers that the time allocated for all jobs must be cut by 10%. Which of the following statements regarding the CAE’s action and potential internal audit manager’s action is true?
A. The CAE’s action should result in approximately the same amount of risk coverage as the previous engagement work schedule but reduced by 10%. B. Individual internal audit managers can attain 90% of the previously defined engagement coverage by uniformly cutting engagement procedures by 10%.
C. The CAE should have re-prioritized risks and eliminated specific engagements rather than cutting 10% across the board. D.
All of the answers are correct.
Answer (C) is correct. The CAE must establish risk-based plans to determine the priorities of the internal audit activity consistent with the organization’s goals (Perf. Std. 2010). Audit work schedules are based on, among other factors, an assessment of risk and exposures. Prioritizing is needed to make decisions for applying resources. Hence, when the internal audit activity’s resources are reduced, the CAE should allocate the remaining resources in the manner that best meets its goals. For this purpose, risk priorities must be reevaluated. Eliminating some projects may be preferable to reducing the effort devoted to all projects.
A. Reducing the time allocation for all jobs by 10% does not necessarily mean that the risks addressed will be reduced proportionately. The CAE should reprioritize the engagement work schedule to ensure the optimal mitigation of risk with the more limited resources. B. A uniform 10% reduction in engagement procedures or scope may result in gathering insufficient information and failure to meet engagement objectives for all projects. D. Only one of the responses is true.
40. The work of the internal audit activity includes evaluating and contributing to the improvement of risk management systems. Risk is 1.The negative effect of events certain to occur 2.Measured in terms of impact 3. Measured in terms of likelihood
A.
1 only.
B.
1 and 2 only.
C.
2 and 3 only.
D.
1, 2, and 3.
Answer (C) is correct. The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes (Perf. Std. 2120). Risk is the possibility of an event’s occurrence that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood (The IIA Glossary).
A. Risk is measured in terms of impact and likelihood. Moreover, it involves uncertainty, and the effects of events are not necessarily negative. B. Risk also is measured in terms of likelihood. Moreover, it involves uncertainty, and the effects of events are not necessarily negative. D. Risk involves uncertainty, and the effects of events are not necessarily negative.
41. Updating the audit universe is useful in developing the internal audit plan. The audit universe
A.
Consists of all possible audits.
B.
Reflects only past organizational strategies.
C.
May not overlap with the organization’s strategic plan.
D.
Is typically updated every 5 years.
Answer (A) is correct. In developing the internal audit activity’s audit plan, many CAEs find it useful to first develop or update the audit universe. The audit universe is a list of all the possible audits that could be performed. B. The audit universe needs to reflect the most current strategies. C. The audit universe may include elements of the strategic plan and therefore reflect overall business objectives. D. The audit universe needs to be updated at least annually.
42. The chief audit executive develops a risk-based plan after updating the audit universe. The item least likely to be part of the audit universe is
A.
Major programs.
B.
Cost, profit, and investment centers.
C.
A component of the organization’s strategic plan.
D.
The minutes from the last board of directors meeting.
Answer (D) is correct.
In developing the internal audit activity’s audit plan, many chief audit executives (CAEs) find it useful to first develop or update the audit universe. The audit universe is a list of all the possible audits that could be performed. The CAE may obtain input on the audit universe from senior management and the board.
A. Major programs are activities of the organization and are thus part of the audit universe. B. Cost, profit, and investment centers are parts of the organization and are thus part of the audit universe. C. The audit universe can include components from the organization’s strategic plan. By incorporating components of the organization’s strategic plan, the audit universe will consider and reflect the overall business’ objectives.
43. Risk is measured in terms of significance and likelihood. Excessive cash disbursements due to duplicate payments to vendors are events that most likely are placed in which area of a risk map?
A.
Low significance, low likelihood.
B.
Low significance, high likelihood.
C.
High significance, medium likelihood.
D.
High significance, low likelihood.
Answer (C) is correct. Duplicate payments to vendors are considered high significance because they result in a material loss of cash if undetected. The likelihood is medium because they are a common irregularity. However, there is most often a good chance (not guaranteed) that a vendor will detect the error and correct it.
A. Duplicate payments to vendors tend to have medium to high impact and more than a low likelihood. B. Duplicate payments to vendors tend to have medium to high impact and more than a low likelihood. D. The likelihood is more than low (rare or unlikely).
44. The internal audit activity of a large organization has established its operating plan and budget for the coming year. The operating plan is restricted to the following categories: a prioritized listing of all engagements, staffing, a detailed expense budget, and the commencement date of each engagement. Which of the following best describes the major deficiency of this operating plan?
A.
Requests by management for special projects are not considered.
B.
Opportunities to achieve operating benefits are ignored.
C.
Measurability criteria and targeted dates of completion are not provided.
D.
Knowledge, skills, and other competencies required to perform work are ignored.
Answer (C) is correct. The goals of the internal audit activity should be capable of accomplishment within given operating plans and budgets and should be measurable to the extent possible. They should be accompanied by measurement criteria and targeted dates of accomplishment. A. Requests by management would have been considered in establishing engagement work schedule priorities. B. Opportunities to achieve operating benefits would have been considered in establishing engagement work schedule priorities. D. The appropriate resources, including staffing, needed to achieve engagement objectives would have been considered in establishing engagement work schedule priorities. Staff members must possess the knowledge, skills, and other competencies needed to perform their responsibilities (Attr. Std. 1210).
45. An approved audit plan for the internal audit activity is an essential part of
A.
Scheduling support for the external audit.
B.
Establishing standards for employee performance.
C. Providing senior management with information about the quality of the internal audit activity’s performance. D.
Planning for the internal audit activity.
Answer (D) is correct. The audit plan should include the activities to be performed, when they will be performed, and the estimated time required, considering the scope of the engagement work planned and the nature and extent of related work performed by others. This plan permits determination of staffing plans and financial budgets and is a basis for the presentation of reports. A. The engagement work schedule is not essential to proper support for the external audit. B. Management sets operating standards. C. Providing information about internal audit’s performance is not a function of the audit workplan.
46. A chief audit executive (CAE) uses a risk assessment model to establish the annual audit plan. Which of the following would be an appropriate action by the CAE?
Maintain ongoing dialogue with management and the audit committee Ensure that the schedule of audit priorities remains unchanged Employ only quantitative methods to determine risk weightings Revise the risk assessment and audit priorities as warranted
A.
3 only.
B.
1 and 2 only.
C.
1 and 4 only.
D.
3 and 4 only.
Answer (C) is correct. It is a best practice for risk assessment to be a dynamic process, changing over time and as new information, business strategies, and risks are identified. Ongoing consultation with members of management and the board is a way for the internal audit activity to obtain such information and stay attuned to organizational developments that may affect existing audit priorities. To accommodate such emerging priorities, the work schedule may need to be altered.
A. The weighting of risk is both a quantitative and a qualitative (judgment) exercise. B. Audit schedules will likely change regularly to meet the needs of the organization, particularly if based on an effective risk assessment process. D. The weighting of risk is both a quantitative and a qualitative (judgment) exercise. Furthermore, the CAE should engage in ongoing consultation with members of management and the board.
48. At a meeting with engagement managers, the chief audit executive is allocating the engagement work schedule for next year’s plan. Which of the following methods will ensure that each manager receives an appropriate share of both the work schedule and internal audit activity resources? A.
Work is assigned to each manager based on risk and skill analysis.
B. Each of the managers selects the individual assignments desired, based on preferences for the area and the management personnel involved.
C. Each manager chooses assignment preferences based on the total staff hours that are currently available to each manager. D. The full list of scheduled engagements is published for the staff, and work assignments are made based on career interests and travel requirements.
Answer (A) is correct. Due professional care requires work assignments to be proportional to the complexities of the engagement and must ensure that the technical proficiency and educational background of the personnel assigned are appropriate. A skill analysis of tasks to be performed is therefore necessary. Furthermore, matters to be considered in establishing audit work schedule priorities include, among many other factors, an assessment of risk and exposures.
B. Choice based on personal preference does not ensure the exercise of due professional care. C. Available staff hours do not correlate with risk or the composite skills necessary for individual assignments. D. Although career interests and travel requirements are considerations for staffing engagements, these factors do not constitute an objective basis for making assignments.
49. Which of the following represent(s) appropriate internal audit action in response to the risk assessment process?
1. The high-priority requests of senior management and the audit committee should be given little weight with regard to the audit work schedule. 2. Engagements for the low-risk areas may be delegated to the external auditor, but engagements for the high-risk areas should be performed by the internal audit activity. 3. The chief audit executive should develop a risk-based plan, making adjustments as necessary in response to organizational changes. 4. The risk analysis should be used in determining an annual audit work schedule. Thus, the risk analysis should be performed only on an annual basis.
A.
1 only.
B.
2 only.
C.
3 only.
D.
2 and 4 only.
Answer (C) is correct.
The chief audit executive is responsible for developing a risk-based plan that considers the organization’s risk management framework, including using risk appetite levels set by management for the different activities or parts of the organization. If a framework does not exist, the chief audit executive uses his or her own judgment of risks after consideration of input from senior management and the board. The chief audit executive must review and adjust the plan, as necessary, in response to changes in the organization’s business, risks, operations, programs, systems, and controls.
A. The high-risk areas should be integrated into an audit work schedule with the high-priority requests of senior management and the audit committee. B. Work should be coordinated with the external auditor to avoid duplication of effort and to ensure adequate coverage, but allocation of tasks based solely on relative risk is not appropriate. D. Work should be coordinated with the external auditor to avoid duplication of effort and to ensure adequate coverage, but allocation of tasks based solely on relative risk is not appropriate. Also, changing conditions may require updating the risk assessment during the year.
50. The chief audit executive of a manufacturer is updating the long-range engagement work schedule. Several possible engagements can be assigned to a given time slot. Information on potential monetary exposure and key internal controls has been gathered. Based on perceived risk, select the assignment of greatest merit.
A. Precious metals inventory -- carrying amount, US $10,000; separately stored, access restricted by keycard and management approval. B. Branch office petty cash -- ledger amount, US $75,000; 10 branch offices, equal amounts; replenishment of accounts requires three separate approvals. C. Sales force travel expenses -- budget, US $1,200,000; 50 sales people; all expenditures over US $25 must be receipted. D.
Expendable tools inventory -- carrying amount, US $1,100,000; Stored with other inventory.
Answer (D) is correct. Among the many considerations for judging an item’s risk are the ease with which it can be converted to cash, its accessibility, and its monetary value. The expendable tools inventory is subject to considerable risk because inventory can be easily converted to cash, access is not restricted, and its monetary value is relatively high.
A. Although the inventory is easily convertible to cash, sufficient controls are in place, and its monetary value is relatively low. B. The monetary exposure of petty cash is much smaller than for the other proposed engagements, and the related controls are very stringent.
C. Although the monetary value of the sales force travel expense is slightly higher than that of expendable tools inventory, the exposure is divided among 50 people, and the receipting requirement provides substantial safety against false claims
51. In deciding whether to accept a consulting engagement, the Standards require the CAE to consider the engagement’s potential to
1. Add value 2. Improve management of risks 3. Develop internal audit competencies 4. Improve the organization’s operations
A.
1 only.
B.
1 and 2 only.
C.
1, 2, and 4 only.
D.
1, 2, 3, and 4.
Answer (C) is correct. Planning for consulting services involves considering what benefits these engagements may offer. According to Implementation Standard 2010.C1, “The chief audit executive should consider accepting proposed consulting engagements based on the engagement’s potential to improve management of risk, add value, and improve the organization’s operations. Accepted engagements must be included in the plan.”
A. The CAE also considers the engagement’s potential to improve management of risks and improve the organization’s operations. B. The CAE also considers the engagement’s potential to improve the organization’s operations. D. The engagement’s potential to develop internal audit competencies is not a criterion explicitly stated in the Standards.
52. The internal audit activity’s plan of engagements is based on which of the following?
Risk Assessment
Input of
A.Undertaken at least annually
B.Undertaken at least annually
The board
The board and senior management
C.Undertaken at least semi-annually
D.Undertaken at least semi-annually
The board
The board and senior management
Answer (B) is correct. According to Implementation Standard 2010.A1, the internal audit activity’s plan of engagements must be based on a documented risk assessment, undertaken at least annually. Additionally, the input of senior management and the board must be considered in this process.
A. The plan must also be based on the input of senior management. C. The plan must be based on a documented risk assessment, undertaken at least annually, and consider the input of senior management. D. The plan must be based on a documented risk assessment, undertaken at least annually.
53. Which of the following is not a requirement of risk-based audit planning?
A.
The chief audit executive consults with external auditors.
B.
The risk-based plan considers the organization’s strategies and objectives.
C.
The risk-based plan is adjusted for changes in the organization’s business.
D.
To determine the priorities of the internal audit activity, a risk-based plan must be established.
Answer (A) is correct. The Standards only require the CAE to consult with the board and senior management (Interpretation of Standard 2010, Implementation Standard 2010.A1).
B. According to the Interpretation of Standard 2010, the chief audit executive obtains an understanding of the organization’s strategies, key objectives, associated risks, and risk management processes to develop the risk-based plan.
C. According to the Interpretation of Standard 2010, the chief audit executive adjusts the risk-based plan in response to changes in the organization’s business, risks, operations, programs, systems, and controls. D. According to Performance Standard 2010, the chief audit executive must establish a risk-based plan to determine the priorities of the internal audit activity.
54. What is the purpose of establishing an internal audit plan?
A.
To update the audit universe.
B.
To ensure adequate coverage of areas with the greatest exposure to risks.
C.
To identify areas of audits with lower risks.
D.
To identify, document, and analyze the means by which management mitigates the risks.
Answer (B) is correct. The purpose of establishing an internal audit plan is to ensure adequate coverage of areas with the greatest exposure to risks. The internal audit activity must prioritize to make decisions for applying resources. An internal audit plan normally focuses on (1) unacceptable current risks requiring management action, (2) control systems on which the organization is most reliant, (3) areas where the difference between inherent risk and residual risk is great, and (4) areas where inherent risk is very high.
A. The audit universe represents all auditable risk areas. The internal audit plan is based on the audit universe. However, updating the audit universe is not the purpose of establishing an internal audit plan. C. Lower-risk audits need to be included in the audit plan to give them coverage and confirm that their risk levels have not changed. It is not the purpose of establishing an internal audit plan. D. The internal auditor considers the significant risks of the activity and the means by which management mitigates risks in internal audit planning. Risks and activities should be documented. However, neither of these are the purpose for establishing an internal audit plan.
55. Which of the following is not a characteristic of effective risk management?
A.
It provides absolute assurance that organizational objectives will be achieved.
B.
It is fully integrated into management at all levels.
C.
It assists in identifying key controls.
D.
It reduces unacceptable risks to tolerable levels.
Answer (A) is correct. The IIA Glossary defines risk management as a process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization’s objectives. Thus, effective risk management only provides reasonable assurance, not absolute assurance. B. Effective risk management is fully integrated into management at all levels. C. Effective risk management assists in identifying key controls. D. Effective risk management assists in identifying key controls. Key controls reduce an otherwise unacceptable risk to a tolerable level.
56. Which of the following represents an external risk factor?
A. The organization’s CEO unexpectedly became ill and had to resign. The chairman of the board of directors stepped into the vacant role until a new CEO could be found. B. Constant repairs to outdated equipment used in the manufacturing process cost three times more than the amount budgeted. C. Additional safety regulations enacted by the government have caused a strain on the organization’s resources. D.
Weak controls over cash accounts have resulted in employee theft.
Answer (C) is correct. External risk factors arise from outside the organization. Examples of external risks include competitor actions, suppliers, industry issues, and employee and government relations. Examples of internal risk factors include quality and adherence to controls, timing and results of last engagement, materiality, asset liquidity, and management competence.
A. Risks arising from changes in organizational personnel are internal risks. B. Risks arising from organizational equipment are internal risks. D. Risks arising from inadequate controls are internal risks.
57. In the AICPA’s audit risk model, the risk that an auditor will express an inappropriate audit opinion when the financial statements are materially misstated is
A.
Audit risk.
B.
Inherent risk.
C.
Control risk.
D.
Detection risk.
Answer (A) is correct. Audit risk is “the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.” In the internal audit context, audit risk is the risk that the auditor will provide senior management and the board with inaccurate or incomplete information about governance, risk management, or control.
B. Inherent risk is the susceptibility of an assertion to material misstatement in the absence of related controls. C. Control risk is the risk that a material misstatement will not be prevented or detected by internal control. D. Detection risk is the risk that the auditor will not detect a material misstatement that exists in a relevant assertion. It is affected by the auditor’s procedures and can be changed at his or her discretion.
58. On the basis of audit evidence gathered and evaluated, an auditor decides to decrease the level of detection risk from that originally planned. Assuming the same planned audit risk level, the change in the planned detection risk most likely resulted from a(n)
A.
Decrease in the assessed control risk.
B.
Increase in materiality levels.
C.
Decrease in the assessed inherent risk.
D.
Increase in the assessed control risk.
Answer (D) is correct. Audit risk is a function of inherent risk, control risk, and detection risk. The only risk the auditor directly controls is detection risk. Thus, the auditor achieves the desired level of overall audit risk by adjusting detection risk in response to the assessed levels of inherent risk and control risk. Detection risk has an inverse relationship with control risk and inherent risk. If the auditor chooses to increase his or her assessment of control risk or inherent risk, detection risk should be decreased for a given planned audit risk.
A. An increase in the assessed control risk may require a lower planned detection risk for a given planned audit risk.
B. Materiality and risk are interrelated. However, as assessed risk increases, the auditor is likely to reduce the levels of materiality. C. An increase in the assessed inherent risk may require a lower planned detection risk for a given planned audit risk.
59. In the AICPA’s audit risk model, the risk that an auditor’s procedures will lead to the conclusion that a material misstatement does not exist in an account balance when, in fact, such misstatement does exist is
A.
Audit risk.
B.
Inherent risk.
C.
Control risk.
D.
Detection risk.
Answer (D) is correct. Detection risk is the risk that the auditor will not detect a material misstatement that exists in a relevant assertion. It is affected by the auditor’s procedures and can be changed at his or her discretion.
A. Audit risk includes inherent risk and control risk, which are not affected by the auditor’s procedures B. Inherent risk is the susceptibility of an assertion to material misstatement in the absence of related controls. C. Control risk is the risk that a material misstatement will not be prevented or detected by internal control.
60. The acceptable level of detection risk is inversely related to the
A.
Extent of engagement procedures performed.
B.
Risk of misapplying auditing procedures.
C.
Preliminary judgment about materiality levels.
D.
Risk of failing to discover material misstatements.
Answer (A) is correct. Detection risk is the only one of the three components of audit risk that is subject to the auditor’s direct control. The greater the assessed levels of control risk and/or inherent risk, the lower the acceptable
level of detection risk. Hence, the relationship between performing engagement procedures and detection risk is inverse.
B. The risk of misapplying auditing procedures is related to the auditor’s training and experience. C. Preliminary judgments about materiality are used by the auditor to determine the acceptable level of audit risk. Detection risk is just one component of audit risk. D. The acceptable level of detection risk is directly related to the risk of failing to discover material misstatements.
61. Inherent risk and control risk differ from detection risk in that they
A.
Arise from the misapplication of engagement procedures.
B.
May be assessed in either quantitative or nonquantitative terms.
C.
Exist independently of the audit engagement.
D.
Can be changed at the auditor’s discretion.
Answer (C) is correct. Inherent risk and control risk exist independently of the engagement and cannot be changed by the auditor, only assessed. Detection risk is set by the auditor in response to his or her assessment of inherent and control risk.
A. The misapplication of engagement procedures may affect detection risk but is independent of inherent and control risk. B. All three components of audit risk may be assessed either quantitatively or nonquantitatively. D. Inherent risk and control risk must be assessed by the auditor, who then sets detection risk in response.
62. Inherent risk and control risk differ from detection risk in that inherent risk and control risk are
A.
Elements of audit risk, whereas detection risk is not.
B.
Changed at the auditor’s discretion, whereas detection risk is not.
C.
Considered only for entity as a whole, not for each engagement.
D.
Functions of the client and its environment, whereas detection risk is not.
Answer (D) is correct. Detection risk is a function of the effectiveness of an engagement procedure and of its application by an auditor and can be changed at his or her discretion. Inherent risk and control risk differ from detection risk in that they exist independently of the engagement. They are functions of the client’s line of business and system of internal control.
A. Detection risk is also a component of audit risk. B. Inherent risk and control risk are assessed by the auditor, but only detection risk can be changed at his or her discretion. C. Audit risk is assessed at the engagement level.
63. Which of the following audit risk components may be assessed in nonquantitative terms?
Control Risk
Detection Risk
Inherent Risk
A.
Yes
Yes
Yes
B.
No
Yes
Yes
C.
Yes
Yes
No
D.
Yes
No
Yes
Answer (A) is correct. All three components of audit risk may be assessed in quantitative terms such as percentages or in nonquantitative terms that range, for example, from high to low.
B. Control risk can be assessed in nonquantitative terms. C. Inherent risk can be assessed in nonquantitative terms. D. Detection risk can be assessed in nonquantitative terms.
64. An auditor assesses control risk because it
A.
Is relevant to the auditor’s understanding of the control environment.
B.
Provides assurance that the auditor’s materiality levels are appropriate.
C.
Indicates to the auditor where inherent risk may be the greatest.
D.
Affects the level of detection risk that the auditor may accept.
Answer (D) is correct. Inherent risk and control risk exist independently of the engagement and must be assessed by the auditor, who then sets detection risk in response.
A. The understanding of the control environment provides evidence for assessing control risk, not the other way around. B. Materiality levels are based upon auditor judgment. C. Inherent risk is independent of internal control.
65. On the basis of audit evidence gathered and evaluated, an auditor decides to increase the assessed level of control risk from that originally planned. To achieve an overall audit risk level that is substantially the same as the planned audit risk level, the auditor would
A.
Increase inherent risk.
B.
Increase materiality levels.
C.
Decrease inherent risk.
D.
Decrease detection risk.
Answer (D) is correct. Audit risk is a function of inherent risk, control risk, and detection risk. The only risk the auditor directly controls is detection risk. Thus, the auditor achieves the desired level of overall audit risk by adjusting detection risk in response to the assessed levels of inherent risk and control risk. Detection risk has an inverse relationship with control risk. If the auditor chooses to increase the assessment of control risk, detection risk should be decreased.
A. Inherent risk is not controllable by the auditor and can only be assessed. B. Materiality and risk are interrelated. However, as risk increases, the auditor will likely reduce materiality. C. Inherent risk is not controllable by the auditor and can only be assessed.
66. In the AICPA’s audit risk model, which of the following is a definition of control risk?
A. The risk that a material misstatement will not be prevented or detected on a timely basis by the client’s internal controls. B.
The risk that the auditor will not detect a material misstatement.
C.
The risk that the auditor’s assessment of internal controls will be at less than the maximum level.
D. The susceptibility of material misstatement assuming there are no related internal control policies or procedures.
Answer (A) is correct. Control risk is the risk that internal control will not prevent or detect on a timely basis a material misstatement that could occur in a relevant assertion.
B. The risk that the auditor will not detect a material misstatement that exists in a relevant assertion is the definition of detection risk. C. When the auditor’s assessment of internal controls is at less than the maximum level, the auditor has an expectation of their operating effectiveness. This expectation results in a reduced assessment of the risk of material misstatement. D. The susceptibility of material misstatement assuming there are no related internal control policies or procedures is the definition of inherent risk.
67. Risk modeling in a consulting service can be accomplished by
1. Ranking the engagement’s potential to improve management of risks 2. Ranking the engagement’s potential to add value 3. Ranking the engagement’s potential to improve the organization’s operations
A.
1 and 2.
B.
1 and 3.
C.
1, 2, and 3.
D.
3 only.
Answer (C) is correct. Risk modeling in a consulting service can be accomplished by ranking the engagement’s potential to improve management of risks, add value, and improve the organization’s operations as identified in Impl. Std. 2010.C1.
A. Risk modeling in a consulting service can also be accomplished by ranking the engagement’s potential to improve the organization’s operations. B. Risk modeling in a consulting service can also be accomplished by ranking the engagement’s potential to add value D. Risk modeling in a consulting service can also be accomplished by ranking the engagement’s potential to improve the management of risks and ranking the engagement’s potential to add value.
68. Who reviews and approves a summary of the internal audit plan?
A.
Senior management and the board.
B.
The audit committee and the board.
C.
Senior management only.
D.
The chief audit executive (CAE) only.
Answer (A) is correct. According to Perf. Std. 2020, senior management and the board review and approve the internal audit plan. B. The CAE also submits the internal audit plan to senior management. C. The CAE also submits the internal audit plan to the board. D. The audit plan is submitted to senior management and the board.
69. As the chief audit executive, you have determined that the acquisition of some expensive, state-of-the-art software for paperless working paper files will be useful. Identify the preferred method for presenting your request to senior management.
A.
The effect of not obtaining the software.
B.
Statement of need.
C.
Comparison with other internal audit activities.
D.
Evaluation of the software’s technical specifications.
Answer (A) is correct. The CAE must communicate the internal audit activity’s plans and resource requirements to senior management and the board for review and approval. The CAE also must communicate the effect of resource limitations (Perf. Std. 2020).
B. The need must be weighed against the cost. C. Other internal audit activities may have different cost-benefit relationships. D. Specialists, not senior management, will perform this evaluation.
70. Bobby Fitz, CAE, believes that the internal controls over cash disbursements need major revisions. Mr. Fitz discussed this matter with senior management and was very alarmed at their acceptance of this serious risk. What action should Mr. Fitz take next?
A.
Report the matter to the board immediately.
B.
Understand management’s basis for accepting the risk.
C.
Determine whether management has the authority to accept the risk.
D.
Further attempt to resolve the disagreement.
Answer (B) is correct. The first thing the CAE should do is understand management’s basis for the decision. It is possible that management has knowledge about the risk that the CAE does not. This knowledge may prove it suitable to accept the risk.
A. While this is an action the CAE could take, the CAE should first understand and try to further resolve the disagreement before reporting it to the board. C. While this is an action the CAE should take, the CAE should first understand management’s basis for accepting the risk. D. While this is an action the CAE should take, the CAE should first understand management’s basis for accepting the risk. This is the last step the CAE should attempt before informing the board.
71. What should the CAE do if the scope of the internal audit plan is insufficient to permit expression of an opinion about risk management and control?
A.
Design more procedures to ensure the audit plan becomes sufficient.
B.
The CAE should inform senior management and the board about gaps in audit coverage.
C. Make the decision to outsource the internal audit function so the scope of the audit plan can be sufficient. D.
Hire more internal auditors to increase the scope of the engagement.
Answer (B) is correct. In the event that the audit plan is insufficient, the CAE should inform senior management and the board about gaps in audit coverage.
A. In the event that the audit plan is insufficient, the CAE should inform senior management and the board. C. In the event that the audit plan is insufficient, the CAE should inform senior management and the board. Also, the CAE does not have the authority to make this type of decision. D. In the event that the audit plan is insufficient, the CAE should inform senior management and the board. Also, the CAE does not have the authority to make this type of decision.
72. A chief audit executive’s performance report should
A.
List the material engagement observations of major engagements.
B.
List uncorrected reported conditions.
C.
Report the weekly activities of the individual internal auditors.
D.
Compare engagements completed with engagements planned.
Answer (D) is correct. The CAE must report periodically to senior management and the board on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan and on conformance with the Code of Ethics and the Standards (Perf. Std. 2060). Therefore, the performance report should compare engagements completed with engagements planned.
A. A list of material engagement observations is not a performance report. B. A list of uncorrected reported conditions is not a performance report. C. A report of weekly activities is not a performance report.
73. The chief audit executive routinely reports to the board as part of the board meeting agenda each quarter. Senior management has asked to review this presentation before each board meeting so that any issues or questions can be discussed beforehand. The CAE needs to
A. Provide the report to senior management as requested and discuss any issues that may require action to be taken. B. Withhold disclosure of the report to senior management because such matters are the sole province of the board. C. Disclose to the board only those matters in the report that pertain to expenditures and financial budgets of the internal audit activity. D. Provide information to senior management that pertains only to completed engagements and observations available in published engagement communications.
Answer (A) is correct. The frequency and content of reporting are determined collaboratively by the chief audit executive, senior management, and the board. The frequency and content of reporting depends on the importance of the information to be communicated and the urgency of the related actions to be taken by senior management and/or the board (Inter. Std. 2060).
B. Reports must be presented to senior management C. The report is not restricted to expenditures and financial budgets. Information about significant deviations from the approved audit plan and staffing plans also is included. D. The information need not be limited to completed engagements and observations available in published engagement communications.
74. The best means for the internal audit activity to determine whether its goal of implementing broader coverage of functional activities has been met is through
A.
Accumulation of engagement observations by engagement client.
B.
Comparison of the approved audit plan with actual engagement activity.
C.
Surveys of management satisfaction with the internal audit activity.
D.
Implementation of a quality assurance program.
Answer (B) is correct. The CAE must report periodically to senior management and the board on the internal audit activity’s purpose, authority, responsibility, and performance relative to its plan and on conformance with the Code of Ethics and the Standards (Perf. Std. 2060). A. The number of engagement observations is not an indicator of breadth or quality of work. C. Management satisfaction does not directly relate to the expressed goal (broader engagement coverage). D. Implementation of a quality assurance program has no bearing on the stated goal.
75. In which of the following duties would the chief audit executive least likely have a primary role?
A.
Determine the need for expanded testing.
B.
Review the summary observations sheet.
C.
Select or approve team members.
D.
Organize and draft the final engagement communication
Answer (D) is correct. The CAE has overall responsibility for the internal audit activity. Consequently, (s)he would most likely delegate the task of organizing and drafting the final engagement communication for a specific engagement. A. Determining the need for expanded testing is a supervisory task more likely to be undertaken by the CAE. B. Reviewing summary findings is a supervisory task more likely to be undertaken by the CAE. C. Selecting or approving team members is a supervisory task more likely to be undertaken by the CAE.
76.An annual summary report of completed engagement work submitted to senior management and the board by the chief audit executive should
A.
Discuss the administrative condition of the internal audit activity.
B.
Inform management of the scope of proposed work for the following year.
C.
Describe the extent to which the internal audit activity has completed its approved audit plan.
D.
Emphasize the number of deficiency observations discovered by the internal auditors.
Answer (C) is correct. According to Perf. Std. 2060, the CAE must report the internal audit activity’s performance relative to its plan. An annual summary report ordinarily includes such performance results. A. The administrative condition of the internal audit activity is a subject appropriate for an external assessment. B. This information is contained in the summary of the engagement work schedule, staffing plan, and financial budget for the coming year submitted to senior management and the board. D. The materiality of observations, not their number, should be emphasized.
77. Which of the following is an appropriate responsibility of the board?
A.
Performing a review of the procurement function of the organization.
B. Reviewing the internal audit activity’s engagement work schedule submitted by the chief audit executive. C. Reviewing the engagement records of the public accounting firm to determine the firm’s competence. D.
Recommending the assignment of specific internal audit staff members for specific engagements.
Answer (B) is correct. The CAE must communicate the internal audit activity’s plans and resource requirements, including significant interim changes, to senior management and the board for review and approval (Perf. Std. 2020).
A. Reviewing the procurement function of the organization requires detailed technical ability.
C. The board will not likely have access to the public accounting firm’s engagement reports. D. Specific assignments should be made by internal audit activity management.
78. Johnny Hagerts, the chief audit executive of Booster, Inc., is having a meeting with senior management about the status of the internal audit. In this meeting, Mr. Hagerts should provide assurance to management about which of the following?
A.
Governance, risk management, and control.
B.
Sufficiency of internal audit staff.
C.
The time schedule of the engagement.
D.
The frequency and nature of reports.
Answer (A) is correct. The CAE has a duty to provide assurance to senior management and the board about governance, risk management, and control.
B. While the CAE reports this information to senior management and the board in a performance report, the CAE does not provide assurance about this information. C. While the CAE reports this information to senior management and the board in a performance report, the CAE does not provide assurance about this information. D. The CAE should agree with the board about the frequency and nature of reporting but provides no assurance about them.
79. Which of the following statements, if true, would justify a chief audit executive’s decision not to report certain control concerns regarding derivatives trading in a report to the audit committee?
A.
Management plans to initiate corrective action.
B.
The board has a separate committee to make recommendations on trading issues.
C. The amounts of trading and the potential risks associated with the derivatives trading are not material to the overall organization.
D. Derivatives are complex, and the auditor should rely on management’s analysis of the extent of the problem.
Answer (C) is correct. The chief audit executive (CAE) must report periodically to senior management and the board significant risk and control issues, including fraud risks, governance issues, and other matters that require the attention of senior management or the board (Perf. Std. 2060). Thus, the CAE is not required to report immaterial risk and control issues.
A. The CAE must report significant control issues even if management plans to initiate corrective action. B. The CAE must report significant control issues even if the board has a separate committee to make recommendations on trading issues. D. The CAE must report significant control issues regardless of the complexity of derivative trading or management’s analysis of the problem.
80. If the annual audit plan does not allow for adequate review of compliance with all material regulations affecting the company, the internal audit activity should:
A.
Ensure that the board of directors and senior management are aware of the limitation.
B.
Include a memo with the audit planning file listing the reasons for the lack of coverage.
C.
Document that regulations not included will be reviewed in the subsequent year.
D.
Decrease the scope of operational and financial audits to make additional audit time available.
Answer (A) is correct. The CAE must communicate the internal audit activity’s plans and resource requirements, including limitations, to senior management and the board for review and approval.
B. The knowledge of incomplete audit coverage should not be limited to the internal audit activity. C. Compliance with material regulations may need to be reviewed at least on an annual basis. D. Audit coverage in other areas should not be automatically reduced. The internal audit activity may require additional resources to provide adequate coverage of risks.
81. All of the following are required communications by the chief audit executive (CAE) to senior management and the board except
A.
Results of analysis into staffing needs.
B.
Significant interim changes in plans and resources.
C.
Effects of any resource limitations.
D.
The internal audit activity’s plans and resource requirements.
Answer (A) is correct. The CAE must communicate the internal audit activity’s plans and resource requirements, including significant interim changes, to senior management and the board for review and approval. The CAE also must communicate the effects of resource limitations. The CAE is not required to report the results of an analysis of staffing needs.
B. The CAE must communicate significant interim changes in plans to senior management and the board. C. The CAE must communicate the effects of resource limitations to senior management and the board. D. The CAE must communicate the internal audit activity’s plans and resource requirements to senior management and the board.
PART-2 UNIT 5
1.An external consultant is developing methods for the management of a city’s capital facilities. An appropriate scope of an engagement to evaluate the consultant’s product is to
A.Review the consultant’s contract to determine its propriety. B.Establish the parameters of the value of the items being managed and controlled. C.Determine the adequacy of the risk management and control systems for the management of capital facilities. D.Review the handling of idle equipment.
Answer (C) is correct. “In planning the engagement, internal auditors must consider:
The strategies and objectives of the activity being reviewed and the means by which the activity controls its performance.
The significant risks to the activity’s objectives, resources, and operations and the means by which the potential impact of risk is kept to an acceptable level.
The adequacy and effectiveness of the activity’s governance, risk management, and control processes compared to a relevant framework or model.
The opportunities for making significant improvements to the activity’s governance, risk management, and control processes” (Perf. Std. 2201).
A.The review of the consultant’s contract to determine its propriety is related to the procurement decision. B.The establishment of parameters for values of items being managed and controlled is a management responsibility. D.Management must determine policies regarding idle equipment. Some equipment may be retained for emergency use.
2.Which of the following is least likely to be placed on the agenda for discussion at a pre-engagement meeting?
A.Objectives and scope of the engagement. B.Client personnel needed.
C.Sampling plan and key criteria. D.Expected starting and completion dates.
Answer (C) is correct. Possible objectives and scope for the engagement, the client personnel to whom the auditors need access, and the expected start and completion dates for the engagement are all appropriate matters for discussion at a pre-engagement meeting. The sampling plan cannot be drafted until risk is assessed and the engagement objectives are set.
A.Topics of discussion may include planned objectives and scope of work. B.Topics of discussion may include resources needed. D.Topics of discussion may include the timing of the work.
3.As part of planning an engagement, the internal auditor in charge does all of the following except
A.Determine the period covered. B.Conduct meetings with management responsible for the activity under review. C.Distribute reports from meetings with management. D.Determine to whom engagement results will be communicated.
Answer (D) is correct. The CAE determines how, when, and to whom engagement results will be communicated.
A.The internal auditor determines engagement requirements not determined by the CAE. The internal auditor’s determinations include the period covered, estimated completion dates, and the final engagement communication format. B.The internal auditor informs those in management who need to know about the engagement and conducts meetings with management responsible for the activity under review. C.The internal auditor conducts meetings with management responsible for the activity under review, summarizes and distributes the discussions and any conclusions reached from the meetings, and retains the documentation in the engagement workpapers.
4.Internal auditors must make a preliminary assessment of risks when conducting an assurance engagement. This assessment may involve quantitative (objective) and subjective factors. The least subjective factor is
A.The organization’s recognized losses on derivatives. B.The auditor’s assessment of management responses. C.Changes in the auditee’s business forecast. D.The evaluation of internal control.
Answer (A) is correct. In planning the engagement, internal auditors must consider the significant risks and the means by which the potential impact of risk is kept to an acceptable level (Perf. Std. 2201). Risk factors have differing degrees of objectivity. The most objective (least subjective) factors are facts. The organization’s losses on derivatives are facts and therefore objective to the extent measurable. Objective information is such that it can be supported by facts or numbers. Subjective information is a judgment and may be interpreted differently by different people.
B.The auditor’s assessment of management responses is a professional judgment. C.The business forecast is not a fact. D.The evaluation of internal control is based on professional judgment. Information based on judgment is subjective.
5.Levels of production stoppages over the past year at a large laminating business were abnormally high due to machine malfunctions. Would it be appropriate for the internal auditing function to develop a survey examining attitudes toward line operations, rotation of work zones, training, maintenance schedule, etc., for the machine operators to complete?
A.Yes, the survey is reliable without corroboration. B.Yes, the examined areas are relevant to the malfunctions. C.No, the examined areas are irrelevant to the malfunctions. D.No, the survey is inappropriate without corroboration.
Answer (B) is correct.
Internal auditors must conduct a preliminary assessment of the risks relevant to the activity under review. Engagement objectives must reflect the results of this assessment (Impl. Std. 2210.A1). Internal auditors also may perform a survey to (1) become familiar with the activities, risks, and controls to identify areas for engagement emphasis and (2) invite comments and suggestions from engagement clients. The survey is appropriate as a means to conduct a preliminary assessment because the examined areas are relevant. The auditors also need to corroborate the information before any final assessment.
A.Reliability without corroboration is not the reason why the use of the survey is appropriate. The auditors need to corroborate the information before any final assessment. C.The examined areas are relevant to the malfunctions. D.The need for corroboration is determined after the survey is completed. Corroboration does not preclude the use of the survey.
6.Which of the following activities represents the greatest risk to a post-merger manufacturing organization and is therefore most likely to be the subject of an internal audit engagement?
A.Combining imprest funds. B.Combining purchasing functions. C.Combining legal functions. D.Combining marketing functions.
Answer (B) is correct. The financial exposure in the purchasing function is ordinarily greater than in, for example, the legal and marketing functions. Also, purchasing functions ordinarily represent the greatest exposure to loss of the items listed and are therefore most likely to be evaluated. After a merger, risk is heightened because of the difficulty of combining the systems of the two organizations. Thus, the likelihood of an engagement is increased.
A.Imprest funds are typically immaterial in amount. C.Legal functions do not typically represent a risk of loss as great as the purchasing functions. D.Marketing functions do not typically represent a risk of loss as great as the purchasing functions.
7.Which of the following factors should an internal auditor consider when planning an audit of an activity?
A.The objectives of the activity, the number of employees involved, and the control system. B.The qualifications of management, the significant risks, and the control system. C.The objectives of the activity, the significant risks, and the control system. D.The number of employees involved, the control system, and the recommendations of external auditors.
Answer (C) is correct. According to Perf. Std. 2201, Planning Considerations, the factors internal auditors must consider when planning an audit of an activity include (1) the strategies and objectives of the activity; (2) the significant risks to objectives, resources, and operations; and (3) the means by which the activity is managing those risks (governance, risk management, and control processes).
A.The Standards do not require internal auditors to consider the number of employees involved. B.The Standards do not require internal auditors to consider the qualifications of management. D.The Standards do not require internal auditors to consider the number of employees involved or the recommendations of external auditors.
8.Documentation required to plan an internal audit engagement includes information that
A.Resources needed to complete the engagement were considered. B.Planned engagement work will be completed on a timely basis. C.Intended engagement observations have been clearly identified. D.Internal audit activity resources are efficiently and effectively employed.
Answer (A) is correct. Internal auditors must develop and document a plan for each engagement, including the engagement’s objectives, scope, timing, and resource allocations (Perf. Std. 2200).
B.Whether the planned work will actually be completed on time cannot be known in the planning phase.
C.Observations are what is actually found by performing procedures. Auditors must not anticipate the results of the work. To do so indicates a lack of objectivity. D.Documenting the economic and efficient use of resources can be done only upon completion of the engagement.
9.In planning an assurance engagement, a survey could assist with all of the following except
A.Obtaining engagement client comments and suggestions on control problems. B.Obtaining preliminary information on controls. C.Identifying areas for engagement emphasis. D.Evaluating the adequacy and effectiveness of controls. Answer (D) is correct. Internal auditors may perform a survey to (1) become familiar with activities, risks, and controls to identify areas for engagement emphasis and (2) invite comments and suggestions from stakeholders. A survey is not sufficient for evaluating the adequacy and effectiveness of controls. Evaluation requires testing.
A.A survey could assist with obtaining client comments and suggestions on control problems. B.A survey could assist with obtaining preliminary information on controls. C.A survey could assist with obtaining preliminary information on controls.
10.Which of the following best describes a preliminary survey?
A.A standardized questionnaire used to obtain an understanding of management objectives. B.A statistical sample of key employee attitudes, skills, and knowledge. C.A “walk-through” of the financial control system to identify risks and the controls that can address those risks. D.A process used to become familiar with activities and risks to identify areas for engagement emphasis.
Answer (D) is correct. Internal auditors may perform a survey to (1) become familiar with the activities, risks, and controls to identify areas for engagement emphasis and (2) invite comments and suggestions from stakeholders.
A.A preliminary survey covers many areas besides management objectives. B.A preliminary survey normally does not include statistical sampling. C.A walk-through of controls is only one possible component of a preliminary survey.
11.During an operational engagement, an internal auditor compares the inventory turnover rate of a subsidiary with established industry standards to
A.Evaluate the accuracy of the subsidiary’s internal financial reports. B.Test the subsidiary’s controls designed to safeguard assets. C.Determine if the subsidiary is complying with organizational procedures regarding inventory levels. D.Assess the performance of the subsidiary and indicate where additional engagement work may be needed.
Answer (D) is correct. Analytical procedures often are used during the preliminary survey to identify potential areas for additional engagement work.
A.Evaluating the reliability and integrity of financial records is one component of a financial, not an operational, engagement. B.Evaluating the safeguarding of assets is one component of a financial, not an operational, engagement. C.Testing inventory turnover addresses economy and efficiency issues, not compliance.
12.In advance of a preliminary survey, a chief audit executive sends a memorandum and questionnaire to the supervisors of the department to be evaluated. What is the most likely result of that procedure?
A.It creates apprehension about the engagement. B.It involves the engagement client’s supervisory personnel in the engagement. C.It is an uneconomical approach to obtaining information.
D.It is only useful for engagements of distant locations.
Answer (B) is correct. Sending a memorandum and questionnaire to the auditee is part of a participative approach. It helps involve the supervisors of the department and thereby encourages a more collegial approach to the engagement. Obtaining the assistance of the auditee in data gathering, evaluating operations, and solving problems should result in improved relations and in more effective and efficient engagements.
A.Greater knowledge of the upcoming engagement is more likely to remove some of the apprehension about the engagement. C.Sending a memorandum and questionnaire to the auditee is normally more economical. Some basic data gathering may be done by those most competent to do it rapidly. D.Sending a memorandum and questionnaire is advantageous in most circumstances.
13.The audit committee has raised a few issues that the internal audit activity will examine during an operational audit for the current year. When performing the preliminary survey, which of the following is not an appropriate technique?
A.Performing interviews. B.Developing questionnaires. C.Determining the largest risk of financial statement misstatement. D.All of the answers are appropriate techniques.
Answer (C) is correct. Determining potential misstatements is not the objective of an operational audit. Additionally, a final risk analysis is developed at a later time in the audit, not during the preliminary survey. A preliminary risk assessment is appropriate during this stage.
A.Performing interviews allows the auditor to explore objectives, goals, and standards of operation, along with risks. The interview also allows the auditor to gain insights into management’s style. B.Questionnaires can trigger appropriate preparation for the auditor’s arrival as well as give the auditor insight into the organization’s operations. D.The development and use of risk analysis to determine the largest risk of misstatement is not an appropriate preliminary survey technique.
14.Checklists used to assess risk have been criticized for all of the following reasons except
A.Providing a false sense of security that all relevant factors are addressed. B.Inappropriately implying equal weight to each item on the checklist. C.Decreasing the uniformity of data acquisition. D.Being incapable of translating the experience or sound reasoning intended to be captured by each item on the checklist.
Answer (C) is correct. Checklists increase the uniformity of data acquisition. They ensure that a standard approach to assessing risk is taken and minimize the possibility of omitting consideration of factors that can be anticipated.
A.A checklist may omit factors the importance of which could not be foreseen. B.Each item will not be of equal significance. D.A checklist does not substitute for the sound professional judgment needed to understand the process of assessing risk.
15.The internal auditor has gained an understanding of the design of an engagement client’s internal controls. The most appropriate next step is to
A.Test controls to determine whether they are functioning as designed. B.Halt the engagement and issue a report about inadequate controls. C.Draw preliminary conclusions about internal control. D.Contact the engagement client’s direct supervisor to recommend that the head of the department or function under audit is transferred or terminated.
Answer (C) is correct. Internal auditors gain an understanding of the design of the engagement client’s internal controls. The auditors then draw conclusions about whether internal controls are designed adequately to achieve management’s control objectives.
A.If controls are poorly designed, testing their operation is most likely a poor use of audit resources.
B.A determination that internal controls are inadequate is not sufficient grounds for halting a scheduled engagement. D.Advising on such personnel matters is not an appropriate internal audit function.
16.A page from an internal auditor’s workpapers contains notes made in the prior period. They specify which controls are relevant in the current period and which controls will soon be obsolete. The notes relate to
A.Preliminary survey. B.Review for adequacy of control processes. C.Review for effectiveness of control processes. D.Review of results.
Answer (A) is correct. A test from a prior engagement might be reviewed in the preliminary survey as background material. The notes made while evaluating controls are used by the auditor in the current period to identify matters of interest and possible deficiencies.
B.Controls are adequate if management has planned and designed in a manner that provides reasonable assurance that objectives will be achieved efficiently and economically. Reviewing notes from the prior period is not done to evaluate the adequacy of controls. C.Controls are effective if management directs processes so as to provide reasonable assurance that objectives will be achieved. Reviewing notes from the prior period is not done to evaluate effectiveness of controls. D.Reviewing notes from the prior period is not done in a review of results. Internal auditors review operations and programs to determine the extent to which results are consistent with objectives.
17.The established scope of the engagement must be sufficient to satisfy the objectives of the engagement. When developing the objectives of the engagement, the internal auditor considers the
A.Probability of significant noncompliance. B.Information included in the engagement work program. C.Results of engagement procedures. D.Resources required.
Answer (A) is correct. Internal auditors must consider the probability of significant errors, fraud, noncompliance, and other exposures when developing assurance engagement objectives (Impl. Std. 2210.A2).
B.Engagement objectives must be determined before the engagement work program is written. C.The objectives determine the procedures to be performed D.Internal auditors determine the resources required to achieve the engagement objectives.
18.The preliminary survey phase of an engagement to evaluate recruiting activity shows that hotel and airfare expenses are approximately equal. Both hotel and airline arrangements are made by the recruiting group secretary. Based on this information, the scope of field work should include
A.Considering competitive factors involved in the selection of hotel accommodations. B.Recommending that someone outside the recruiting group make hotel and airline reservations. C.Comparing the detail of hotel charges per candidate’s expense reports with copies of hotel bills obtained directly from hotel sources. D.Obtaining assurance that candidates’ legal rights are protected during the course of the interview experience.
Answer (A) is correct. Internal auditors can provide assistance to managers by determining whether underlying assumptions are appropriate, information is current and relevant, and suitable controls are incorporated into the operation in question. The scope of an engagement to evaluate recruiting expenses should include an inquiry as to whether procedures to minimize costs are in place and functioning effectively.
B.Recommending that someone outside the recruiting group make hotel and airline reservations is a recommendation, not the scope of the engagement effort. C.Comparing the detail of hotel charges on a candidate’s expense reports to copies of hotel bills obtained directly from hotel sources is an engagement procedure. It is done in the preliminary survey. D.The legal rights of interviewees are not relevant to an engagement to evaluate recruiting expenses.
19.Fact Pattern: The chief audit executive (CAE) of a mid-sized internal audit activity was concerned that management might outsource the internal auditing function. Thus, the CAE adopted a very aggressive program to promote the internal audit activity within the organization.
The CAE planned to present the results to senior management and the board and recommend modification of the internal audit activity’s charter after using the new program. The following lists six actions the CAE took to promote a positive image within the organization: 1.
Engagement assignments concentrated on efficiency. The engagements focused solely on cost savings, and each engagement communication highlighted potential costs to be saved. Negative observations were omitted. The focus on efficiency was new, but the engagement clients seemed very happy.
2.
Drafts of all engagement communications were carefully reviewed with the engagement clients to get their input. Their comments were carefully considered when developing the final engagement communication.
3.
The information technology internal auditor participated as part of a development team to review the control procedures to be incorporated into a major computer application under development.
4.
Given limited resources, the engagement manager performed a risk assessment to establish engagement work schedule priorities. This was a marked departure from the previous approach of ensuring that all operations are evaluated on at least a 3-year interval.
5.
To save time, the CAE no longer required that a standard internal control questionnaire be completed for each engagement.
6.
When the internal auditors found that the engagement client had not developed specific criteria or data to evaluate operations, the internal auditors were instructed to perform research, develop specific criteria, review the criteria with the engagement client, and, if acceptable, use them to evaluate the engagement client’s operations. If the engagement client disagreed with the criteria, a negotiation took place until acceptable criteria could be agreed upon. The engagement communication commented on the engagement client’s operations in conjunction with the agreed-upon criteria.
Q:Regarding Action 6, which of the following elements of the action most likely would have rendered it inappropriate if omitted?
A.Seek agreement with the client about the criteria. B.Developing a set of criteria to present to the engagement client as a basis for evaluating the engagement client’s operations. C.Commenting on the agreed-upon criteria. D.All of the answers are correct.
Answer (A) is correct. If the criteria established by management to determine whether objectives and goals have been accomplished are inadequate, the internal auditors must work with management to develop appropriate evaluation criteria (Impl. Std. 2210.A3).
B.Internal auditors may be required to interpret or select operating standards and then to seek agreement with engagement clients as to the criteria needed to measure operating performance. C.The engagement final communication should include observations and recommendations with the following attributes: criteria, condition, cause, and effect. Criteria are the standards, measures, or expectations used in making an evaluation or expectation. The effect is the impact of the difference between the criteria (what should exist) and the condition (what does exist). D.Two of the responses are incorrect.
20.In evaluating the effectiveness and efficiency with which resources are employed, an internal auditor is responsible for
A.Determining the extent to which adequate operating criteria have been established. B.Verifying the existence of assets. C.Reviewing the reliability of operating information. D.Verifying the accuracy of asset valuation.
Answer (A) is correct. Internal auditors must ascertain the extent to which management has established adequate criteria to determine whether objectives and goals have been accomplished (Impl. Std. 2210.A3).
B.Verifying existence relates to the safeguarding of assets. C.The reliability of operating information concerns the reliability and integrity of information. D.Verifying the accuracy of asset valuation concerns the reliability and integrity of information.
21.All of the following are acceptable criteria on which an internal audit may be based except
A.Policies and procedures. B.Standards or guidelines. C.Control frameworks. D.Management cooperation with audit activities.
Answer (D) is correct.
Management cooperation with audit activities is not a measure or expectation but rather a condition. A condition is the factual evidence that the internal auditor found in the course of the examination.
A.Policies and procedures are standards, measures, or expectations that may be used to make an evaluation. The internal auditor may evaluate the conditions and determine that the organization or process is in compliance with the policies and procedures B.Standards or guidelines are standards, measures, or expectations that may be used to make an evaluation. The auditor may determine that the process being audited is in compliance with the standards or guidelines. C.The auditor decides whether the controls implemented are adequate and effective. A control framework is useful in such an evaluation.
22.Before an assurance engagement can be performed, the auditor must identify appropriate criteria. The sources of such criteria are least likely to include
A.Benchmarks for the leading firms in the industry. B.Best practices for another industry. C.Historical cost information for the processes examined. D.Government regulations for the industry.
Answer (B) is correct. Acceptable industry standards, standards developed by professions or associations, standards in law and government regulations, and other sound business practices are usually deemed to be appropriate criteria.
A.Benchmarks for the leading firms in the industry are more likely to provide adequate criteria than those for firms in an unrelated industry. C.Historical cost information for the processes examined is clearly relevant if they have not changed materially. D.Government regulations for the industry must be followed.
23.Internal auditors need to determine the extent to which management has established adequate control criteria. For this purpose, which of the following actions may be appropriate? Determining whether objectives have been accomplished Using management’s adequate control criteria in their evaluation
Working with management to develop appropriate control evaluation criteria
A.1 only. B.1 and 2 only. C.1, 2, and 3. D.2 only.
Answer (C) is correct. “Adequate criteria are needed to evaluate controls. Internal auditors must ascertain the extent to which management has established adequate criteria to determine whether objectives and goals have been accomplished. If adequate, internal auditors must use such criteria in their evaluation. If inadequate, internal auditors must identify appropriate evaluation criteria through discussion with management and/or the board” (Impl. Std. 2210.A3).
A.The internal auditors also may take the actions described in statements 2 and 3. B.The internal auditors also may take the action described in statement 3. D.The internal auditors also may take the actions described in statements 1 and 3.
24.During an assessment of the risk associated with sales contracts and related commissions, which of the following factors would most likely result in an expansion of the engagement scope?
A.An increase in product sales, along with an increase in commissions. B.An increase in sales returns, along with an increase in commissions. C.A decrease in sales commissions, along with a decrease in product sales. D.A decrease in sales returns, along with an increase in product sales.
Answer (B) is correct. Commissions for sales personnel normally move in direct proportion to net sales. If returns are increasing, commissions should be decreasing. If the opposite is the case, internal audit should explore the matter.
A.An increase in sales would normally be accompanied by an increase in commissions C.A decrease in commissions would normally be accompanied by a decrease in sales.
D.A decrease in returns is not necessarily incompatible with an increase in sales. For instance, the entity’s products may have recently improved in quality.
25.Which of the following is not an engagement objective related to the purchasing function?
A.Determine whether purchases eligible for competitive bids are properly reviewed and authorized. B.Run background checks on unauthorized vendors. C.Determine whether receiving reports are independently verified. D.Determine whether goods received are properly reflected in purchasing records.
Answer (B) is correct. Engagement objectives are “broad statements developed by internal auditors that define intended engagement accomplishments” (The IIA Glossary). Thus, engagement objectives may be stated in various ways, but it should be clear what assurance is provided. Running background checks is an engagement procedure, not an engagement objective. The related objective is to determine whether vendors are authorized in accordance with management criteria.
A.Determining whether purchases eligible for competitive bids are reviewed and authorized is an engagement objective. C.Determining whether receiving reports are independently verified is an engagement objective. D.Determining whether goods received are properly reflected in purchasing records is an engagement objective.
26.An internal audit function is charged with evaluating the compliance of the organization’s human resources function with applicable laws, regulations, and internal policies. Which objective(s) is (are) appropriate for this engagement plan? 1)
Evaluate compliance with residency policy.
2)
Ensure that applicant pools are representative of the population.
3)
Assess the process used for responding to employee complaints.
4)
Question recently hired employees to assess compliance with interviewing standards.
A.1 and 2 only. B.1 and 3 only. C.3 only.
D.3 and 4 only.
Answer (B) is correct. Engagement objectives are broad statements developed by internal auditors that define intended engagement accomplishments. For a compliance engagement, they might include evaluating compliance with residency policy and assessing the employee complaint response process.
A.Ensuring that applicants are representative of the population is an operational objective of the human resources function, not an engagement objective of internal auditing. C.Evaluating compliance with residency policy also is an engagement objective of internal auditing. D.Questioning recently hired employees to assess compliance with the interview process is a potential engagement procedure, not an engagement objective.
27.Scope statements for assurance engagements may include which of the following? 1.
Boundaries of the process
2.
Areas that are within the scope and those that are excluded
3.
Time frame limitations
4.
Final report distribution
A.1 and 2 only. B.2 and 3 only. C.1, 2, and 3 only. D.1, 2, and 4 only.
Answer (C) is correct. Audit scope statements (1) describe the limits of the engagement, (2) identify activities to be reviewed and any related activities that are excluded, and (3) specify a time frame for completion.
A.Audit scope statements include time limitations. B.Audit scope statements also include the limits of the engagement. D.Audit scope statements do not include final report distribution.
28.Which of the following is not likely to be an assurance engagement objective related to auditing governance activities?
A.Determine customer satisfaction with shareholder communications. B.Determine the operating effectiveness of the whistleblower process. C.Evaluate the design adequacy of board education and training. D.Assess compliance with ethics policies.
Answer (A) is correct. According to The IIA Glossary, engagement objectives are broad statements developed by internal auditors that define intended engagement accomplishments. Also, an assurance service provides an independent assessment of governance, risk management, and control processes. But an evaluation of customer satisfaction is provided by a consulting service. B.Determining the operating effectiveness of the whistleblower process is an engagement objective related to governance activities. C.Evaluating the design adequacy of board education and training is an assurance engagement objective related to governance activities. D.Assessing compliance with ethics policies is an assurance engagement objective related to governance activities.
29.A United States organization plans to expand operations to Gambia. Which of the following are plausible assurance engagement objectives for an internal audit of the human resources department? 1)
Evaluate the clarity and transparency of the design of global compensation and benefit systems.
2)
Identify methods of improving communications with assignees, line management, and leadership.
3)
Assess compliance with applicable requirements for visas and work permits.
4)
Provide consultation to potential assignees and line management on terms and conditions of the internal assignment.
A.1 and 3 only. B.2 and 4 only. C.3 and 4 only. D.1, 2, and 4 only.
Answer (A) is correct. Audit engagement objectives are broad statements developed by internal auditors that define intended engagement accomplishments. Engagement objectives may be stated in various ways, but it should be clear what assurances the engagement will provide. The engagement objective to evaluate the clarity and transparency of the design of global compensation and benefit systems is intended to provide assurance about efficiency and effectiveness. The engagement objective to assess compliance with applicable requirements for visas and work permits is intended to provide assurance about compliance with laws and regulations.
B.Identifying techniques for fostering effective communications with assignees, line management, and leadership is an operational objective. C.Providing consultation to potential assignees and line management is not an assurance engagement objective and does not answer the question, “Why are we auditing this activity?” D.Identifying methods of improving communications with assignees, line management, and leadership is a consulting service, not an assurance engagement objective. It does not provide any assurance.
30.Which of the following audit objectives would be appropriate in an audit of the efficient use of an organization’s facilities?
A.To determine whether rates to lease office space for the organization are reasonable when compared to market lease rates. B.To determine whether facilities are procured competitively. C.To determine whether the actual capacity is reasonable compared to the needed capacity. D.To determine whether employees are satisfied with the allocation of office space among departments.
Answer (C) is correct. Objectives must be established for each engagement (Perf. Std. 2210). They are broad statements developed by internal auditors that define intended engagement accomplishments (The IIA Glossary). Efficiency is a measure of how well resources are used to achieve an outcome. When the resources are facilities, an appropriate measure of their efficient use includes comparing actual capacity used with budgeted or expected capacity. Thus, in an audit of the efficient use of an organization’s facilities, an appropriate audit objective is to determine whether the actual capacity is reasonable compared with the needed capacity.
A.The audit addresses usage, not cost. B.Determining whether facilities were procured competitively is not an appropriate measure of their efficient use.
D.Employee satisfaction is not an appropriate measure of the efficient use of facilities. 31.As a means of controlling projects and avoiding time-budget overruns, decisions to revise time budgets for an engagement should normally be made
A.Immediately after the survey. B.When a significant risk exposure has been substantiated. C.When inexperienced staff are assigned to an engagement. D.Immediately after expanding tests to establish reliability of observations.
Answer (A) is correct. If appropriate, a survey should be conducted to (1) become familiar with the activities, risks, and controls to identify areas for engagement emphasis and (2) invite comments and suggestions from engagement clients. This survey may lead to a determination that activities other than or in addition to those contemplated by the long-range engagement work schedule are necessary. Consequently, revision of the time budget may then be indicated.
B.When a risk exposure has been substantiated, no further engagement work is required. C.The assignment of inexperienced staff should have no effect on the decision to revise the time budget. D.Expanded tests should have no effect on the time budget; the budget would have already been expanded as necessary.
32.The internal auditor-in-charge has just been informed of the next engagement, and the engagement team has been assigned. Select the appropriate phase for finalizing the engagement budget.
A.During formulation of the long-range plan. B.After the preliminary survey. C.During the initial planning meeting. D.After the completion of all field work.
Answer (B) is correct. A survey permits an informed approach to planning and carrying out engagement work and is an effective tool for allocating the internal audit activity’s resources where they can be used most effectively. Among other things, the results of the survey should include preliminary estimates of time
and resource requirements. Thus, after the preliminary survey has been completed, the final engagement budget can be prepared.
A.An initial budget is determined during the formulation of the long-range plan, but revisions based on the preliminary survey may be required. C.At the initial planning meeting stage, the project is not sufficiently defined to complete the final budget. D.After the completion of field work, the budget is no longer useful as a control and evaluation tool.
33.According to the International Professional Practices Framework, to achieve engagement objectives, which of the following is not the responsibility of the internal auditors?
A.Determine appropriate and sufficient resources. B.Allocate engagement resources. C.Confirm organizational independence. D.Evaluate the nature and complexity of each engagement.
Answer (C) is correct. Organizational independence is effectively achieved when the chief audit executive reports functionally to the board (Inter. Attr. Std. 1110). The CAE must confirm to the board the organizational independence of the internal audit activity (Attr. Std. 1110). Therefore, confirming organizational independence is not the responsibility of the internal auditors.
A.Standard 2230: Engagement Resource Allocation states, “Internal auditors must determine appropriate and sufficient resources to achieve engagement objectives based on an evaluation of the nature and complexity of each engagement, time constraints, and available resources.” B.According to Implementation Guide 2230, “Internal auditors typically use their best professional judgment in determining the type and quantity of resources to allocate to an engagement to best accomplish its objectives.” D.According to Implementation Guide 2230, “Before determining how best to allocate engagement resources, it is essential for internal auditors to understand the nature and complexity of the engagement through discussions with key stakeholders, including management in the area to be audited.”
34.According to the Standards, internal auditors determine appropriate and sufficient resources to achieve engagement objectives based on an evaluation of all of the following except
A.Budgetary control of the engagement. B.Complexity of each engagement. C.Time constraints for each engagement. D.Available resources for each engagement.
Answer (A) is correct. All engagements should be under budgetary control. However, engagement resource allocation is not based on evaluation of budgetary control. Standard 2230: Engagement Resource Allocation states, “Internal auditors must determine appropriate and sufficient resources to achieve engagement objectives based on an evaluation of the nature and complexity of each engagement, time constraints, and available resources.”
B.To achieve engagement objectives, internal auditors must determine appropriate and sufficient resources based on an evaluation of complexity of each engagement. C.To achieve engagement objectives, internal auditors must determine appropriate and sufficient resources based on an evaluation of time constraints. D.To achieve engagement objectives, internal auditors must determine appropriate and sufficient resources based on an evaluation of available resources.
35.According to the Standards, what must internal auditors do to achieve engagement objectives?
A.Monitor daily operations of the internal audit activity. B.Obtain competent advice and assistance from external resources. C.Determine appropriate sufficient resources. D.Manage effective use of time by audit staff.
Answer (C) is correct. Standard 2230: Engagement Resource Allocation states, “Internal auditors must determine appropriate and sufficient resources to achieve engagement objectives based on an evaluation of the nature and complexity of each engagement, time constraints, and available resources.”
A.Management, not internal auditors, oversees the day-to-day operations of the internal audit activity B.Obtaining competent advice and assistance from external resources is the responsibility of the CAE. According to Implementation Standard 1210.A1, “The CAE must obtain competent advice and
assistance if the internal auditors lack the knowledge, skills, or other competencies needed to perform all or part of the engagement.” D.All engagements should be under budgetary control. Project budgets and schedules should be developed for each engagement. Monitoring time budgets and schedules allows the CAE to control projects and avoid overruns.
36.The auditor-in-charge for a financial audit is planning an engagement. Auditors will travel to a remote location to learn about the industry and business. The auditors will need to be able to work independently. Prior to allocating engagement resources, the auditor-in-charge should
A.Request a budget increase for the operation activities. B.Evaluate the experience and competencies of the audit staff. C.Tour the plant facilities and warehouse. D.Verify compliance with the applicable regulations for the industry. Answer (B) is correct. Prior to allocating engagement resources, the auditor-in-charge should evaluate (1) the number and experience of staff, (2) the knowledge, skills, and competencies of the staff, (3) training needs, and (4) whether external resources are required.
A.All engagements should be under budgetary control. Budget adjustments need to be justified and approved at a level higher than the engagement supervisor. C.Tours of facilities, through observation, provide support for inquiries and direct evidence about the entity and its environment. It is not necessary to tour the facilities prior to allocating engagement resources. D.Compliance with laws and regulations for the industry is verified during the audit by evaluating risks and the adequacy and effectiveness of controls. The auditor should obtain a general understanding of the legal and regulatory framework when planning the audit.
37.For the upcoming specialty engagement, the audit manager has organized a group of internal auditors and engaged external specialists who have diverse backgrounds and skill sets so that there is a mix of knowledge, skills, and other competencies needed to perform the engagement. According to the Standards, which of the following best describes this attribute of engagement resources that should be determined by internal auditors?
A.Sufficient. B.Practical. C.Appropriate.
D.Applicable.
Answer (D) is correct. “Applicable” is not an attribute of engagement resources that should be determined by internal auditors
A.According to the Interpretation of Standard 2230: Engagement Resource Allocation “sufficient” refers to the quantity of resources needed to accomplish the engagement with due professional care. B.“Practical” is not an attribute of engagement resources that should be determined by internal auditors C.Internal auditors must determine appropriate and sufficient resources to achieve engagement objectives based on an evaluation of the nature and complexity of each engagement (Perf. Std. 2230). According to the Interpretation of Standard 2230: Engagement Resource Allocation appropriate refers to the mix of knowledge, skills, and other competencies needed to perform the engagement.
38.Which of the following engagement objectives will be accomplished by tracing a sample of accounts receivable debit entries to customer invoices and related shipping documents?
A.Sales are properly recorded. B.Sales are billed at the correct prices. C.Accounts receivable represent valid sales. D.Customer credit is approved.
Answer (C) is correct. The process described is vouching. It begins with amounts recorded in the ledger and tracks backwards to the source documents. The purpose is to detect fictitious sales and ensure that each claimed sale is properly supported.
A.The objective of determining whether sales are properly recorded is accomplished by tracing a sample of sales invoices to accounts receivable. B.The objective of determining whether sales are billed at the correct prices is accomplished by tracing invoice prices to the organization’s approved price list. D.The objective of determining whether customer credit is approved is accomplished by examining sales documents for proper approvals by credit personnel.
39.Confirmations are a highly regarded form of information. Confirmation is most effective in addressing the existence assertion for the
A.Addition of a milling machine to a machine shop. B.Sale of merchandise during regular course of business. C.Inventory held on consignment. D.Granting of a patent for a special process developed by the organization.
Answer (C) is correct. When inventories are held by an outside custodian, such as a consignee, the internal auditor ordinarily obtains direct confirmation in writing from the custodian. Confirmation of consigned goods is most likely to be effective for the existence and rights-and-obligations assertions.
A.Observation and documentation are the most common forms of information for asset additions. B.Account balances but not individual sales transactions are normally confirmed. D.An examination of the patent document is the best information.
40.An internal auditor traces copies of sales invoices to shipping documents to determine that
A.Customer shipments were billed. B.Sales that are billed were also shipped. C.Shipments to customers were also recorded as receivables. D.The subsidiary accounts receivable ledger was updated.
Answer (B) is correct. The process described is tracing. It begins with a triggering event and determines whether the result was proper. If the invoices in the sample can be correctly matched with shipping documents, some assurance is given that items billed to customers are actually shipped.
A.The tracing procedure originated with a sample of billed sales; thus, all the items in the sample were billed. However, this procedure does not determine whether shipped items were billed. C.Receivables are not examined in this procedure. D.Receivables are not examined.
41.To test whether debits to accounts receivable represent valid transactions, the internal auditor should trace entries from the
A.Sales journal to the accounts receivable ledger. B.Accounts receivable ledger to the cash receipts journal. C.Accounts receivable ledger to sales documentation. D.Cash receipts documentation to the accounts receivable ledger.
Answer (C) is correct. The auditor wants to verify that recorded amounts are properly supported by originating events. This is accomplished through vouching. Only the two choices that involve tracking ledger entries back to a journal or source document describe a vouching procedure. A debit to accounts receivable is properly supported by a credit sale to a customer.
A.Tracing entries from the sales journal to the accounts receivable ledger tests whether credit sales were properly recorded in the accounts receivable ledger. It would not ensure that debit entries to accounts receivable represent valid sales. B.The internal auditor traces accounts receivable credit entries to the cash receipts journal to test whether those entries represent actual customer payments. D.Tracing entries from the cash receipts documentation to the accounts receivable ledger tests whether customer payments were credited to accounts receivable.
42.Vouching entails verifying recorded amounts by examining the underlying documents from the _____ documents to the _____ documents.
A.Final; original. B.Final; previous. C.Original; final. D.Original; subsequent.
Answer (A) is correct. Vouching entails verifying recorded amounts by examining the underlying documents from the final documents to the original documents. The engagement objective of working backward is to provide information that recorded amounts reflect valid transactions. Vouching supports the existence or occurrence assertion. Vouching is irrelevant to the completeness assertion, because the existence of records of some transactions does not prove that all transactions were recorded.
B.Vouching entails the examination of final documents to original documents. C.Vouching is designed to support the engagement objective of working backward to provide information that recorded amounts reflect valid transactions. D.It implies the comparison of the original to the next copy. Vouching entails examination from the final document to the original.
43.Shipping documents should be traced to and compared with sales records or invoices to
A.Determine whether payments are properly applied to customer accounts. B.Assure that shipments are billed to customers. C.Determine whether unit prices billed are in accordance with sales contracts. D.Ascertain whether all sales are supported by shipping documents.
Answer (B) is correct. The process described begins with a result (evidence of goods shipped) and tracks backwards to the triggering event (sale to a customer), i.e., vouching. The auditor is seeking assurance that the amounts billed to the customer agree with the agreed terms of the sale.
A.Shipping documents and sales records or invoices would not include payment information. C.Determining whether unit prices billed are in accordance with sales contracts is done by comparing invoices with sales contracts or price lists, noting the propriety of any discounts. D.All sales might not require shipping.
44.An internal auditor has set an engagement objective of identifying the existence of personality conflicts that are detrimental to productivity. Which of the following engagement techniques will best meet this objective?
A.Inspection of documents. B.Observation. C.Inquiry. D.Analytical review.
Answer (C) is correct. By interviewing selected individuals about the causes of inefficiencies, the internal auditor can expect to obtain input as to the existence and seriousness of personality conflicts that inhibit efficient and effective work.
A.Inquiry is the best technique to identify the existence of personality conflicts. B.Inquiry is the best technique to identify the existence of personality conflicts. D.Inquiry is the best technique to identify the existence of personality conflicts.
45.Which of the substantive field work procedures presented below provides the best information about completeness of recorded revenues?
A.Reconciling the sales journal to the general ledger control account. B.Vouching charges made to the accounts receivable subsidiary ledger to supporting shipping records. C.Vouching shipping records to the customer order file. D.Reconciling shipping records to recorded sales.
Answer (D) is correct. The completeness assertion relates to whether all transactions that should be presented are included. To test this assertion with regard to revenues from sales of goods shipped, the internal auditor might trace shipping documents to sales data to determine whether items shipped have been recorded as revenues. A.Reconciling the sales journal to the general ledger control account would fail to detect unrecorded sales, which would result in no entries to the sales journal or accounts receivable. B.Vouching charges made to the accounts receivable subsidiary ledger to supporting shipping records would fail to detect unrecorded sales, which would result in no entries to the sales journal or accounts receivable. C.Vouching shipping records to the customer order file merely establishes that goods shipped were ordered, not that they were recorded as sales.
46.An internal auditor has set an engagement objective of determining whether mail room staff is fully used. Which of the following engagement techniques will best meet this objective?
A.Inspection of documents. B.Observation.
C.Inquiry. D.Analytical review.
Answer (B) is correct. By observing mail room operations at various times on various days of the week, the internal auditor can note whether incoming or outgoing mail backlogs exist and whether mail room staff are busy on mail room activities, idle, or working on other projects.
A.Observation is the best technique to determine if the staff is fully used. C.Observation is the best technique to determine if the staff is fully used. D.Observation is the best technique to determine if the staff is fully used.
47.An internal auditor of an organization in the process of acquiring another organization has been requested to verify that cash for the organization being acquired is properly stated. The engagement technique that will yield the most persuasive piece of information is
A.Examining the organization’s escheatment account. B.Interviewing the organization’s chief financial officer and cash manager. C.Obtaining standard bank confirmations. D.Comparing current cash in the bank with previous accounting periods through analytical computations.
Answer (C) is correct. Standard bank confirmation requests confirm deposit and loan balances. They result in highly competent information because responses are prepared independently of organizational records. Moreover, they also may detect restrictions on cash.
A.Analytical information derived from organizational records is less compelling than information from an external source. An escheatment account records amounts, such as unclaimed wages, that must be paid to the government after the lapse of a period specified by law. B.Testimonial information obtained from organizational officials is not as strong as external information. D.Analytical computations are less likely to identify a major misstatement of cash than a bank confirmation.
48.For review of an accounting department’s bank reconciliation unit, which of the following is an appropriate engagement work program step for the review of canceled checks for authorized signatures?
A.Comparing the check date with the first cancellation date. B.Determining that all checks are to be signed by individuals authorized by the board. C.Examining a representative sample of signed checks and determining that the signatures are authorized in the organizational signature book. D.Completing the tests of controls over check signatures in 4 hours.
Answer (C) is correct. Cash disbursements must be properly authorized. The issuance of checks is performed by the treasury function after review of supporting documents, including a payment voucher prepared by the accounts payable department. Proper control procedures require that check-signing responsibility be limited to a few persons whose signatures are kept on file at the banks where the organization has accounts.
A.Comparing the check date with the first cancellation date has no bearing on reviewing for authorized signatures. B.Determining that all checks are to be signed by individuals authorized by the board is a statement of engagement objectives. D.Completing the tests of controls over check signatures in 4 hours is a time budget goal, not a work program step.
49.To ascertain that all credit sales are recorded in accounts receivable, an internal auditor should
A.Confirm selected accounts receivable balances by direct correspondence with customers. B.Trace from a sample of subsidiary ledger entries to related sales invoices and to related shipping documents. C.Trace from a sample of customer purchase orders to related shipping documents. D.Trace from a sample of shipping documents to related sales invoices and subsidiary ledger.
Answer (D) is correct.
To determine that all credit sales are recorded, the proper direction of testing is from the shipping records, such as bills of lading, to the sales invoices and the accounts receivable subsidiary ledger. Tracing supports the completeness assertion.
A.This procedure will not detect an unrecorded and unbilled receivable. B.This procedure will not detect an unrecorded and unbilled receivable. C.Comparing customer orders with shipping documents does not determine whether goods shipped were billed.
50.Fact Pattern: The legislative auditing bureau of a country is required to perform compliance engagements involving organizations that are issued defense contracts on a cost-plus basis. Contracts are clearly written to define acceptable costs, including developmental research cost and appropriate overhead rates. During the past year, the government has engaged in extensive outsourcing of its activities. The outsourcing included contracts to run cafeterias, provide janitorial services, manage computer operations and systems development, and provide engineering of construction projects. The contracts were modeled after those used for years in the defense industry. The legislative internal auditors are being called upon to expand their efforts to include compliance engagements involving these contracts. Upon initial investigation of these outsourced areas, the internal auditor found many areas in which the outsourced management has apparently expanded its authority and responsibility. For example, the contractor that manages computer operations has developed a highly sophisticated security program that may represent the most advanced information security in the industry. The internal auditor reviews the contract and sees reference only to providing appropriate levels of computing security. The internal auditor suspects that the governmental agency may be incurring developmental costs that the outsourcer may use for competitive advantage in marketing services to other organizations.
Q:The internal auditor is concerned about whether all the debits to the computer security expense account are appropriate expenditures. The most appropriate engagement procedure is to
A.Take an attribute sample of computing invoices and determine whether all invoices are properly classified. B.Perform an analytical review comparing the amount of expenditures incurred this year with the amounts incurred on a trend line for the past 5 years. C.Take an attribute sample of employee wage expenses incurred by the outsourcing organization and trace to the proper account classification. D.Take a sample of all debits to the account and investigate by examining source documents to determine the nature and authority of the expenditure.
Answer (D) is correct. The sample should be taken from the population of interest, that is, debits to the expense account. The proper engagement procedure is to vouch the accounting records back to the source documents.
A.The sample would be too broad to be efficient. The auditor is specifically interested in the debits to the account. B.Analytical procedures provide information as to whether the total expense is reasonable. They do not determine whether specific debits are correct. C.This procedure furnishes some information about the wage component of costs, but it is not relevant to other computer security costs.
51.Which of the following documents should the internal auditor examine to determine whether only authorized purchases are being accepted by the receiving department?
A.A bill of lading. B.A copy of the purchase order. C.An invoice. D.Policies and procedures for the receiving function.
Answer (B) is correct. In determining whether the accounts accurately reflect the obligations of the firm to vendors, the three items most useful to the auditor are purchase orders, receiving reports, and vendors’ invoices. The purchase order provides information as to whether the goods were actually ordered and are a voluntary obligation of the organization. The receiving report confirms that the proper amount was received and the liability recorded in the correct period. The vendor’s invoice confirms that the proper amount due has been recorded. An internal auditor will also be interested in the purchase requisitions to determine whether the purchase orders were properly authorized. However, the purchase order, not the requisition, is vital to determining the engagement client’s obligation.
A.A shipping document (bill of lading) received from the vendor cannot be used to determine whether the purchase was authorized. C.A billing notice (invoice) received from the vendor cannot be used to determine whether the purchase was authorized. D.Policies and procedures are not transaction documents.
52.Which of the following represents the most reliable information that a receivable actually exists?
A.A positive confirmation. B.A sales invoice. C.A receiving report. D.A bill of lading.
Answer (A) is correct. A confirmation is a direct communication between the internal auditor and the debtor. A positive confirmation is the most reliable kind of confirmation because it asks the debtor to respond regardless of whether (s)he agrees with the information given. The negative confirmation asks for a response only when the debtor disagrees. Positive confirmations are used when balances are large or the internal auditor believes that a substantial number of accounts are in dispute or contain errors or irregularities. The negative form is used when risk is low, balances are small, and the recipients are likely to give confirmation their consideration. Often, a combination of the two forms will be used.
B.The sales invoice was internally generated. Information obtained directly from outside sources is more reliable. C.A receiving report provides no information of a sale and a receivable. D.A bill of lading is less reliable than a confirmation. It has been under the control of the engagement client.
53.Which of the following procedures provides the most relevant information to determine the adequacy of the allowance for doubtful accounts receivable?
A.Confirm the receivables. B.Analyze the following month’s payments on the accounts receivable balances outstanding. C.Test the controls over the write-off of accounts receivable to ensure that management approves all write-offs. D.Analyze the allowance through an aging of receivables and an analysis of current economic data.
Answer (D) is correct. The purpose of an allowance for doubtful accounts is to state accounts receivable at net realizable value. Consequently, an appropriate method of estimating collectibility of the receivables should be applied. Because the probability of collection is inversely proportional to the age of the receivables, aging the
receivables provides information that is highly relevant. Current economic conditions are also relevant because collectibility varies with changes in the economic cycle.
A.Accounts receivable confirmations are more likely to be effective for the existence assertion than for the valuation and completeness assertions. B.Although subsequent collections provide the best information about collectibility, they do not indicate the value of uncollected receivables. C.Testing the controls over write-offs provides no information about valuation.
54.Which of the following procedures would provide the best evidence of the effectiveness of a credit-granting function?
A.Observe the process. B.Review the trend in receivables write-offs. C.Ask the credit manager about the effectiveness of the function. D.Check for evidence of credit approval on a sample of customer orders.
Answer (B) is correct. The purpose of the credit-granting function is to minimize write-offs while accepting sales likely to result in collection. Trend (time-series) analysis is an analytical procedure that relies on experience, i.e., the change in a variable over time. Thus, reviewing the trend in write-offs will provide some insight concerning the minimization of write-offs.
A.Observation will provide evidence about whether credit personnel are following standard procedures while being observed. However, because they know they are being observed, they will probably do what they believe they should do, not what they normally do. C.Responses from the credit manager will lack objectivity, a key attribute of reliable evidence. D.The credit limits may be set too high or not properly revised periodically. The existence of approval will not detect these problems.
55.An internal auditor has set an engagement objective of ascertaining the reasonableness of the increases in rental revenue resulting from operating costs passed on to the lessee by the landlord. The internal auditor has already inspected the lease contract to determine that such costs are allowed. Which of the following engagement procedures will best meet this objective?
A.Inspection of documents.
B.Observation. C.Inquiry. D.Analytical review.
Answer (D) is correct. Computation of the rates of increase in operating costs passed through to the lessee from period to period in relation to inflation rates provides an initial view of the reasonableness of the increases.
A.The internal auditor has already inspected the documents. B.Analytical review is required to ascertain the reasonableness of the increases. C.Analytical review is required to ascertain the reasonableness of the increases.
56.To control daily operating costs, an organization decreased the number of times a messenger service was used each day. Despite those measures, the monthly bill continued to increase. What procedure should the internal auditor use to detect whether improper services were being billed?
A.Reconcile a sample of messenger invoices to pickup receipts. B.Test the mathematical accuracy of a sample of messenger invoices. C.Scan ledger accounts and messenger invoices. D.Observe daily use of the messenger service.
Answer (A) is correct. When the amount charged for a service increases as an entity reduces its use of the service, the possibility exists that the entity is being charged for service not received. The internal auditor should reconcile a sample of messenger invoices to pickup receipts. By multiplying the number of trips authorized by the charge per trip, any discrepancy can be identified.
B.Multiplying the trips noted on the bills received by the rate specified on the bill will not identify the improper billing related to trips not carried out. C.Scanning of ledger accounts and bills received is not likely to uncover billings for trips not carried out unless particular bills on ledger entries seriously deviate from expectations. D.The internal auditor is unlikely to be able to observe usage of the messenger service for a long enough period. This procedure is not cost efficient.
57.To determine whether credit controls are inconsistently applied, preventing valid sales to creditworthy customers, the internal auditor should
A.Confirm current accounts receivable. B.Trace postings on the accounts receivable ledger. C.Analyze collection rates and credit histories. D.Compare credit histories for those receiving credit and for those denied credit.
Answer (D) is correct. Credit policy should maximize profits by balancing bad debt losses and the increase in sales derived from granting credit. One concern in an engagement to review credit management is whether credit policies and procedures are fairly administered.
A.If credit is not granted, there would be no sale, and thus no balance to confirm. B.If credit is not granted, there would be no sale, and thus no posting to trace. C.If credit is not granted, there would be no sale, and thus no receivables to collect.
58.An internal audit activity is planning an assurance engagement in the transportation department of a large engineering firm. The firm owns and operates a fleet of cars and trucks of various sizes. One engagement objective is to evaluate the department’s vehicle maintenance procedures. Which procedures are appropriate to this engagement objective? 1.
Interview service technicians to gather information about maintenance procedures.
2.
Compare costs for selected procedures with industry standards.
3.
Compare manufacturer maintenance guidelines with departmental procedures.
4.
Analyze vehicle losses.
A.1 and 2 only. B.1, 2, and 3 only. C.4 only. D.1, 2, 3, and 4.
Answer (D) is correct.
All the listed procedures are relevant to the engagement objective. Comparing department costs for selected procedures with industry standards provides information about cost control. Comparing manufacturer maintenance guidelines with department procedures provides information about the competence of the workforce. Analyzing vehicle losses determines whether improper maintenance was a cause. Interviewing service technicians to gather information about department maintenance procedures is part of obtaining an understanding of the transportation department’s procedures and whether they are being implemented correctly.
A.The internal auditors also should analyze vehicle losses and compare manufacturer maintenance guidelines with industry standards. B.The internal auditors also should analyze vehicle losses. C.Comparing costs for selected procedures with industry standards, comparing manufacturer maintenance guidelines with departmental procedures, and interviewing service technicians are relevant procedures.
59.Management has requested an audit of promotional expenses. The sales department has been giving away items in conjunction with new product sales to stimulate demand. The promotion is successful, but management believes the cost may be too high. The least useful procedure to determine the effectiveness of the promotion is
A.An analysis of marginal revenue and marginal cost for the promotion period and the prior period. B.A review of the sales department’s reasons for believing that the promotion has been successful. C.A comparison of product sales during the promotion period with sales during a similar nonpromotion period. D.A comparison of the unit cost of the products sold before and during the promotion period.
Answer (D) is correct. To determine the effectiveness of the promotion, the internal auditors may compare marginal revenue and marginal cost for the promotion period and the prior period. They may also review the sales department’s reasons for believing that the promotion has been successful or compare product sales during the promotion period with sales during a similar nonpromotion period. However, unit product costs are not relevant to evaluating the promotion.
A.An analysis of marginal revenue and marginal cost for the promotion period and the prior period is useful to determine the effectiveness of the promotion. B.A review of the sales department’s reasons for believing the promotion has been successful is useful in determining its effectiveness. C.A comparison of product sales during the promotion period with sales during a similar nonpromotion period is a relevant analytical procedure.
60.Inventory levels for a packing facility are controlled by just-in-time (JIT) methods. If the auditor’s objective is to evaluate ordering and stocking standards, which of the following procedures are relevant? 1)
Using audit software to compute the number of shipping crates used per day.
2)
Reviewing shipping records for product quantity and dates.
3)
Comparing actual stocking levels with industry averages.
4)
Reviewing sales records for unsatisfied customers.
A.3 only. B.1, 2, and 3 only. C.1, 2, and 4 only. D.2 and 3 only.
Answer (B) is correct. JIT inventory management attempts to eliminate inventory by reorganizing production arrangements and choosing suppliers who will deliver materials just in time, that is, when needed. It also limits output to the amount required by the next operation in the production process. To evaluate the just-in-time standards used for quality control, shipping output information (e.g., crates used, quantities, and dates) should be considered. Moreover, inventory levels should be compared with industry averages.
A.Inventory levels must be compared with industry averages. C.Reviewing sales records for unsatisfied customers may relate to product quality but not to ordering and stocking standards. D.The number of shipping crates used per day provides information about inventory control.
61.A charitable organization solicits donations by phone and e-mail. The generation of calling and mailing lists, the level of success of each solicitation, and the tracking of amounts pledged are performed electronically. Which of the following is the least satisfactory procedure for obtaining assurance about the completeness of recorded amounts pledged?
A.Review of recordings of phone calls and archives of e-mail messages. B.Analytical procedures comparing previous years’ per-call amounts pledged with this year’s. C.Random monitoring of phone calls and e-mail traffic.
D.Mailed confirmations of amounts owed to suppliers.
Answer (D) is correct. Confirmation is a standard procedure for testing accounts (pledges) receivable, although unrecorded pledges cannot be confirmed unless the auditor has other information about their existence. However, the ordinary audit issue is overstatement, not understatement. But confirming accounts payable is less effective because the major audit issue is that liabilities may be unrecorded and creditors unknown. Moreover, confirmation of amounts owed by the donee is not relevant to pledges of donations.
A.The information in recordings of phone calls and archives of e-mail messages can be compared with recorded pledges receivable and donations received. B.Analytical procedures comparing previous years’ per-call amounts pledged with this year’s may identify unusual and unexpected conditions. C.Random monitoring of phone calls and e-mail traffic may allow the auditor to obtain assurance regarding the completeness of amounts pledged.
62.An entity is beginning its budget cycle. Approval of the capital budget by the board of directors is the first step in the process. Until final approval, only the CEO and division vice presidents have access to it. During the multiple iterations of the capital budget, hard copies are printed and distributed to authorized persons or their administrative assistants. Which procedure should an internal auditor perform to gain assurance that IT personnel are not distributing the capital budget reports to unauthorized employees? 1.
Interviewing IT personnel responsible for programming the budgetary applications.
2.
Interviewing computer operations personnel and reviewing logs of abnormal program terminations.
3.
Reviewing the log signed by those receiving the reports.
4.
Interviewing all authorized personnel or their administrative assistants to determine whether they received the reports.
A.1 and 2 only. B.1 and 4 only. C.3 only. D.3 and 4 only.
Answer (C) is correct. Only determining that those taking possession of the reports must sign for them provides adequate assurance.
A.Neither interviewing IT personnel responsible for programming the budgetary applications or interviewing computer operations personnel and reviewing logs of abnormal program terminations provides assurance about whether unauthorized persons received the budget reports. B.Neither interviewing IT personnel responsible for programming the budgetary applications or interviewing all authorized personnel or their administrative assistants to determine whether they received the reports provides assurance about whether unauthorized persons received the budget reports. D.Interviewing all authorized personnel or their administrative assistants to determine whether they received the reports does not provide assurance about whether unauthorized persons received the budget reports. 63.Which audit procedure would be most effective to detect whether a particular employee may have been involved in the submission of payments to false vendors?
A.Send confirmations to a sample of vendors to determine whether they received proper payments. B.Implement an integrated test facility and monitor transactions throughout the year to identify unusual items. C.Implement the snapshot approach to tag unusually large increases related to the employee. D.Use generalized audit software to sort payments by employee, then by common addresses and names.
Answer (D) is correct. Using computer-assisted audit techniques (CAATs), including generalized audit software, may permit analysis of an entire population of information, not just a sample. To detect whether a specific employee submitted payments to false vendors, the procedures should include obtaining payment information sorted by the employee’s name and by vendor. The vendor information then can be compared with the master vendor list to determine whether the vendors (names and addresses) are legitimate.
A.Confirmations of liabilities to vendors are not effective because false vendors may respond. B.An ITF uses dummy transactions within an actual system to test programmed operating controls. It does not search for fake vendors. C.The snapshot method captures data at a specific point in the processing of transactions. It does not help to evaluate the legitimacy of vendors, but may detect inappropriate amounts.
64.A production manager for a moderate-sized manufacturer began ordering excessive raw materials and had them delivered to a wholesale business that the manager was running on the side. The manager falsified receiving documents and approved the invoices for payment. Which of the following procedures is most likely to detect this fraud?
A.Take a sample of cash disbursements; compare purchase orders, receiving reports, invoices, and check copies. B.Take a sample of cash disbursements; confirm the amount purchased, purchase price, and date of shipment with the vendors. C.Observe the receiving dock and count materials received; compare the counts with receiving reports completed by receiving personnel. D.Perform analytical tests, comparing production, materials purchased, and raw materials inventory levels; investigate differences.
Answer (D) is correct. The application of analytical procedures is based on the premise that, in the absence of known conditions to the contrary, relationships among information may reasonably be expected to exist and continue. Thus, the analytical procedures should identify an unexplained increase in materials used.
A.Given that documents have been falsified, supporting documents exist for each cash disbursement. B.The vendors will confirm all transactions. C.Given that the improper orders are shipped to another location, observing receiving dock counts will not detect the fraud.
65.The internal auditor reviewed documentation showing that a customer had recently returned three expensive products to the regional service center for warranty replacement. The documentation also showed that the warranty clerk had rejected the claim and sent it to the customer’s local distributor. The claim was rejected because the serial numbers listed in the warranty claim were not found in the computer’s sales history file. Subsequently, the distributor supplied three different serial numbers, all of which were validated by the computer system, and the clerk completed the warranty claim for replacements. What is the best course of action for the internal auditor under the circumstances?
A.Determine if the original serial numbers provided by the customer can be traced to other records, such as production and inventory records.
B.Notify the appropriate authorities within the organization that there are sufficient indicators that a fraud has been committed. C.Verify with the appropriate supervisor that the warranty clerk had followed relevant procedures in the processing and disposition of this claim.
D.Summarize this item along with other valid transactions in the internal auditor’s test of warranty transactions.
Answer (A) is correct. The internal auditor should determine whether the related equipment was actually reported in a sales transaction. This procedure allows the auditor to draw preliminary conclusions as to whether this is a case of error or of fraud.
B.The internal auditor should pursue additional information before alerting authorities. C.Verifying that the warranty clerk followed procedures does not provide more information about the validity of the warranty claim. D.The internal auditor should obtain more information about the validity of the transaction.
66.While reviewing a division’s accounts, an internal auditor becomes concerned that the division’s management may have shipped poor quality merchandise to boost sales and profitability and thereby increase the manager’s bonus. For this reason, the internal auditor suspects that returned goods are being shipped to other customers as new products without full correction of their defects. Which of the following engagement procedures is the least effective in determining whether such shipments took place?
A.Examine credit memos issued after year end for goods shipped before year end. B.Physically observe the shipping and receiving area for information of returned goods. C.Interview customer service representatives regarding unusual amounts of customer complaints. D.Require the division to take a complete physical inventory at year end, and observe the taking of the inventory.
Answer (D) is correct. Taking a complete year-end inventory is an ineffective procedure. Goods returned and reshipped without the correction of defects are not on hand to be counted.
A.Credit memos provide the customer with proof that returned goods have been received by the organization and posted to the customer’s account. Examining credit memos issued after year end for goods shipped before year end would show that customers are returning inferior goods. B.Physically observing the shipping and receiving area might reveal goods returned that are not yet accounted for. C.Unusual amounts of customer complaints may suggest a condition not explained by normal spoilage rates.
67.During a post-completion engagement related to a warehouse expansion, the internal auditor noted several invoices for redecorating services from a local merchant that were account-coded and signed for payment only by the cost engineer. The internal auditor should
A.Compare the cost and description of the services with the account code used in the construction project and with related estimates in the construction-project budget. B.Consult with the cost engineer for assurance that these purchases were authorized for this construction project. C.Obtain a facsimile of the cost engineer’s signature from the accounts payable group and compare it with the signature on the invoices. D.Recommend reclassifying the expenditure to the appropriate account code for redecorating services.
Answer (A) is correct. The internal auditor needs to determine the validity of the transaction because the engineer is performing incompatible tasks. Comparing the cost and description of the services with the account code and the budget will verify the transaction. However, normal controls over disbursements need to be established. B.The cost engineer’s assurance would not confirm the authorization of these expenditures. C.The primary focus is the validity of the transaction within this construction project. D.There is no basis for reclassifying the transaction within this context.
68.Contributions to a nonprofit organization have been constant for the past 3 years. The audit committee has become concerned that the president may have embarked on a scheme in which some of the contributions from many sustaining members have been redirected to other organizations. The audit committee suspects that the scheme may involve taking major contributions and depositing them in alternative accounts or soliciting contributions to be made in the name of another organization. Which of the following procedures should be most effective in detecting the existence of such a fraud?
A.Use generalized audit software to take a sample of pledged receipts not yet collected and confirm the amounts due with the donors. B.Take a sample that includes all large donors for the past 3 years and a statistical sample of others and request a confirmation of total contributions made to the organization or to affiliated organizations. C.Take a discovery sample of cash receipts and confirm the amounts of the receipts with the donors. Investigate any differences.
D.Use analytical review procedures to compare contributions generated with those of other comparable institutions over the same period of time. If the amount is significantly less, take a detailed sample of cash receipts and trace to the bank statements.
Answer (B) is correct. The engagement objective is to determine whether contributions have been wrongly directed to alternate accounts or solicited for other organizations. Consequently, an appropriate procedure is to send confirmation requests to donors. However, testing transactions recorded by the accounting system will not result in sufficient information about solicitation of contributions for other organizations. The internal auditor must therefore make inquiries of the sustaining members about such solicitations.
A.Sampling amounts listed as unpaid does not provide evidence about contributions previously paid or shifted to another organization. C.Sampling cash receipts that have been recorded by the organization provides no evidence about unrecorded receipts or contributions diverted elsewhere. D.Analytical procedures are of limited use. Also, the follow-up procedure only provides evidence that recorded receipts were also deposited.
69.The internal auditor suspects a disbursements fraud in which an unknown employee(s) is submitting and approving invoices for payment. Before discussing the potential fraud with management, the internal auditor decides to gather additional information. Which of the following procedures is most helpful in providing the additional information?
A.Use software to develop a list of vendors with post office box numbers or other unusual features. Select a sample of those items and trace to supporting documents such as receiving reports. B.Select a sample of payments made during the year and investigate each one for approval. C.Select a sample of receiving reports representative of the period under investigation and trace to approved payment. Note any items not properly processed. D.Take a sample of invoices received during the past month, examine to determine whether properly authorized for payment, and trace to underlying documents.
Answer (A) is correct. A payment (disbursement) fraud may be accomplished through the use of fictitious vendors. Investigating vendors with suspicious characteristics appropriately focuses on payees as sources of additional information.
B.The individual perpetrating the fraud may have been in a position to obtain approvals.
C.The problem is more likely to be with payments for which no valid support exists. D.Sampling invoices for the past month is not as effective as investigating suspicious vendors. It focuses only on a short period of time, and it does not emphasize the items most likely to be fraudulent.
70.During an engagement, the internal auditor found a scheme in which the warehouse director and the purchasing agent for a retail organization diverted a significant amount of goods to their own warehouse, then sold the goods to third parties. The fraud was not noted earlier because the warehouse director forwarded receiving reports (after updating the perpetual inventory records) to the accounts payable department for processing. Which of the following procedures most likely led to the discovery of the missing materials and the fraud?
A.Take a random sample of receiving reports and trace to the recording in the perpetual inventory record. Note differences and investigate by type of product. B.Take a random sample of purchase orders and trace them to receiving documents and to the records in the accounts payable department. C.Take an annual physical inventory, reconciling amounts with the perpetual inventory, noting the pattern of differences and investigating. D.Take a random sample of sales invoices and trace to the perpetual records to see if inventory was on hand. Investigate any differences.
Answer (C) is correct. Taking an annual physical inventory should lead to the identification of systematic shrinkages in the inventory. The pattern of the shrinkages should implicate the warehouse director. At that time, a fraud investigation should be undertaken.
A. Sampling receiving reports would not have detected the fraud. The warehouse director updates the perpetual inventory records before forwarding the false receiving reports to accounts payable. B.Taking a sample of purchase orders would not have detected the irregularities. All the goods were ordered, and the perpetrators colluded to falsify receiving reports even when the goods were diverted to another location. D.The warehouse director falsified the inventory records.
71.An internal auditor becomes concerned that fraud, in the form of payments to bogus entities, may exist. Buyers, who are responsible for all purchases for specific product lines, are able to approve expenditures up to US $50,000 without any other approval. Which of the following procedures would be most effective in addressing the internal auditor’s concerns?
A.Use generalized audit software to list all purchases over US $50,000 to determine whether the expenditures were properly approved. B.Develop a “snapshot” technique to trace all transactions by suspected buyers. C.Use generalized audit software to take a random sample of all expenditures under US $50,000 to determine whether the expenditures were properly approved. D.Use generalized audit software to list all major vendors by product line; select a sample of paid invoices to new vendors and examine information indicating that services or goods were received.
Answer (D) is correct. The primary use of generalized audit software (GAS) is to select, sort, and summarize a client’s records for additional testing. These packages allow the internal auditor to examine many more records than otherwise possible with far greater speed and accuracy. Examining a sample of paid invoices to new vendors and searching for indications that goods or services were actually received could reveal fraudulent invoices.
A.Purchases above US $50,000 must be approved by someone other than the buyer. B.The snapshot captures data at a specific point in the processing stream. Thus, it does not provide information on the validity of the transaction. C.The issue is not whether the buyer approved a transaction but whether the approval was valid.
72.Fact Pattern: Bank management suspects that a bank loan officer frequently made loans to fictitious entities, disbursed loan proceeds to personally established accounts, and then let the loans go into default. Some pertinent facts about the loan officer include
A high standard of living, explained as the result of sound investments and not taking vacations;
An expensive personal car obtained through business contacts;
Gasoline and repair bills submitted for a car assigned by the bank that are higher than the organization’s average (mileage logs were submitted on a quarterly basis); and
Marked annoyance with questions from internal auditors.
Q:The extent of loans made to fictitious borrowers by the loan officer could best be determined by
A.Reviewing a representative sample of the loan officer’s transactions for compliance with bank policies and procedures. B.Reviewing a representative sample of loan files for properly completed documents, such as loan agreements, credit approvals, and approval of secured collateral.
C.Comparing current loan approval balances with those of prior years. D.Requesting positive confirmations for all outstanding loans made by the loan officer.
Answer (B) is correct. Reviewing a representative sample of loan files for properly completed documents, such as loan agreements, credit approvals, and approval of secured collateral, could uncover fictitious borrowers (secured collateral would be difficult to obtain for a fraudulent loan).
A.A review for compliance would not show which loans were made to fictitious borrowers.3 C.The loan officer’s level of activity might be higher or lower without regard to fraudulent activity. D.Positive confirmations could easily be made by the perpetrator.
73.Fact Pattern: Bank management suspects that a bank loan officer frequently made loans to fictitious entities, disbursed loan proceeds to personally established accounts, and then let the loans go into default. Some pertinent facts about the loan officer include A high standard of living, explained as the result of sound investments and not taking vacations; An expensive personal car obtained through business contacts; Gasoline and repair bills submitted for a car assigned by the bank that are higher than the organization’s average (mileage logs were submitted on a quarterly basis); and Marked annoyance with questions from internal auditors.
Q:The extent of loans made to fictitious borrowers by the loan officer is least likely to be discovered by
A.Analyses of the number of loans made by each loan officer. B.Analysis of total monetary volume of loans by loan officer. C.External audits of loan files. D.Reconciliation of total loans outstanding to the general ledger balance.
Answer (D) is correct. Reconciling outstanding loans to the general ledger will not detect fraud because the fraudulent loans will be properly accounted for. The loan officer received the loans by manipulating actual loan documents, not by merely taking the money.
A.An excessive number of loans may suggest suspicious activity. B.An excessive amount of loans may suggest suspicious activity. C.An external audit should detect the fraud.
74.Fact Pattern: Bank management suspects that a bank loan officer frequently made loans to fictitious entities, disbursed loan proceeds to personally established accounts, and then let the loans go into default. Some pertinent facts about the loan officer include A high standard of living, explained as the result of sound investments and not taking vacations; An expensive personal car obtained through business contacts; Gasoline and repair bills submitted for a car assigned by the bank that are higher than the organization’s average (mileage logs were submitted on a quarterly basis); and Marked annoyance with questions from internal auditors.
Q:The most appropriate trend analysis to indicate this potential fraud is
A.Loan default rates by loan officer. B.Accumulation of unpaid vacation days. C.Automobile operating expenses by loan officer. D.Total monetary volume of loans by loan officer.
Answer (A) is correct. Trend analysis should detect an unexplained increase in the default rate caused by bogus loans.
B.Trend analysis would not detect annual vacation not taken C.Although trend analysis could detect higher than average expenses for operation of the car, these expenses have no relationship to suspected fraudulent loans. D.The default rate is a better indicator than monetary volume.
75.Purchases from two new vendors increased dramatically after a new buyer was hired. The buyer was obtaining kickbacks from the two vendors based on sales volume. A possible means of detection is
A.Periodically surveying vendors regarding potential buyer conflict of interest or ethics violations. B.The receipt of an invoice to put new vendors on the master file. C.The use of purchase orders for all purchases. D.The use of change analysis and trend analysis of buyer or vendor activity.
Answer (D) is correct. The abrupt increase in business awarded to the vendors will be indicated by change and trend analysis.
A.If the vendor is in collusion with the buyer, either no response or an incorrect response will be elicited. B.The receipt of an invoice to put new vendors on the master file will not detect an improper choice of vendors. C.The use of purchase orders for all purchases will not detect an improper choice of vendors.
76.One remote unit’s petty cash custodian, because of the small staff, also had responsibility for the imprest fund checking account reconciliation. The cashier concealed a diversion of funds by altering the beginning balance on the monthly reconciliations sent to the group office. A possible engagement procedure to detect this fraud is to
A.Compare monthly balances and use change and trend analysis. B.Require additional monitoring by headquarters whenever improper segregation of duties exists at remote units. C.Determine whether any employees have high personal debt. D.Determine whether any employees are leading expensive lifestyles.
Answer (A) is correct. Comparing the beginning balance one month with the ending balance of the prior month is a means of uncovering this fraud. Applying analytical procedures is also a way to detect the diversion of funds. It will isolate unexpected and unexplained fluctuations.
B.Requiring additional monitoring whenever improper segregation of duties exists is not always possible or desirable and is not necessarily cost justified.
C.Rumors about personal finances may be unfounded, and it may be illegal to make inquiries without the employee’s knowledge. D.Rumors about personal finances may be unfounded, and it may be illegal to make inquiries without the employee’s knowledge.
77.A subsidiary president terminated a controller and hired a replacement without the required organizational approvals. Sales, cash flow, and profit statistics were then manipulated by the new controller and president via accelerated depreciation and sale of capital assets to obtain larger performance bonuses for the controller and the subsidiary president. An approach that might detect this fraudulent activity is
A.Analysis of overall management control for segregation of duties. B.Required exit interviews for all terminated employees. C.Periodic changes of outside public accountants. D.Regular analytical review of operating divisions.
Answer (D) is correct. Analytical procedures permit evaluations of financial information made by a study and comparison of the relationships among data. The premise is that certain relationships prevail in the absence of known conditions to the contrary. Analytical procedures identify such things as the existence of unusual transactions and events and amounts, ratios, and trends that might indicate matters that have financial statement ramifications. Deviations from expectations should be investigated and the reasons therefore determined.
A.Analysis of segregation of duties will not detect fraudulent activity; it merely indicates where opportunity exists. B.Exit interviews are not effective at the officer level. Most individuals will not want to compromise severance arrangements. C.Changing outside auditors will not necessarily result in more effective audits.
78.Fact Pattern: An internal auditor is investigating the performance of a division with an unusually large increase in sales, gross margin, and profit.
Q:Assume that the analysis shows unusually high sales and gross margin during the months of November and December and the internal auditor wishes to investigate further. Which of the
following engagement procedures will be most effective in analyzing whether fraudulent sales may have been recorded?
A.Take a sample of shipping documents and compare them with the related sales invoices, noting that all items were properly billed. B.Confirm accounts receivable with large customers. C.Perform an analytical review comparing sales and gross margin with the previous 10 months and the first month of the following year. D.Use regression analysis techniques for the first 10 months to estimate the sales and cost of goods sold for the last 2 months.
Answer (B) is correct. If fictitious sales are recorded, the most likely corresponding debit is to accounts receivable. Confirmation provides independent information about the validity of receivables. Thus, confirming receivables is an effective procedure assuming that the customers are willing to respond. The best alternative is to vouch recorded sales to the underlying documents.
A.Sampling shipping documents only provides information that shipments were billed. The issue is whether sales have been recorded for shipments not made. C.Analytical procedures, such as regression analysis, have already been performed and indicate the possibility of a misstatement. The internal auditor now needs to perform detailed tests to determine the existence of misstatements. D.Analytical procedures, such as regression analysis, have already been performed and indicate the possibility of a misstatement. The internal auditor now needs to perform detailed tests to determine the existence of misstatements.
79.The auditor of a construction company that builds foundations for bridges and large buildings performed a review of the expense accounts for equipment (augers) used to drill holes in rocks to set the foundation for the buildings. During the review, the auditor noted that the expenses related to some of the auger accounts had increased dramatically during the year. The auditor inquired of the construction manager who offered the explanation that the augers last two to three years and are expensed when purchased. Thus, the auditor should see a decrease in the expense accounts for these augers in the next year but would expect an increase in the expenses of other augers. The auditor also found out that the construction manager is responsible for the inventorying and receiving of the augers and is a part owner of a company that supplies augers to the company. The supplier was approved by the president of the company to improve the quality of equipment. Which of the following procedures is the least appropriate engagement procedure to address these analytical observations?
A.Note the explanation in the workpapers for investigation during the next engagement and perform no further work at this time. B.Develop a comparative analysis of auger expense over the past few years to determine if the relationship held in previous years. C.Take a sample of debits to the auger expense account and trace to independent shipping documents and to invoices for the augers. D.Arrange to take an inventory of augers to determine if the augers purchased this year were on hand and would be available for use in the next 2 years.
Answer (A) is correct. Performing no further work is the least appropriate engagement procedure because it defers the investigation to the following year. The construction manager’s conflict of interest provides the motive for fraud, and the ineffective controls allow its commission and concealment.
B.A comparative analysis is an effective procedure to establish the reasonableness of the manager’s explanation. If the relationship is valid, it should also have held in previous years. C.The internal auditor should obtain independent information as to whether the goods invoiced were received. The internal auditor should search for receiving reports signed by parties other than the construction manager and should verify that those individuals exist. The construction manager is in a position to bill the organization for more augers than are actually received and to conceal the shortage. D.Taking an inventory of the augers enables the internal auditor to verify their existence and condition.
80.Which of the following procedures would be most helpful in providing additional evidence when an auditor suspects that an unidentified employee is submitting and approving invoices for payment?
A.Use generalized audit software to identify invoices from vendors with post office box numbers or other unusual features. Select a sample of those invoices and trace to supporting documents such as receiving reports. B.Select a sample of payments made during the year and investigate each one for approval. C.Select a sample of receiving reports representative of the period under investigation and trace to approved payment. Note any items not properly processed. D.Select a sample of invoices paid during the past month and trace them to appropriate vendor accounts.
Answer (A) is correct.
The internal auditor suspects an employee of committing payment fraud (payment for fictitious goods or services, overstatement of invoices, or use of invoices for personal reasons). To obtain evidence, the internal auditor should review a representative sample of invoices and trace them to receiving reports. In this context, a representative sample includes invoices for the period under review or with characteristics of fraud, e.g., post office box numbers or other unusual features. Tracing the invoices to receiving reports provides evidence of whether the invoiced goods were received.
B.The sample is too broadly defined, and evidence of approval does not mean the goods were actually received. C.Selecting a sample of receiving reports does not test whether any invoices during the period were not supported by receiving reports. D.The period from which the invoices are selected is likely too short, and tracing the invoices to the appropriate vendor accounts does not confirm whether the invoiced goods were received.
81.An engagement objective is to determine whether an organization’s liabilities for accounts payable are complete. Which audit procedure is not relevant to this objective?
A.Examine documents supporting cash payments after the end of the period and verify the period of liability. B.Send confirmations of zero-balance accounts to vendors with which the organization normally does business. C.Select a sample of accounts payable transactions from the accounts payable listing dated near the end of the current period and the beginning of the following period. D.Trace receiving reports issued before the period end to the related vendor invoices and accounts payable listing.
Answer (C) is correct. The completeness assertion is that all legitimate accounts payable have been recorded. Thus, the auditor’s procedures must address whether all accounts payable that should have been recorded were recorded. Selecting a sample of accounts payable at the end of the current period and beginning of the following period tests the cutoff. It provides little evidence of completeness for the population being tested.
A.Payments in the subsequent period may indicate that the related accounts payable should have been recorded in the prior period. B.This procedure detects unrecorded accounts payable. Zero-balance accounts ordinarily should be tested. D.Tracing receiving reports from before the end of the period to invoices and the accounts payable listing provides evidence that liabilities for these shipments are included in accounts payable.
82.An internal auditor is considering whether the amount of cash is accurately recorded on the financial statements. All of the following are appropriate engagement procedures for the objective except
A.Examining bank reconciliations and confirming bank balances. B.Comparing cash receipt lists with the receipts journal and bank deposit slips. C.Verifying cutoff of receipts and disbursements. D.Adding totals of reconciliations and comparing with cash account balances.
Answer (B) is correct. Comparing cash receipt lists with the receipts journal and bank deposit slips is an appropriate engagement procedure relevant to the objective of safeguarding cash receipts. But it does not provide evidence of accuracy.
A.Testing the bank reconciliation determines whether the bank balance per books is the same as the reported cash in the bank except for such reconciling items as outstanding checks, deposits in transit, and bank charges. The direct receipt of a bank confirmation verifies the amount for cash in the bank stated on the reconciliation. C.A cutoff bank statement provides independent information about the reconciling items. For example, a deposit in transit should appear in the cutoff bank statement. D.Adding items in the reconciliation tests for arithmetic accuracy. The bank balance in the general ledger should be the same as that in the reconciliation.
83.Which of the following engagement procedures provides the best information about the collectibility of notes receivable?
A.Confirmation of note receivable balances with the debtors. B.Examination of notes for appropriate debtors’ signatures. C.Reconciliation of the detail of notes receivable and the provision for uncollectible amounts to the general ledger control. D.Examination of cash receipts records to determine promptness of interest and principal payments.
Answer (D) is correct. The best information about the collectibility (valuation) of notes receivable lies in actual cash collections. Nonpayment or late payment may bear unfavorably on the possibility of collection. An internal auditor also normally sends positive confirmations to the makers and holders and inspects the notes to verify maturity dates and other terms.
A.Confirmation establishes existence, not collectibility. B.Inspection helps verify the validity (not collectibility) of the notes. C.Reconciliation merely tests bookkeeping procedures.
84.An engagement to review payroll is least likely to include
A.Tests of computations for gross and net wages. B.Comparison of payroll costs to budget. C.Tracing a sample of employee names to employment records in the personnel department. D.Observing the physical distribution of paychecks.
Answer (D) is correct. Most organizations large enough to have an internal audit activity do not physically distribute paychecks on a regular basis. Moreover, observing the physical distribution of paychecks is usually regarded as an extended procedure most applicable to fraud engagements.
A.Tests of computations for gross and net wages are standard. B.Comparison of payroll costs to budget is standard. C.Tracing a sample of employees to personnel records is standard.
85.To determine the competence of the personnel in the purchasing department, an internal auditor most likely should perform
A.Analytical procedures. B.Inquiries of the staff. C.Tests of controls. D.Substantive procedures.
Answer (B) is correct. Inquiry of the purchasing staff, especially management, allows the auditor to evaluate the qualifications, professionalism, and performance of the purchasing department’s staff.
A.Analytical procedures provide an understanding of certain financial relationships within the purchasing department but do not measure staff competence. C.Tests of controls determine whether controls are effective but do not necessarily directly test the competence of staff. D.Substantive procedures test whether an objective has been achieved. They do not directly test the competence of personnel.
86.Shipments are made from the warehouse based on customer purchase orders. The matched shipping documents and purchase orders are then forwarded to the billing department for sales invoice preparation. The shipping documents are neither accounted for nor prenumbered. Which of the following substantive tests should be extended as a result of this control weakness?
A.Select sales invoices from the sales register and examine the related shipping documents. B.Select bills of lading from the warehouse and trace the shipments to the related sales invoices. C.Foot the sales register and trace the total to the general ledger. D.Trace quantities and prices on the sales invoice to the customer purchase order and test extensions and footings.
Answer (B) is correct. When shipping documents are neither accounted for nor prenumbered, unrecorded sales are likely to result. Selecting bills of lading and tracing them to sales invoices will test that goods shipped were billed.
A.Selecting sales invoices from the sales register will not detect unrecorded sales. C.Testing the sales register will not detect unrecorded sales.
D.Testing sales invoices will not detect unrecorded sales.
87.Fact Pattern: A purchasing agent acquired items for personal use with the organization’s funds. The organization allowed designated employees to purchase a specified amount per day in merchandise under open-ended contracts. Supervisory approval of the purchases was required, but that information was not communicated to the vendor. Instead of reviewing and authorizing each purchase order, supervisors routinely signed the authorization sheet at the end of the month without reviewing any of the supporting documentation. Because purchases of this nature were not subject to normal receiving policies, the dishonest employee picked up the supplies at the vendor’s warehouse. All purchases were for items routinely ordered by the organization. During the past year, the employee amassed enough merchandise to start a printing and photography business.
Q:Which of the following engagement procedures, performed by the internal auditor, is most likely to detect this fraud?
A.Tracing selected canceled checks to the cash payments journal and to the related vendors’ invoices. B.Performing a trend analysis of printing supplies expenses for a 2-year period. C.Tracing prices and quantities on selected vendors’ invoices to the related purchase orders. D.Recomputing the clerical accuracy of selected vendors’ invoices, including discounts and sales taxes.
Answer (B) is correct. A basic premise underlying the application of analytical procedures is that plausible relationships among data may reasonably be expected to exist and continue in the absence of known conditions to the contrary. Thus, performing a trend analysis of printing supplies expenses for a 2-year period should identify an excess use of supplies.
A.A legitimate vendor’s invoice existed for each cash payment related to this fraud. C.The issue is not whether the quantities ordered by the customer were billed but whether the transactions are authorized. D.The issue is not whether the invoices are accurate but whether the transactions are authorized.
88.An engagement objective is to determine if a company’s accounts payable contain all outstanding liabilities. Which of the following audit procedures would not be relevant for this objective?
A.Examine supporting documentation of subsequent (after-period) cash disbursements and verify period of liability. B.Send confirmations, including zero-balance accounts, to vendors with whom the company normally does business. C.Select a sample of accounts payable from the accounts payable listing and verify the supporting receiving reports, purchase orders, and invoices. D.Trace receiving reports issued before the period end to the related vendor invoices and accounts payable listing.
Answer (C) is correct. The assertion being tested here is completeness: Are all legitimate liabilities recorded as such? Thus, the auditor’s procedures must address whether all accounts payable that should have been recorded were recorded. Vouching a sample of payables, which by definition have already been recorded, to supporting documentation will not accomplish this.
A.This procedure identifies payments for accounts payable that should have been recorded in the prior period but were not. B.This procedure identifies amounts not included in accounts payable. Zero-balance accounts should be verified as part of the process. D.Tracing receiving reports from before the end of the period to invoices and the payables listing ensures that liabilities for these shipments are included in accounts payable.
89.The purpose of including a time budget in an engagement work program is to
A.Provide an objective means of evaluating the internal auditor’s competence. B.Ensure timely completion of the engagement. C.Provide a means of controlling and evaluating the progress of the engagement. D.Restrict the scope of the engagement.
Answer (C) is correct. Supervision includes, among other things, ensuring the approved engagement program is completed unless changes are justified and authorized. For this purpose, a time budget is necessary to evaluate and control the progress of the engagement. It permits comparison of the actual time spent on a procedure with its allotted time.
A.Whether an internal auditor remains within the time budget is affected by many factors other than professional competence. B.The establishment of a budget cannot ensure that work will be completed on a timely basis. D.A time budget is not intended to limit the scope of the engagement.
90.One of the primary roles of an engagement work program is to
A.Serve as a tool for planning and conducting engagement work. B.Document an internal auditor’s evaluations of controls. C.Provide for a standardized approach to the engagement. D.Assess the risks associated with the activity under review.
Answer (A) is correct. Among other things, work programs state the objectives of the engagement, identify technical requirements, and state the nature, extent, and timing of testing required.
B.Engagement workpapers include results of control evaluations. C.The work program may not be consistent from year to year given the changing conditions to which the engagement client must adapt. Since the work program must reflect the current year’s situation, standardization may not be appropriate. D.The risk assessment in the planning phase helps to identify objectives, a step that must be taken before the work program can be developed.
91.Engagement work programs testing controls ordinarily must
A.Be specifically designed for each operation evaluated. B.Be generalized to fit all situations without regard to departmental lines. C.Be generalized so as to be usable at all locations of a particular department. D.Reduce costly duplication of effort by ensuring that every aspect of an operation is examined.
Answer (A) is correct. A work program must be adapted to the specific needs of the engagement after the internal auditor establishes the engagement objectives and scope and determines the resources required. A pro forma
(standard) work program is not appropriate for a complex or changing environment. Its stated objectives and procedures may no longer be relevant.
B.A work program must allow for variations resulting from changing circumstances and varied conditions. C.A generalized program cannot consider variations in circumstances and conditions. D.Every aspect of an operation need not be examined. Only those likely to conceal problems and difficulties must be considered.
92.An internal auditor has just completed a survey to become familiar with the organization’s payroll operations as part of an unplanned engagement. Which of the following most likely is performed next?
A.Assign internal audit personnel. B.Establish initial engagement objectives. C.Write the engagement work program. D.Conduct field work.
Answer (C) is correct. The survey allows the internal auditor to become familiar with the engagement client and therefore provides input to the work program.
A.Internal audit personnel are usually assigned before the survey. B.Initial objectives for an unplanned engagement address the issues that prompted the engagement. Accordingly, objectives are specified before the survey. D.Field work can be performed only after the work program has been written and approved. Thus, field work cannot immediately follow the survey.
93.Writing an engagement work program most likely occurs at which stage of the engagement?
A.During the planning stage. B.Subsequent to evaluating risk management and control systems. C.As the engagement is performed.
D.At the end of each engagement when the standard work program should be revised for the next engagement to ensure coverage of noted problem areas.
Answer (A) is correct. The engagement work program is the culmination of the planning stage.
B.The work program states the procedures to be followed during the engagement (The IIA Glossary). It normally is the culmination of the planning stage. C.The work program normally is written during the planning stage, not as the engagement is performed. However, the work program may be modified during the engagement. D.Although revising the work program at the end of one engagement for the next engagement is allowed, it should still be written during the planning phase.
94.A work program for a comprehensive assurance engagement to evaluate a purchasing function should include
A.Procedures arranged by relative priority based upon perceived risk. B.A statement of the engagement objectives for the operation under review with agreement by the engagement client. C.Procedures to accomplish engagement objectives. D.A focus on risks affecting the financial statements as opposed to controls.
Answer (C) is correct. Work programs are a necessary part of engagement planning. They include the procedures for collecting, analyzing, interpreting, and documenting information during the engagement.
A.Engagement procedures normally are arranged in an order that will most efficiently complete the work program. B.Engagement objectives are stated, but they do not need to be agreed to by the engagement client. D.The engagement should not be narrowly focused on the reliability and integrity of financial information.
95.A standard engagement work program is not appropriate for which situation?
A.A stable operating environment undergoing only minimal changes. B.A complex or changing operating environment. C.Multiple locations with similar operations. D.Subsequent engagements to provide assurance about inventory performed at same location.
Answer (B) is correct. A standard work program is not appropriate for a complex or changing operating environment. The engagement objectives and related procedures may no longer be relevant.
A.A standard work program is appropriate for use in a minimally changing operating environment. It may save effort and provide continuity. C.A standard work program can be used for engagements at multiple locations with similar operations if the same activities, risks, and controls are present. D.A standard work program is acceptable for conducting subsequent inventory engagements at the same location if the inventory functions performed have not varied substantially.
96.Field work is a systematic process of objectively gathering information about an entity’s operations, evaluating it, and determining whether those operations meet acceptable standards. Which of the following is not part of the work performed during field work?
A.Expanding or altering engagement procedures if circumstances warrant. B.Applying the engagement work program to accomplish engagement objectives. C.Creating workpapers that document the engagement. D.Developing a written engagement work program.
Answer (D) is correct. The engagement work program is the culmination of the planning process.
A.Engagement procedures, including the testing and sampling techniques employed, should be selected in advance, if practicable and expanded or altered if necessary. Thus, work programs may be modified during the field work, that is, during the course of the engagement. B.Field work involves carrying out the work program to identify, analyze, evaluate, and record sufficient information to achieve the engagement objectives.
C.Workpapers are prepared during field work to record the information obtained and the analyses made and to support the bases for the observations, conclusions, and recommendations to be reported.
97.The action taken by an internal auditor who discovers a significant area not included in the engagement work program should be to
A.Evaluate whether completion of the engagement as planned will be adequate. B.Perform the additional work deemed necessary without regard to the additional time needed to complete the engagement. C.Continue the engagement as planned and include the unforeseen area in a subsequent engagement. D.Document the observation in the workpapers and take no further action until instructed to do so.
Answer (A) is correct. A work program documents engagement procedures selected in advance but should be modified, as appropriate, during the course of the engagement. The work program must be approved prior to its implementation, and any adjustments approved promptly (Impl. Std. 2240.A1). Work programs are necessarily tentative because the internal auditors are likely to encounter unexpected situations while performing detailed procedures. If they learn that a significant area is not covered, the internal auditors must determine whether they can achieve the engagement objectives and satisfy their professional responsibilities without modification of the work program. Modification will necessitate consultation with superiors to obtain authorization to adjust time and financial budgets.
B.Changes in the engagement budgets should be authorized by appropriate persons. C.Review of the unforeseen area may be necessary to achieve current engagement objectives. D.The internal auditor must determine whether changes in the work program are needed. 98.An internal auditing supervisor reviewed the system of controls and the organizational objective of the purchasing department. What facet of engagement planning was the supervisor developing?
A.Internal auditing policy manual. B.Engagement work schedule. C.Engagement work program. D.Internal auditing budget.
Answer (C) is correct.
Internal auditors must develop and document work programs that achieve the engagement objectives (Perf. Std. 2240). The work program states the objectives of the engagement; identifies technical requirements, objectives, risks, processes, and transactions that are to be examined; states the nature, extent, and timing of testing required; documents the internal auditor’s procedures for collecting, analyzing, interpreting, and documenting information during the engagement; and is modified, as appropriate, during the engagement with the approval of the chief audit executive (CAE) or his or her designee. Before work programs are developed, the internal auditor should review background information (e.g., organizational objectives and goals) and, if appropriate, conduct a survey. The survey involves becoming familiar with activities, risks, and controls to identify areas for engagement emphasis and inviting comments and suggestions from engagement clients.
A.An internal auditing policy manual provides guidelines for all operations of the internal audit activity. B.An engagement work schedule describes what activities are to be performed, when they will be performed, and the estimated time required. D.An internal auditing budget embraces all activities for a specified period, not details of work on a given engagement.
99.An internal auditor determines that actual procedures differ from prescribed control procedures. The internal auditor should 1.
Require operating personnel to conform to prescribed procedures.
2.
Document the discrepancies and make any appropriate recommendations to management.
3.
Expand all aspects of the engagement to determine other differences from prescribed procedures.
4.
Modify the engagement work program as warranted by the differences noted.
A.1 and 3. B.2 and 3. C.1 and 4. D.2 and 4.
Answer (D) is correct. The internal auditor should document the discrepancy in the engagement workpapers and make a recommendation to management in the engagement communication based on the impact of the changed procedures on the effectiveness of control. The internal auditor also should modify the engagement work program to reflect the modified control procedure, e.g., to determine whether compensating controls exist.
A.Directing the activities of operating personnel is a management function. Also, a deviation in one control area does not justify expanding testwork in all areas. B.A deviation in one control area does not justify expanding testwork in all areas. C.Directing the activities of operating personnel is a management function.
100.Which of the following is not typically included in an engagement work program?
A.Specific procedures to be performed. B.Objectives of the engagement. C.Technical requirements. D.A preliminary opinion.
Answer (D) is correct. Work programs must include the procedures for identifying, analyzing, evaluating, and documenting information during the engagement. They (1) state the engagement objectives; (2) identify technical requirements, risks, processes, and transactions to be examined; (3) state the nature and extent of testing; (4) document the procedures performed; and (5) are modified during the engagement with the approval of the CAE. When an overall opinion is expressed, it must consider the expectations of stakeholders and be supported by sufficient, reliable, relevant, and useful information. Accordingly, a preliminary opinion is not expressed because no opinion should be expressed until evidence gathering is complete.
A.A work program documents the procedures for collecting, analyzing, interpreting, and documenting information. B.A work program states engagement objectives. C.A work program identifies technical requirements, risks, processes, and transactions to be examined.
PART 2 UNIT 6 Question: 1
Engagement information is usually considered relevant when it is
A.
Derived through valid statistical sampling.
B.
Objective and unbiased.
C.
Factual, adequate, and convincing.
D.
Consistent with the engagement objectives.
Answer (D) is correct. Relevant information supports engagement observations and recommendations and is consistent with the objectives for the engagement (Inter. Std. 2310). A Whether sampling is appropriate and the results are valid are issues related to the determination of sufficiency and reliability rather than relevance. B Objectivity and lack of bias do not ensure that information will support observations and recommendations and be consistent with the engagement objectives. C Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the internal auditor. Question: 2 To determine the sufficiency of information regarding interpretation of a contract, an internal auditor uses A.
The best obtainable information.
B.
Subjective judgments.
C.
Objective evaluations.
D.
Logical relationships between information and issues.
Answer (C) is correct. Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor (Inter. Std. 2310). Because the internal auditor must avoid distortion by personal feelings, prejudices, or interpretations, this judgment must be objective. A The best information attainable is reliable but not necessarily sufficient. B An evaluation of the sufficiency of information requires objective judgments. The “prudent, informed person” language states an objectivity criterion.
D Whether the relationship between the information and the issues is logical is a matter of relevance. Information must be relevant, but relevant information may not be sufficient. Question: 3 In an operational audit, the internal auditors discovered an increase in absenteeism. Accordingly, the chief audit executive decided to identify information about workforce morale. To achieve this engagement objective, the internal auditors must understand that A.
Morale cannot be reliably analyzed.
B.
Only outcomes that are directly quantifiable can be reliably analyzed.
C.
Reliable information may be obtained about morale factors such as job satisfaction.
D.
Morale is always proportional to compensation.
Answer (C) is correct. Reliable information is the best information attainable through the use of appropriate engagement techniques (Inter. Std. 2310). Such information need not consist only of quantifiable outcomes, such as rates of workforce turnover and absenteeism. Reliable information may be identified about such difficult-to-measure things as attitudes toward supervisors, other workers, and compensation. For example, surveys may produce statistically valid information about job satisfaction. A Difficulty of analysis does not preclude reliability. B With proper engagement tools, even emotional responses may be measured and analyzed reliably. D According to research and common human experience, the availability of, for example, intrinsic awards (e.g., personal achievement) may offset a low level of extrinsic awards (e.g., compensation). Question: 4
Reliable information is
A.
Supportive of the engagement observations and consistent with the engagement objectives.
B.
Helpful in assisting the organization in meeting prescribed goals.
C. Factual, adequate, and convincing so that a prudent person would reach the same conclusion as the internal auditor. D.
Competent and the best attainable through the use of appropriate engagement techniques.
Answer (D) is correct. Reliable information is the best attainable information through the use of appropriate engagement techniques (Inter. Std. 2310). An original document is the prime example of such information. A Relevant information supports engagement observations and is consistent with engagement objectives.
B Useful information assists the organization in meeting goals. C Sufficient information is factual, adequate, and convincing to a prudent person. Question: 5 Which of the following is an essential factor in evaluating the sufficiency of information? The information must A.
Be well documented and cross-referenced in the workpapers.
B.
Be based on references that are considered competent.
C.
Bear a direct relationship to the observation and include all of the elements of an observation.
D.
Be convincing enough for a prudent person to reach the same decision.
Answer (D) is correct. Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor (Inter. Std. 2310). A Documentation and cross-referencing are desirable but have no specific relationship to any of the characteristics of information (sufficiency, reliability, relevance, and usefulness). B Competence is a characteristic of reliable information. C Relevant information supports engagement observations. Question: 6 While testing a division’s compliance with company affirmative-action policies, an auditor found that 1. 5% of the employees are from minority groups. 2. No one from a minority group has been hired in the past year. The most appropriate conclusion for the auditor to reach is that A.
Insufficient evidence exists of compliance with affirmative-action policies.
B.
The division is violating the company’s policies.
C.
The company’s policies cannot be audited and hence cannot be enforced.
D.
With 5% of its employees from minority groups, the division is effectively complying.
Answer (A) is correct. Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor (Inter. Std. 2310). Without knowledge of guidelines for compliance, the auditor cannot draw a reasonable conclusion given the insufficiency of the facts. Thus,
the auditor must determine whether management has established adequate criteria or should work with management to develop such criteria. B Failure to hire a person from a minority group this year is irrelevant without knowing the total hires for the period. C An affirmative-action policy is clearly auditable. D This conclusion cannot be reached without knowledge of the actual company policy. Question: 7
Reliable evidence is best defined as evidence that
A.
Is the best attainable.
B.
Is obtained by observing people, property, and events.
C.
Is supplementary to other evidence already gathered and tends to strengthen or confirm it.
D.
Proves an intermediate fact, or group of facts, from which still other facts can be inferred.
Answer (A) is correct. Reliable information is the best information attainable through the use of appropriate engagement techniques (Inter. Std. 2310). Information is reliable when the auditor’s results can be verified by others. Reliable information is also valid. It accurately represents the observed phenomena. Information must be collected using reasonable efforts subject to such inherent limitations as the cost-benefit constraint. Accordingly, internal auditors employ efficient methods, e.g., statistical sampling and analytical auditing procedures. B Physical evidence is obtained by observing people, property, and events. Physical evidence is not necessarily reliable. In fact, the quality of reliability is more often associated with documentary evidence. C Corroborative evidence is supplementary to other evidence already gathered and tends to strengthen or confirm it. Although corroborative evidence may be reliable, much reliable evidence is primary rather than supplementary. D Circumstantial evidence proves an intermediate fact, or group of facts, from which still other facts can be inferred. Circumstantial evidence is not necessarily reliable. Question: 8 While performing an engagement relating to an organization’s cash controls, the internal auditor observed that cash deposits are not deposited intact daily. A comparison of a sample of cash receipts lists revealed that each cash receipt list equaled cash journal entry amounts but not daily bank deposits amounts, and cash receipts list totals equaled bank deposit totals in the long run. This information as support for the internal auditor’s observations is A.
Sufficient but not reliable or relevant.
B.
Sufficient, reliable, and relevant.
C.
Not sufficient, reliable, or relevant.
D.
Relevant but not sufficient or reliable.
Answer (B) is correct. The bank deposits can be verified by examining bank statements obtained directly from the bank. Information obtained from an independent source is usually more reliable than information secured solely within the entity. Moreover, it is obviously relevant to the issue of whether cash receipts are deposited intact. A reasonable internal auditor should judge that the comparison of the organization’s records with independently obtained bank statements is persuasive of the proposition that cash receipts are not deposited intact. Thus, the information is also sufficient. A The information is reliable and relevant. C The information is sufficient, reliable, and relevant. D The information is sufficient and reliable. Question: 9
Which of the following evidence is the most reliable?
A.
Evidence corroborated by engagement client management.
B.
Hearsay from an independent source.
C.
Expert appraisal by audit client engineer.
D.
Original, signed contract corroborated by a bank’s copies of checks.
Answer (D) is correct. Evidence is more reliable if it is (1) obtained from sources independent of the engagement client, such as confirmations of receivables or expert appraisals that are timely and made by a source with no connection to the auditee; (2) corroborated by other information; (3) direct, such as the internal auditor’s personal observation, rather than indirect, such as hearsay; and (4) an original document, not a copy. The original copy of the contract with the contracted price, corroborated by a bank’s (independent party’s) copy of the payment checks, is more reliable than the other choices. A Evidence is more reliable when corroborated by an independent source, not audit client management. B Direct evidence is more reliable than indirect evidence, such as hearsay. C Expert appraisals are more reliable when performed by independent experts, not the audit client’s engineers. Question: 10
Which of the following is a false statement about the reliability of audit evidence?
A. The more effective the organization’s internal control, the more assurance it provides about the accounting data. B.
A copy of a document is as reliable as the original.
C. Evidence obtained from independent sources outside the organization is more reliable than evidence obtained from internal sources. D.
The auditor’s direct personal knowledge is more reliable than information obtained indirectly.
Answer (B) is correct. Internal auditors must identify sufficient, reliable, relevant, and useful information to achieve the engagement’s objectives. Reliable information is best attainable through the use of appropriate engagement (interpretation). Several factors increase the reliability of audit evidence. Evidence is more reliable if it is (1) obtained from sources independent of the engagement client, (2) corroborated by other information, and (3) direct, such as the internal auditor’s personal observation. Also, an original document is more reliable than a copy. A The more effective the controls, the more assurance they provide about the reliability of the accounting data. C Evidence obtained from independent sources outside an entity provides greater assurance of reliability than evidence obtained from within the entity. D The auditor’s direct personal knowledge, obtained through physical examination, observation, and inspection, is more reliable than information obtained indirectly. Question: 11 Which of the following constitutes sufficient audit evidence for verifying air travel reimbursement? A.
Either a pre-printed ticket or a boarding pass.
B.
Either a printout of an electronic ticket or a boarding pass.
C.
Both a printout of an electronic ticket and a boarding pass.
D.
Either a pre-printed ticket or a printout of an electronic ticket.
Answer (C) is correct. An electronic ticket verifies payment, and a boarding pass verifies that the employee actually took the flight instead of cashing in the ticket and using a cheaper form of transportation. A Neither piece of evidence by itself is sufficient. B Neither piece of evidence by itself is sufficient.
D A boarding pass is necessary to verify that the employee actually took the flight. Question: 12 During an audit, information is uncovered that could have a significant impact on the organization’s competitiveness. According to IIA guidance, when is it appropriate for the internal auditor to communicate this information to management? A.
Immediately, because of the sensitivity of the information.
B.
After the auditor has decided that the information is substantial and credible.
C.
After the auditor has formulated recommendations.
D. As soon as the auditor has determined that communicating the information is not a violation of the organization’s code of conduct. Answer (B) is correct. Internal auditors must identify sufficient, reliable, relevant, and useful information to achieve the engagement’s objectives (Perf. Std. 2310). The Interpretation of Standard 2310 also states that • • • •
“Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor. Reliable information is the best attainable information through the use of appropriate engagement techniques. Relevant information supports engagement observations and recommendations and is consistent with the objectives for the engagement. Useful information helps the organization meet its goals.”
The information is relevant if it supports the engagement observations and is consistent with the objectives of the engagement. The information is useful if it affects the organization’s achievement of its objectives. But whether the information is sufficient and reliable is unknown. Thus, the internal auditor must decide that the information is substantial (sufficient) and credible (reliable) before communicating it to management. A The internal auditor should not communicate information before establishing that it is sufficient, reliable, relevant, and useful. C The internal auditor should not communicate information before establishing that it is sufficient, reliable, relevant, and useful. D The internal auditor should not communicate information before establishing that it is sufficient, reliable, relevant, and useful. Question: 13 A.
What characteristic of information is satisfied by an original signed document?
Sufficiency.
B.
Reliability.
C.
Relevance.
D.
Usefulness.
Answer (B) is correct. Reliable information is the best information attainable through the use of appropriate engagement techniques (Inter. Std. 2310). An original document is the prime example of such information. A Sufficient information is factual, adequate, and convincing. The information contained on the document may be none of those things. C Relevance concerns the relationship of the information to some objective of the engagement. No engagement objective is disclosed in the question. Thus, whether the information on the document is relevant to the investigation cannot be determined. D Usefulness is achieved if the item helps the organization (the internal auditor, in this case) to accomplish predetermined goals. No such goals are specified. Question: 14 An internal auditor has set an engagement objective of determining whether all cash receipts are deposited intact daily. To satisfy this objective, the internal auditor interviewed the controller who gave assurances that all cash receipts are deposited as soon as is reasonably possible. As information that can be used to satisfy the stated engagement objective, the controller’s assurances are A.
Sufficient but not reliable or relevant.
B.
Sufficient, reliable, and relevant.
C.
Not sufficient, reliable, or relevant.
D.
Relevant but not sufficient or reliable.
Answer (D) is correct. Internal auditors must identify sufficient, reliable, relevant, and useful information to achieve engagement objectives (Perf. Std. 2310). Relevant information supports engagement observations and recommendations and is consistent with the objectives for the engagement. Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor. Reliable information is the best information attainable through the use of appropriate techniques (Inter. Std. 2310). The controller’s assurance is relevant because it pertains to the cash receipts. However, it lacks reliability because it was not obtained from an independent source. Furthermore, the information is not sufficient because, by itself, it does not provide a reasonable basis for a conclusion. A The information is not sufficient or reliable.
B The information is relevant but not sufficient or reliable. C The information is relevant. Question: 15 In deciding whether recorded sales are valid, which of the following items of information is most reliable? A.
A copy of the customer’s purchase order.
B. A memorandum from the director of the shipping department stating that another employee verified the personal delivery of the merchandise to the customer. C.
Accounts receivable records showing cash collections from the customer.
D.
The shipping document, independent bill of lading, and the invoice for the merchandise.
Answer (D) is correct. Reliable information is the best information attainable through the use of appropriate engagement techniques (Inter. Std. 2310). Information is ordinarily more reliable if it is obtained from a source independent of the client. The shipping document and invoice provide direct information that the sale was made, and the bill of lading is externally generated documentation that the merchandise was shipped. A The customer’s purchase order only proves that the item was requested, not sold. B This memorandum is an uncorroborated statement. C A/R records showing cash collections from the customer are less direct than the shipping document and invoice and provide only circumstantial support regarding the validity of the sale. Fact Pattern: The chief audit executive is reviewing some of the basic concepts inherent in the performance of an engagement with three internal auditors who are on a rotation assignment. After 6 months in the internal audit activity, they will move back to line positions. Each of them has fairly extensive organizational experience and is on a fast track to a high-level management line position. To develop their analytical decision-making abilities, the CAE pulls some old engagement working papers, holding back the review notes and clearing comments. The CAE asks the team to indicate the informational criteria that are violated. Question: 16 During the planning stage of an engagement, the internal auditor made an on-site observation of the vehicle maintenance department and included the following statement in a memorandum summary of the results: “We noted that several maintenance garages were deteriorating badly. Fencing around the property was in need of repair.”
Which of the following informational criteria, if any, is violated?
A.
Sufficiency.
B.
Reliability.
C.
Relevance.
D.
No criteria are violated.
Answer (D) is correct. The observations made about the vehicle maintenance department contain sufficient information (factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions) that is reliable (the best attainable through the use of appropriate engagement techniques) and relevant (supports engagement observations and recommendations and is consistent with the objectives for the engagement) (Inter. Std. 2310). A The sufficiency criterion has not been violated. Physical observation by the internal auditor is sufficient to determine deterioration and need for repairs. B The reliability criterion has not been violated. On-site observation is an appropriate technique to determine deterioration and needed repairs. C The relevance criterion has not been violated. The information obtained by the internal auditor supports observations about the physical condition of the department. Fact Pattern: The chief audit executive is reviewing some of the basic concepts inherent in the performance of an engagement with three internal auditors who are on a rotation assignment. After 6 months in the internal audit activity, they will move back to line positions. Each of them has fairly extensive organizational experience and is on a fast track to a high-level management line position. To develop their analytical decision-making abilities, the CAE pulls some old engagement working papers, holding back the review notes and clearing comments. The CAE asks the team to indicate the informational criteria that are violated. Question: 17 The organization’s inventories are under the administration of three production managers. The internal auditors perform a standard limited test of finished goods inventory balances every year. During this year’s engagement concerning inventories, the internal auditors noted finished goods inventories were abnormally high, sales were consistent with prior years, and returns and allowances appeared normal. The internal auditors performed the usual random sample recount of several finished goods inventory cards without discrepancy and then extended the testing to include 10 raw materials and 10 work-in-process cards, noting no exceptions. The following statement was included in the engagement workpapers:
“Our standard test of finished goods inventories revealed no exceptions to the inventory count. We extended our tests this year to include both raw materials and work-in-process without exception. At the time of our engagement, the supervising inventory managers were not available; however, the division secretary indicated that performance standards were on file. It appears that there is adequate awareness and understanding of the performance standards.” Which of the following informational criteria is not violated? A.
Sufficiency.
B.
Reliability.
C.
Relevance.
D.
All criteria are violated.
Answer (D) is correct. The conclusion violates the criteria of sufficiency, reliability, and relevance. The sufficiency criterion is violated because recounting several inventory items is insufficient given the abnormally high inventory. The reliability criterion is violated because the performance standard information is not the best attainable. The internal auditors should interview inventory managers to determine their awareness and understanding of the performance standards. The relevance criterion is violated because the information related to raw materials and work-in-process does not pertain to the finished goods inventory. A The criterion of sufficiency has been violated. B The criterion of reliability has been violated. C The criterion of relevance has been violated. Fact Pattern: The chief audit executive is reviewing some of the basic concepts inherent in the performance of an engagement with three internal auditors who are on a rotation assignment. After 6 months in the internal audit activity, they will move back to line positions. Each of them has fairly extensive organizational experience and is on a fast track to a high-level management line position. To develop their analytical decision-making abilities, the CAE pulls some old engagement working papers, holding back the review notes and clearing comments. The CAE asks the team to indicate the informational criteria that are violated. Question: 18 The organization is required to comply with certain specific standards related to environmental issues. One of these standards requires that certain hazardous chemicals be placed in certified containers for shipment to a governmental disposal site. The container must bear an inspection seal signed within the last 90 days by a governmental inspector. Based on the following tests, the internal auditor concluded that the organization was in compliance for the engagement period:
1. Determine from each chemical loading supervisor that compliance requirements are understood. 2. Inspect sealed containers for evidence of leakage. 3. Ask chemical loading personnel about procedures performed. Which of the following informational criteria, if any, is violated? A.
Sufficiency.
B.
Reliability.
C.
Relevance.
D.
No criteria are violated.
Answer (A) is correct. Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the internal auditor (Inter. Std. 2310). These tests are insufficient because the internal auditor did not determine that each container had an inspection seal signed within the last 90 days. B The information is reliable. It is the best information attainable through the use of appropriate engagement techniques. C The information is relevant. It supports engagement observations and recommendations and is consistent with the objectives for the engagement. D The sufficiency criterion was violated. Fact Pattern: The chief audit executive is reviewing some of the basic concepts inherent in the performance of an engagement with three internal auditors who are on a rotation assignment. After 6 months in the internal audit activity, they will move back to line positions. Each of them has fairly extensive organizational experience and is on a fast track to a high-level management line position. To develop their analytical decision-making abilities, the CAE pulls some old engagement working papers, holding back the review notes and clearing comments. The CAE asks the team to indicate the informational criteria that are violated. Question: 19 In an engagement to evaluate the effectiveness and validity of a subsidiary’s marketing expenditures, the internal auditors identified the following information: 1. Analytical comparisons of advertising expenditures and changes in shopping patterns and item sales 2. Direct observation of various advertising media used 3. Review of a marketing survey of general public reaction to the marketing plan Which of the following informational criteria, if any, is violated?
A.
Sufficiency.
B.
Reliability.
C.
Relevance.
D.
No criteria are violated.
Answer (D) is correct. The identified information is sufficient (factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions), reliable (the best attainable through the use of appropriate engagement techniques), and relevant (supports engagement observations and recommendations and is consistent with the objectives for the engagement) (Inter. Std. 2310). A The sufficiency criterion has not been violated. The analytical comparison, direct observation, and review of the market survey provide sufficient information about the effectiveness and validity of expenditures. B The reliability criterion has not been violated. Analysis, observation, and review by the internal auditors are all methods of obtaining competent information. C The relevance criterion has not been violated. The analytical comparisons, direct observations, and review of the marketing survey are all types of information pertinent to the evaluation of the marketing expenditures. Fact Pattern: The chief audit executive is reviewing some of the basic concepts inherent in the performance of an engagement with three internal auditors who are on a rotation assignment. After 6 months in the internal audit activity, they will move back to line positions. Each of them has fairly extensive organizational experience and is on a fast track to a high-level management line position. To develop their analytical decision-making abilities, the CAE pulls some old engagement working papers, holding back the review notes and clearing comments. The CAE asks the team to indicate the informational criteria that are violated. Question: 20 In an engagement performed at the organization’s real estate development subsidiary, the engagement objective was to determine that capitalized land improvements had been assigned equally to all developed lots. The internal auditors identified the following information: 1. Independent appraisals of all lot values 2. Sales records for similar subdivision lots 3. An analysis of market values of each lot Which of the following informational criteria, if any, are violated? A.
Sufficiency and relevance.
B.
Reliability and sufficiency.
C.
Relevance and reliability.
D.
No criteria are violated.
Answer (A) is correct. The conclusion violates the criteria of sufficiency and relevance. The sufficiency criterion is violated because information about cost allocation is missing. The relevance criterion is violated because the information identified does not pertain to the objective. B The reliability criterion has not been violated, although the sufficiency criterion has been violated. C Although the relevance criterion has been violated, the reliability criterion has not been violated. D The sufficiency and relevance criteria have been violated. Question: 21 Management is investigating the acquisition of an upgraded version of the existing client-server system to increase the system’s capacity. Management has requested that the internal auditor perform an operational engagement to determine the efficiency of the existing computer processing resource. What is the most relevant source of information to meet the engagement objective? A.
A survey of current user satisfaction.
B.
A review of computer job log records, listings of scheduled jobs, and computer down-time.
C.
A comparison of server capacity with desktop computer capacity.
D.
A detailed analysis of hard drive growth over the last 3 years.
Answer (B) is correct. Reviewing job logs, job schedules, and documentation of computer down-time provides an objective record of actual hardware usage. The internal auditor may also wish to consider such matters as percentage usage of the CPU by time of day, the number of online transactions per hour by time of day, average and peak response times by time of day, and average and peak batch job turnaround time by time of day. A User satisfaction surveys are subjective and are not directly related to efficient use of the hardware resources. C This comparison does not address the engagement objective. D The growth of hard drive use only addresses a portion of the engagement objective.
Question: 22 The most reliable information an internal auditor can assess when determining an organization’s legal title to inventories is A.
Monthly gross profit and inventory levels.
B.
Purchase orders.
C.
Paid vendor invoices.
D.
Records of inventories stored at off-site locations.
Answer (C) is correct. Mere possession of inventory does not signify that another party does not have a claim to it. For example, the inventory may be held on consignment. Payment of vendor invoices is the culmination of the purchases-payables cycle. The paid invoice evidences the purchaser’s ownership of the inventory. A Although informative, monthly gross profit and inventory levels have no bearing on legal ownership. B Purchase orders represent a commitment to purchase, not legal ownership. D Records of inventories stored at off-site locations verify the existence of the inventory, not legal ownership. Question: 23 The chief audit executive is reviewing the workpapers produced by an internal auditor during a fraud investigation. Among the items contained in the workpapers is a description of an item of physical information. Which of the following is the most probable source of this item of information? A.
Observing conditions.
B.
Interviewing people.
C.
Examining records.
D.
Computing variances.
Answer (A) is correct. Physical information results from the verification of the actual existence of things, activities, or individuals by observation, inspection, or count. It may take the form of photographs, maps, charts, or other depictions. B Interviewing produces testimonial information. C The examination of records requires documentary information and produces analytical information. D Computations and verifications lead to analytical information.
Question: 24 To verify the proper value of costs charged to real property records for improvements to the property, the best source of information is A.
Inspection by the internal auditor of real property improvements.
B.
A letter signed by the real property manager asserting the propriety of costs incurred.
C.
Original invoices supporting entries into the accounting records.
D.
Comparison of billed amounts with contract estimates.
Answer (C) is correct. To verify real property costs, the best method of obtaining engagement information is to examine records. Records originating outside the engagement client, such as original invoices, are much more reliable than internal documents or engagement client testimony. Also, these invoices support actual accounting record entries. A An inspection confirms that the improvements were made, not their cost. B Records or documents generated internally are less reliable than those produced externally. D A comparison of billed amounts with contract estimates measures the reasonableness of costs but is less persuasive than original invoices supporting entries into the accounting records. Question: 25 conclusions?
Ordinarily, what source of information should most affect the internal auditor’s
A.
External.
B.
Inquiry.
C.
Oral.
D.
Informal.
Answer (A) is correct. External information is ordinarily more reliable than the other types of information listed because it is generated from sources independent of the engagement client. The internal auditor should select the strongest information available to support engagement observations, conclusions, and recommendations. B Information derived from inquiries is ordinarily less reliable than external information. C Oral information is ordinarily less reliable than external information. D Informal information is ordinarily less reliable than external information.
Question: 26 An internal auditor’s objective is to determine the cause of inventory shortages shown by the physical inventories taken by an independent service organization that used some engagement client personnel. The internal auditor addresses this objective by reviewing the count sheets, inventory printouts, and memos from the last inventory. The source of information and the sufficiency of this information are A.
Internal and not sufficient.
B.
External and sufficient.
C.
Both external and internal and sufficient.
D.
Both external and internal and not sufficient.
Answer (D) is correct. The organization employs an external inventory service and internal personnel for data entry and balancing, so the sources of information are both external and internal. However, the information is not sufficient to determine the cause of the shortages. Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the internal auditor (Inter. Std. 2310). The documents reviewed will not reveal the cause of the shortages. A The information is also external. B The information is also internal and not sufficient. C The information is not sufficient to determine the cause. Question: 27 During an investigation of unexplained inventory shrinkage, an internal auditor is testing inventory additions as recorded in the perpetual inventory records. Because of internal control weaknesses, the information recorded on receiving reports may not be reliable. Under these circumstances, which of the following documents provides the best information about additions to inventory? A.
Purchase orders.
B.
Purchase requisitions.
C.
Vendors’ invoices.
D.
Vendors’ statements.
Answer (C) is correct. The vendors’ invoice confirms that the proper amount due has been recorded. A vendor’s invoices provide the best source of information about additions to inventory. Vendors’ invoices provide an external source of information regarding shipments to the engagement client. These amounts should be
equal to quantities added to inventory (after possible adjustment for items returned to the vendor because of damage, etc.). A The quantity ordered may not equal the quantity shipped by the vendor. B The quantity requested in a purchase requisition may not equal the quantity shipped by the vendor as a result of modification by the purchasing department or vendor stockouts. D Vendors’ statements normally list only the invoice number, date, and total. They do not list invoice detail such as quantities shipped. Question: 28 In engagement planning, internal auditors should review all relevant information. Which of the following sources of information would most likely help identify suspected violations of environmental regulations? A.
Discussions with operating executives.
B.
Review of trade publications.
C.
Review of correspondence the entity has conducted with governmental agencies.
D.
Discussions conducted with the external auditors in coordinating engagement efforts.
Answer (C) is correct. Correspondence from regulators is likely to be a valid and relevant source of information about environmental violations. This externally generated documentation and the engagement client’s responses thereto may indicate a significant loss exposure for the engagement client. A Operating management is a possibly biased source. B This source is not sufficiently specific. D External auditors do not have ready access to the needed information. Question: 29
The most conclusive information to support supplier account balances is obtained by
A.
Reviewing the vendor statements obtained from the accounts payable clerk.
B.
Obtaining confirmations of balances from the suppliers.
C.
Performing analytical account analysis.
D. Interviewing the accounts payable manager to determine the internal controls maintained over accounts payable processing. Answer (B) is correct.
Confirmation has the advantage of obtaining information from sources external to the entity. Information from external sources provides greater assurances of reliability than information from sources within the entity. A Vendor statements obtained from the accounts payable clerk may be inaccurate, purposely misstated, or prepared for nonexisting vendors. C Analytical account analysis is effective for identifying circumstances that require additional consideration. D Interviewing an employee provides oral, or testimonial, information, which is inherently less reliable than information obtained from independent sources. Question: 30 A set of engagement workpapers contained a copy of a document providing information that an expensive item that had been special-ordered was actually on hand on a particular date. The most likely source of this information is a printout from a computerized A.
Purchases journal.
B.
Cash payments journal.
C.
Perpetual inventory file.
D.
Receiving report file.
Answer (C) is correct. In a perpetual inventory system, purchases are directly recorded in the inventory account, and cost of goods sold is determined as the goods are sold. A computerized perpetual inventory file has a record of each debit or credit transaction with its date, amount, etc., and the inventory balance for any given date could therefore be determined. A The purchases journal indicates when the item was ordered but not whether it was still on hand at a specific later date. B The cash payments journal indicates when the item was paid for but not whether it was still on hand at a specific later date. D The receiving report indicates when the item was received but not whether it was still on hand at a specific later date. Question: 31 During interviews with the inventory management personnel, an internal auditor learned that salespersons often order inventory for stock without receiving the approval of the vice president of sales. Also, detail testing showed that there are no written approvals on purchase orders for replacement parts. The results of detail testing are a good example of A.
Indirect information.
B.
Circumstantial information.
C.
Corroborative information.
D.
Subjective information.
Answer (C) is correct. Corroborative information is evidence from a different source that supplements and confirms other information. For example, oral testimony that a certain procedure was not performed may be corroborated by the absence of documentation. A Detail testing provides direct information that the approvals were not received. Indirect information establishes immediately related facts from which the main fact may be inferred. B Circumstantial information tends to prove a fact by proving other events or circumstances that afford a basis for a reasonable inference of the occurrence of the fact. Thus, it is also indirect information. D Subjective information is opinion-oriented and is not dependable for reaching engagement conclusions. No subjective information is present in this situation. Question: 32 information?
A letter to the internal auditor in response to an inquiry is an example of which type of
A.
Physical.
B.
Testimonial.
C.
Documentary.
D.
Analytical.
Answer (B) is correct. Information may consist of authoritative documentation, calculations by the internal auditor, internal control, interrelationships among the data, physical existence, subsequent events, subsidiary records, and testimony by stakeholders. Oral or written statements (e.g., letters to the internal auditor) derived from inquiries or interviews are testimonial information. A Physical information results from the verification of the actual existence of something by observation, inspection, or count. C Documentary information exists in some permanent form, such as checks, invoices, shipping records, receiving reports, and purchase orders. It includes both external information, e.g., bills of lading received by the engagement client from common carriers, and documents originating within the engagement client’s organization. D Analytical information is derived from the study and comparison of relationships among data.
Question: 33 An internal auditor takes a photograph of the engagement client’s workplace. The photograph is a form of what kind of information? A.
Physical.
B.
Testimonial.
C.
Documentary.
D.
Analytical.
Answer (A) is correct. Physical information results from the verification of the actual existence of things, activities, or individuals by observation, inspection, or count. It may take the form of photographs, maps, charts, or other depictions. B Testimonial information consists of oral or written statements derived from inquiries or interviews. C Documentary information consists of letters, memoranda, invoices, shipping and receiving reports, etc. D Analytical information is derived from a study and comparison of the relationships among data. Question: 34
Which of the following is an example of documentary information?
A.
A photograph of an engagement client’s workplace.
B.
A letter from a former employee alleging a fraud.
C.
A page of the general ledger containing irregularities placed there by the perpetrator of a fraud.
D. A page of the internal auditor’s workpapers containing the computations that demonstrate the existence of an error or irregularity. Answer (C) is correct. Documentary information exists in some permanent form, such as checks, invoices, shipping records, receiving reports, and purchase orders. It includes both external information, e.g., shipping documents provided by carriers, and documents originating within the engagement client’s organization. A Photographic information is physical. B Statements received in response to inquiries or interviews are testimonial. D The study and comparison of relationships among data results in analytical information. Question: 35 The internal auditor for a construction contractor finds materials costs increasing as a percentage of billings and suspects that materials billed to the organization are being delivered to
another contractor. What type of information will best enable the internal auditor to determine whether erroneous billings occurred? A.
Documentary.
B.
Physical examination.
C.
Confirmation.
D.
Analytical.
Answer (A) is correct. Documentary information exists in some permanent form, such as checks, invoices, shipping records, receiving reports, and purchase orders. It includes both external information, e.g., shipping documents provided by carriers, and documents originating within the engagement client’s organization. By matching invoices received from vendors with receiving documents prepared by organizational personnel, the nonreceipt of items billed to the organization can be detected. Also, the invoices received may well indicate that delivery was made to an address other than the organization’s storage area or a construction site. B Physical examination is not usually possible. The materials will not be available at the organization’s premises. C Testimonial information obtained through confirmation is unlikely to be helpful. The supplier will confirm shipment of goods and the amount of the invoice but will not report the delivery address. D Analytical procedures are not likely to be effective unless budgets were very carefully developed, all conditions remained virtually constant, and the amounts were relatively large. Question: 36 During an engagement to review the personnel function, an internal auditor notes that there are several employee benefit programs and that participation in some of the programs is optional. Which of the following is the best information for assessing the acceptability of various benefit programs to employees? A.
Discuss satisfaction levels with program participants.
B.
Evaluate program participation ratios and their trends.
C.
Discuss satisfaction levels with the director of personnel.
D.
Evaluate methods used to make employees aware of available program options.
Answer (B) is correct.
Analytical information obtained by determining employee participation in optional programs is the most persuasive. Actual participation requires an affirmative act that strongly suggests a positive employee evaluation of a program. A Responses from participants, by definition, do not include testimony by nonparticipants. C Employee participation ratios are more persuasive than the personnel director’s testimony about employee satisfaction. D The effectiveness of the means of communicating information about the programs is not relevant to employee satisfaction. Question: 37 In an engagement to review travel expenses, the internal auditor calculates average expenses per day traveled for all sales personnel and then examines detailed receipts for those with high averages. These procedures represent the identification of which types of information? A.
Documentary and physical.
B.
Analytical and physical.
C.
Documentary and analytical.
D.
Physical and testimonial.
Answer (C) is correct. Documentary information includes accounting records, outgoing correspondence, receiving reports, etc. Analytical information results from analysis and verification and includes computations and comparisons. The travel expense receipts are documentary information. The calculations of average travel expenses are analytical information. A The information is documentary but not physical. B The information is analytical but not physical. D The information is neither physical nor testimonial. Question: 38 An internal auditor arrived at the conclusion that the segregation of duties in the counting and recording of cash receipts was adequate. What type of information is this? A.
Analytical.
B.
Documentary.
C.
Physical.
D.
Testimonial.
Answer (A) is correct. Analytical information is drawn from the consideration of the interrelationships among data or, in the case of the control, the particular policies and procedures of which it is composed. Analysis produces circumstantial information in the form of inferences or conclusions based on examining the components as a whole for consistencies, inconsistencies, cause-and-effect relationships, relevant and irrelevant items, etc. B Documentary information exists in some permanent form, such as checks, invoices, shipping records, receiving reports, and purchase orders. C Physical information consists of the internal auditor’s direct observation and inspection, e.g., of the counting of inventory. D Testimonial information is provided by the statements of engagement client personnel and others. Question: 39 When evaluating the propriety of a payment to a consultant, the most appropriate information for the internal auditor to obtain and review is A.
Oral information in the form of opinions of operating management.
B.
Documentary information in the form of a contract.
C.
Analytical information in the form of comparisons with prior years’ expenditures on consultants.
D.
Physical information in the form of the consultant’s report.
Answer (B) is correct. A contract is a document that formalizes an agreement between the parties. It provides persuasive information that the payment was properly authorized. A Oral information tends to be less reliable than information in some permanent form. C Comparisons with prior years’ payments may be invalid if circumstances have changed. D The report indicates that some work was done but not that the payment was authorized or in the appropriate amount. Question: 40
The most reliable forms of documentary evidence are those documents that are
A.
Prenumbered.
B.
Internally generated.
C.
Easily duplicated.
D.
Authorized by a responsible official.
Answer (D) is correct. Externally generated documents are deemed to be more reliable than those produced by the auditee. However, the evidentiary value of the latter is enhanced if they are subject to effective control. Accordingly, authorization by an appropriate party lends credibility to a document because it increases the probability that the underlying transaction is valid. A The use of prenumbered and sequentially issued documents is an effective control, but such documents may be accessible to an employee who is perpetrating fraud. B Internally generated documents are not the most reliable among the choices. C Ease of duplication would tend to reduce rather than increase reliability of a document. Question: 41 Which of the following are least valuable in predicting the amount of uncollectible accounts for an organization? A.
Published economic indices indicating a general business downturn.
B. Dollar amounts of accounts actually written off by the organization for each of the past 6 months. C.
Total monthly sales for each of the past 6 months.
D.
Written forecasts from the credit manager regarding expected future cash collections.
Answer (D) is correct. Written forecasts from the credit manager may be relevant and useful, but they cannot be considered sufficient or reliable. Opinion evidence does not have as much reliability as factual evidence. In addition, the source of the evidence may have a bias, which should be considered by the internal auditor when evaluating the reliability of this data. A Although these statistics might not be quite as relevant as some of the other data, they are reliable, having been compiled and published by an independent source. B The dollar amounts of write-offs are relevant and reliable, representing the actual experience of the organization. C These amounts include cash as well as credit sales. Thus, the inclusion of cash sales reduces the relevance of these data. However, prior sales also represent the actual experience of the organization and therefore have a high degree of reliability. Question: 42
The most likely source of information indicating employee theft of inventory is
A.
Physical inspection of the condition of inventory items on hand.
B.
A warehouse employee’s verbal charge of theft.
C.
Differences between an inventory count and perpetual inventory records.
D.
Accounts payable transactions vouched to inventory receiving reports.
Answer (B) is correct. Testimonial information may not be conclusive and should be supported by other forms of information whenever possible. However, it may provide a lead not indicated by other procedures. A Physical inspection of items on hand does not disclose shortages or indicate theft. C Differences between inventory counts and perpetual records are normal and, by themselves, do not indicate theft. D Vouching transactions from accounts payable to receiving reports provides no information about a shortage or theft arising after receipt of the goods. Question: 43 Which of the following techniques is most likely to result in sufficient information with regard to an engagement to review the quantity of fixed assets on hand in a particular department? A.
Physical observation.
B.
Analytical review of purchase requests and subsequent invoices.
C.
Interviews with department management.
D.
Examination of the account balances contained in general and subsidiary ledgers.
Answer (A) is correct. First-hand observation by the auditor is more persuasive than analytical reviews performed, clientprepared records examined by the auditor, or interviews with client personnel. B Items purchased may no longer be present in the department being reviewed, even though they were originally purchased for that department. C Interviews are useful in gaining insight into operations and understanding exceptions but are not sufficient. D Ledger balances may not indicate whether assets have been moved or stolen. Question: 44 Which of the following types of tests is the most persuasive if an internal auditor wants assurance of the existence of inventory stored in a warehouse? A.
Examining the shipping documents that support recorded transfers to and from the warehouse.
B.
Obtaining written confirmation from management.
C.
Physically observing the inventory in the warehouse.
D.
Examining warehouse receipts contained in the engagement client’s records.
Answer (C) is correct. Direct knowledge obtained through the internal auditor’s physical observation is the most reliable information about the existence of the inventory. A Shipping documents are not as reliable as personal knowledge. B Testimonial information is not as reliable as personal knowledge. D Warehouse receipts are not as reliable as personal knowledge. Question: 45 Documents provide information with differing degrees of persuasiveness. If the engagement objective is to obtain information that payment has actually been made for a specific invoice from a vendor, which of the following documents ordinarily is the most persuasive? A. An entry in the engagement client’s cash disbursements journal supported by a voucher package containing the vendor’s invoice. B. A canceled check, made out to the vendor and referenced to the invoice, included in a cutoff bank statement that the internal auditor received directly from the bank. C.
An accounts payable subsidiary ledger that shows payment of the invoice.
D.
A vendor’s original invoice stamped “PAID” and referenced to a check number.
Answer (B) is correct. A canceled check included in a cutoff bank statement received directly from the bank provides external as well as internal documentary information. The information was generated internally but passed through outsiders who confirmed it (honored the check) before sending it directly to the internal auditor. Such information is very persuasive. A The engagement client either has initiated or had an opportunity to alter the voucher and the invoice. C Internal information is less persuasive than external information. D The invoice is external information of debt but not of payment. The information concerning payment is internal and not persuasive. A reference to a check is not as reliable as the check itself. Question: 46 An internal auditor at a savings and loan association concludes that a secured real estate loan is collectible. Which of the following engagement procedures provides the most persuasive information about the loan’s collectibility? A.
Confirming the loan balance with the borrower.
B.
Reviewing the loan file for proper authorization by the credit committee.
C.
Examining documentation of a recent, independent appraisal of the real estate.
D.
Examining the loan application for appropriate borrowers’ signatures.
Answer (C) is correct. Real estate appraisals are based on estimated resale value or future cash flows. A recent, independent appraisal provides information about the borrower’s ability to repay the loan. Such an appraisal tends to be reasonably reliable because it is timely and derives from an expert source independent of the engagement client. A A confirmation provides information about a loan’s existence, not its collectibility. B Information about the loan’s authorization is not relevant to its collectibility. D The validity of the loan is not relevant to the borrower’s ability to repay the loan. Question: 47 is
The most persuasive information regarding the asset value of newly acquired computers
A.
Inquiry of management.
B.
Observation of engagement client’s procedures.
C.
Physical examination.
D.
Documentation prepared externally.
Answer (D) is correct. Information is considered more or less persuasive depending on how much control the engagement client has over it. The most persuasive information relevant to the valuation assertion is documentation that is prepared externally. A An unsubstantiated response to an inquiry of management ordinarily yields the least persuasive information. B Observation of procedures for acquisition would not be as persuasive as documents showing the cost of the asset. C Physical examination of the asset reveals only limited information as to the asset’s value. Question: 48 The most persuasive information about the existence of newly acquired computers for the sales department is A.
Inquiry of management.
B.
Observation of engagement client’s procedures.
C.
Physical examination.
D.
Documentation prepared externally.
Answer (C) is correct. Information is considered more or less persuasive depending on the engagement client’s degree of control. The following is a hierarchy from most persuasive to least persuasive: internal auditor’s examination and observation, externally developed information, internally developed information, and oral information from the client. Thus, the most persuasive information about the existence assertion for a new asset is physical examination. A An unsubstantiated response to an inquiry of management is usually considered the least persuasive information. B Observation of procedures for acquisition would not be as persuasive as examination of the asset. D Documentation is less relevant to the existence assertion than physical examination. Question: 49 Which of the following represents the general order of persuasiveness, from most to least, for the types of information listed below? 1. 2. 3. 4.
Inquiry of management Observation of engagement client’s procedures Physical examination Documentation prepared externally
A.
3, 2, 4, 1.
B.
4, 1, 2, 3.
C.
2, 4, 1, 3.
D.
4, 3, 1, 2.
Answer (A) is correct. An auditor’s physical examination provides the most persuasive form of evidence. First-hand observation by the auditor of client personnel performing procedures is the next most persuasive. Information originating from a third party is less persuasive than information personally gathered by the auditor but more persuasive than information originating with the client. Oral information from the client is the least convincing. B The internal auditor’s physical examination (3) and observation (2) are more persuasive than externally developed information (4). C The internal auditor’s physical examination (3) is the most persuasive evidence of all.
D The internal auditor’s observation (2) is more persuasive than both externally developed information (4) and inquiry of management (1). Question: 50 The internal auditor wants to understand the actual flow of data regarding cash processing. The most convincing information is obtained by A.
Reviewing the systems flowchart.
B.
Performing a walk-through of the processing and obtaining copies of all documents used.
C. Reviewing the programming flowchart for information about control procedures placed into the computer programs. D.
Interviewing the chief financial officer.
Answer (B) is correct. The physical inspection of an engagement client’s facilities, records, and processing steps is the most persuasive information. The internal auditor reviews actual documents and determines what personnel actually do with them. A The systems flowchart might not indicate how processing may have evolved over time. C The program flowchart excludes manual processing steps. D The chief financial officer may not know how the specific clerical processing may have changed. Furthermore, the chief financial officer may have reason not to describe processing accurately. Question: 51 The internal auditor is concerned with the overall valuation of inventory. Rank the following sources of engagement information from most persuasive to least persuasive in addressing the assertion as to the valuation of inventory. 1. Calculate inventory turnover by individual product. 2. Assess the net realizability of all inventory items with a turnover ratio of 2.0 or less by interviewing the marketing manager as to the marketability of the product. 3. Calculate the net realizable value (NRV) of all inventory products (using software to calculate NRV based on the last selling price) and compare NRV with cost. 4. Take a statistical sample of inventory and examine the latest purchase documents (invoices and receiving slips) to calculate inventory cost. A.
1, 2, 3, 4.
B.
1, 4, 2, 3.
C.
4, 1, 3, 2.
D.
2, 3, 4, 1.
Answer (C) is correct. Sampling inventory and examining purchase documents are procedures that provide the most persuasive information in establishing cost, which is the basis of determining the valuation of inventory. They rely on the internal auditor’s own observations and on inspection of documents from external sources. The next most persuasive information is derived from the internal auditor’s analytical procedures. A change in inventory turnover or a very low level of inventory turnover indicates potential obsolescence of inventory and the need for the internal auditor to perform additional procedures, e.g., examining subsequent sales to determine whether inventory should be written down. Calculation of net realizable value may indicate a valuation problem. The difficulty with this procedure is that the last sales price may not be appropriate. The marketing manager’s opinion about marketability is the least persuasive information. It is a form of testimonial information from an individual who may have a vested interest in persuading the internal auditor that the goods will be sold at their normal prices in the normal course of business. In addition, the arbitrary cutoff value of 2.0 may not be justified. The cutoff should be based on the nature of the client’s inventory. A The proper order is 4, 1, 3, 2. B The proper order is 4, 1, 3, 2. D The proper order is 4, 1, 3, 2. Question: 52
Which of the following examples of audit evidence is the most persuasive?
A.
Real estate deeds that were properly recorded with a government agency.
B.
Canceled checks written by the chief financial officer and returned from a bank.
C.
Time cards for employees that are stored by a manager.
D.
Vendor invoices filed by the accounting department.
Answer (A) is correct. Real estate deeds recorded in public records are documentary information generated by external parties. They are not processed by the engagement client. Accordingly, this purely external evidence is more persuasive than information originating with, or processed by, the engagement client. B Canceled checks written by the chief financial officer and returned from a bank constitute internalexternal information. Such information originates with the engagement client but is processed externally. Because the bank’s acceptance of checks provides some confirmation of their validity, they are more reliable than purely internal evidence. C Time cards for employees that are stored by a manager are considered internal information. They are generated by, and remain with, the engagement client. Purely internal information is less reliable than information from external sources.
D Vendor invoices filed by the accounting department are considered external-internal information. Although the invoices were created externally, they are subsequently processed by the engagement client. Thus, they are more reliable than purely internal information but less reliable than purely external information. Question: 53 One objective of an internal auditing engagement involving the receiving function is to determine whether receiving clerks independently count incoming supplies before completing the quantity received section of the receiving report. Which of the following is the most persuasive information supporting the assertion that the counts are made? A. The receiving section supervisor’s assurance, based on personal observation, that the counts are made. B.
A receiving clerk’s initials on all receiving reports attesting that the count was made.
C. Assurance, from the warehouse supervisor, that the accuracy of the perpetual inventory is the result of the reliability of the entries in the quantity received section. D.
Periodic observations by the internal auditor over the course of the engagement.
Answer (D) is correct. An internal auditor’s presumption about the validity of information is that the internal auditor’s direct personal knowledge, obtained through physical examination, observation, computation, and inspection is more persuasive than information obtained indirectly. A Testimonial information is not as reliable as the internal auditor’s direct personal observation. B Testimonial information is not as reliable as the internal auditor’s direct personal observation. C Testimonial information is not as reliable as the internal auditor’s direct personal observation. Question: 54 An internal auditor is evaluating the advertising function. The organization has engaged a medium-sized local advertising agency to place advertising in magazine publications. As part of the review of the engagement workpapers, the internal auditing supervisor is evaluating the information collected. The internal auditor reviewed the language in the advertising for its legality and compliance with fair trade regulations by interviewing the organization’s advertising manager, the product marketing director (who may not have been objective), and five of the organization’s largest customers (who may not have been knowledgeable). The supervisor can justifiably conclude that the information is A.
Reliable.
B.
Irrelevant.
C.
Conclusive.
D.
Insufficient.
Answer (D) is correct. Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor (Inter. Std. 2310). Sufficiency is based on the internal auditor’s professional judgment as to the amounts, kinds, and persuasiveness of information required. Testimony from individuals who may be neither objective nor knowledgeable is unlikely to be sufficient. A The advertising director and the product marketing director are not objective. B The information is relevant but not sufficient. C The information is not sufficient. Hence, it cannot be conclusive. The inherent limitations of this engagement require that internal auditors rely on information that is merely persuasive rather than convincing beyond all doubt. Question: 55 In testing the write-off of a deteriorated piece of equipment, the best information about the condition of the equipment is A.
The equipment manager’s statement regarding condition.
B.
Accounting records showing maintenance and repair costs.
C.
A physical inspection of the actual piece of equipment.
D.
The production department’s equipment downtime report.
Answer (C) is correct. The most reliable form of engagement information is that obtained through the internal auditor’s direct experience. Thus, a physical inspection provides the best information about the current condition of equipment. A The equipment manager’s statement regarding condition, standing alone, is not conclusive. B Accounting records are less persuasive than the internal auditor’s direct observation. D Internal reports are less persuasive than the internal auditor’s direct observation. Question: 56 In which of the following situations would observation not provide the most compelling audit evidence? A.
Verification of the existence of production equipment.
B.
Documentation of a production or accounting process.
C.
Analysis of the security of a storeroom or facility.
D.
Identification of excess inventory.
Answer (D) is correct. Observation consists of looking at a process or procedure being performed by others. In contrast, physical examination consists of the inspection of a tangible item. Evidence obtained through physical examination is more persuasive than evidence obtained through observation. Although an internal auditor may observe the counting of inventory, it is through physical examination that the internal auditor personally inspects individual inventory items (e.g., opening containers not included in the inventory count to discover excess inventory). A Observation provides the most compelling audit evidence of the existence of equipment. B Observation provides the most compelling audit evidence of the documentation of a production or accounting process. C Observation provides the most compelling audit evidence of the security of a storeroom or facility. Question: 57 Which of the following types of audit evidence is best defined as the proof of a fact without reliance on presumptions for support? A.
Direct.
B.
Circumstantial.
C.
Conclusive.
D.
Corroborative.
Answer (A) is correct. Direct evidence establishes a particular fact or conclusion without having to make any assumptions. B Circumstantial evidence establishes a fact or conclusion that leads by inference to another fact. C Evidence is conclusive if no other evidence is needed to establish absolute proof. D Corroborative evidence confirms a fact or conclusion that can be inferred from other evidence. Question: 58
A well-designed internal control questionnaire should
A.
Elicit “yes” or “no” responses rather than narrative responses and be organized by department.
B.
Be a sufficient source of data for assessment of control risk.
C.
Help evaluate the effectiveness of internal control.
D.
Be independent of the objectives of the internal auditing engagement.
Answer (C) is correct.
An internal control questionnaire consists of a series of questions about the organization’s controls designed to prevent or detect errors or fraud. Answers to the questions help the internal auditor to identify specific controls relevant to specific assertions and to design tests of controls to evaluate the effectiveness of their design and operation. A Yes/no question formats and organizing question sequence by department may facilitate administering the questionnaire, but other formats and methods of question organization are possible. B The questionnaire is a tool to help understand and document internal control but is not sufficient as the sole source of information to support the assessment of control risk. D The internal control questionnaire must be designed to achieve the engagement objectives. Fact Pattern: Management answered “yes” to every question when filling out an internal control questionnaire and stated that all listed requirements and control activities were part of their procedures. An internal auditor retrieved this questionnaire from management during the preliminary survey visit but did not review the responses with management while on site. Question: 59
The internal auditor’s supervisor should be critical of the above procedure because
A.
Engagement information must be corroborated in some way.
B.
Internal control questionnaires cannot be relied upon.
C.
The internal auditors were not present while the questionnaire was being filled out.
D.
The questionnaire was not designed to address accounting operations and controls.
Answer (A) is correct. Self-assessment questionnaires provide indirect information. Because this information is provided by engagement client personnel and not by independent sources, it must be confirmed. B The adaptability of general-purpose internal control questionnaires to different organizational units, personnel, and functional units is one of their strengths. C Internal control questionnaires can be designed so that the engagement client can answer the questions without the internal auditor’s presence. D An internal control questionnaire does not need to address accounting information to ensure integrity. Fact Pattern: Management answered “yes” to every question when filling out an internal control questionnaire and stated that all listed requirements and control activities were part of their procedures. An internal auditor retrieved this questionnaire from management during the preliminary survey visit but did not review the responses with management while on site.
Question: 60 The auditor’s supervisor is writing the performance assessment for the auditor on this preliminary survey assignment. The supervisor cites the need to review management’s responses on the control questionnaire. The auditor should have interviewed management for additional information because the interview technique A.
Provides the opportunity to insert questions to probe promising areas.
B.
Is the most efficient way to upgrade the information to the level of objective evidence.
C.
Is the least costly audit technique when a large amount of information is involved.
D. Is the only audit procedure that does not require confirmation and walk-through of the information obtained. Answer (A) is correct. During face-to-face contact, a skilled interviewer can react to potential problems and expand questioning of more relevant subjects. Thus, the interview allows for cross-examination. Moreover, the interview provides an opportunity to observe body language. B Interviews do not produce objective evidence unless the information corroborates facts already in evidence. C Interviews tend to be more costly in relation to the amount of information generated. They involve more preparation and discussion time than other techniques. D Critical information obtained during an interview must be followed up and confirmed. Question: 61 Which of the following statements indicates the wrong way to use an internal control questionnaire? A.
Clarifying all answers with written remarks and explanations.
B. Filling out the questionnaire during an interview with the person who has responsibility for the area that is being reviewed. C.
Constructing the questionnaire so that a “no” response requires attention.
D.
Supplementing the completed questionnaire with a narrative description or flowchart.
Answer (A) is correct. Only those answers that appear inappropriate should be pursued by asking for clarification or explanation. In this way, problem areas may be pinpointed and either compensating controls identified or extensions to the engagement procedures planned.
B Filling out the questionnaire during an interview with the person who has responsibility for the area that is being reviewed is an appropriate use of an internal control questionnaire. C Constructing the questionnaire so that a “no” response requires attention is an appropriate use of an internal control questionnaire. D Supplementing the completed questionnaire with a narrative description or flowchart is an appropriate use of an internal control questionnaire. Question: 62 An internal auditing manager is conducting the annual meeting with manufacturing division management to discuss proposed engagement plans and activities for the next year. After some discussion about the past year’s activity at 12 plants in the division, the divisional vice president agrees that all significant recommendations made by the internal auditing staff refer to key controls and related operating activities that are correctly described for local management within the volume of standard operating procedures for the division. The vice president proposes to transcribe key control activities from the division’s extensive written procedures to a self-assessment standard operating procedure (SOP) questionnaire. What significance should the internal auditing manager attach to such SOP questionnaires in relation to the proposed engagement schedule for the next year? A. The SOP questionnaires should improve control adequacy, but the internal auditors need to verify that controls are working as documented in the SOP. B. Adding this control should eliminate significant engagement recommendations in the coming year, so the scope of engagement activities can be reduced accordingly. C. Engagement activity can be reduced if the vice president agrees to require the internal audit activity’s approval of all divisional standard operating procedures. D. SOP questionnaires must be mailed and controlled by the internal audit activity to be considered in relation to the proposed engagement schedule. Answer (A) is correct. A specific advantage of an SOP questionnaire is that it may be used by local management to periodically ensure that employee practices remain current with relevant, valid, and up-to-date standard operating procedures. The overall level of control and the control environment improve when follow-up activities are performed to determine that controls are being implemented as intended. B SOP questionnaires have no effect on inherent risk, and the internal auditors have no information that such a control will be effective. C Standard operating procedures, as described, provide directive controls that appear to be adequate. Approval by the internal audit activity does not affect the operation of these controls. D Control of SOP questionnaires by the internal audit activity does not affect the information obtained. Such information must be verified to be considered objective.
Question: 63 An auditor is considering developing a questionnaire to research employee attitudes toward control procedures. Which of the following is a criterion that should not be considered in designing the questionnaire? A.
Questions must be worded to ensure a valid interpretation by the respondents.
B.
Questions must be reliably worded so that they measure what was intended to be measured.
C.
The questionnaire should be short to increase the response rate.
D.
Questions should be worded such that a “No” answer indicates a problem.
Answer (D) is correct. Many types of questions can be used. Questions can be multiple-choice, checklists, fill-in-the-blank, essay, Likert scales, items (options indicating degrees of agreement or disagreement), etc. A The validity and reliability of each question are extremely important. Bias and ambiguity must be avoided. B The validity and reliability of each question are extremely important. Bias and ambiguity must be avoided. C When questionnaires are too long, people tend not to fill them out. Question: 64 The auditor used a questionnaire during interviews to gather information about the nature of claims processing. Unfortunately, the questionnaire did not cover a number of pieces of information offered by the person being interviewed. Consequently, the auditor did not document the potential problems for further audit investigation. The primary deficiency with the process is that A.
The auditor failed to consider the importance of the information offered.
B.
A questionnaire was used in a situation in which a structured interview should have been used.
C.
Questionnaires do not allow for opportunities to document other information.
D.
All of the answers are correct.
Answer (A) is correct. The major problem is that the auditor was too oriented to the questionnaire and failed to give appropriate consideration to the other information offered. Questionnaires are limited, and the auditor needs to be flexible enough to gather other information when it is offered. B A questionnaire’s advantage is that it provides a structured, comprehensive approach to evidence gathering. C Questionnaires are limited, but the problem is with their application, not necessarily with their nature.
D Two of the responses are not appropriate conclusions. Question: 65 A questionnaire consists of a series of questions relating to controls normally required to prevent or detect errors and fraud that may occur for each type of transaction. Which of the following is not an advantage of a questionnaire? A. A questionnaire provides a framework that minimizes the possibility of overlooking aspects of internal control. B.
A questionnaire can be easily completed.
C.
A questionnaire is flexible in design and application.
D. The completed questionnaire provides documentation that the internal auditor became familiar with internal control. Answer (C) is correct. Questionnaires are designed to be inflexible in that the responses to certain questions are expected. Questionnaires are not easily adapted to unique situations. The approach that offers the most flexibility is a narrative memorandum describing internal control. The next most flexible approach is a flowchart. A A questionnaire provides a framework to assure that control concerns are not overlooked. B A questionnaire is relatively easy to complete. For the most part, only yes/no responses are elicited from management and employees. D The completed questionnaire can become part of the workpapers to document the internal auditor’s becoming familiar with the auditee’s activities, risks, and controls. Question: 66 Which of the following is not an advantage of sending an internal control questionnaire prior to an audit engagement? A.
The engagement client can use the questionnaire for self-evaluation prior to the auditor’s visit.
B.
The questionnaire will help the engagement client understand the scope of the engagement.
C. Preparing the questionnaire will help the auditor plan the scope of the engagement and organize the information to be gathered. D. The engagement client will respond only to the questions asked, without volunteering additional information. Answer (D) is correct. An internal control questionnaire consists of a series of questions about the organization’s controls designed to prevent or detect errors or fraud. Answers to the questions help the internal auditor to identify specific controls relevant to specific assertions and to design tests of controls to evaluate the
effectiveness of their design and operation. However, the information obtained is limited to that elicited by the questions asked. A Answering the questionnaire will help the auditee identify areas where procedures are weak or not properly documented. B The questionnaire will communicate the areas that the auditor plans to evaluate. C The auditor can use the preparation of the questionnaire to organize the information to be gathered. Question: 67
Which of the following statements describes an internal control questionnaire? It
A.
Provides detailed evidence regarding the substance of the control system.
B.
Takes less of the engagement client’s time to complete than other control evaluation devices.
C.
Requires that the internal auditor be in attendance to properly administer it.
D.
Provides indirect evidence that might need corroboration.
Answer (D) is correct. An internal control questionnaire consists of a series of questions about the controls designed to prevent or detect errors or irregularities. Answers to the questions help the internal auditor to identify specific internal control policies and procedures relevant to specific assertions and to design tests of controls to evaluate the effectiveness of their design and operation. The questionnaire provides a framework to assure that specific concerns are not overlooked, but it is not a sufficient means of understanding the entire system. Thus, the evidence obtained is indirect and requires corroboration by means of observation, interviews, flowcharting, examination of documents, etc. A Questionnaires usually provide for yes/no responses and therefore provide less detailed evidence than some other procedures. B Questionnaires tend to be lengthy, and their completion is time-consuming. C An auditor need not be present. Question: 68 As part of a payroll engagement, an internal auditor used an internal control questionnaire. Positive responses were given to each of the following questions by the payroll department manager: 1. Is authorization by the personnel department required to make additions to the payroll and to change pay rates? 2. Are check totals reconciled to payroll register data before checks are distributed to employees? 3. Are the functions of preparing the payroll and distributing paychecks performed by different persons?
In which phase of the engagement will the internal auditor confirm these responses? A.
Planning.
B.
Identifying, analyzing, evaluating, and recording.
C.
The survey.
D.
Preliminary preparation.
Answer (B) is correct. During the performance of the engagement, “internal auditors must identify, analyze, evaluate, and document sufficient information to achieve the engagement’s objectives” (Perf. Std. 2300). This process includes confirming compliance with internal controls. An example is validating the responses to the internal control questionnaire. A The internal auditor obtains responses to the internal control questionnaire during the planning phase. These responses will be confirmed during the performance of the engagement. C The planning phase includes the survey, if appropriate. The survey includes becoming familiar with the activity to be reviewed, identifying areas for special emphasis, obtaining information for use in engagement performance, and determining whether further work is necessary. For example, the survey might include seeking answers to the internal control questionnaire. D The planning phase includes the survey (preliminary preparation). Question: 69 In an audit of a shipping department, the internal auditors conducted a survey to become familiar with its operations. The survey included interviewing key personnel using formal questionnaire. The disadvantage of this procedure is that the interviewer A.
Is less likely to record information not specifically addressed in the questionnaire.
B.
Is able to ask clarifying questions.
C.
Is face-to-face with the interviewee.
D.
May ask questions requiring an explanatory response.
Answer (A) is correct. Questionnaires (1) are difficult to prepare, (2) are time-consuming to administer, (3) cannot address all circumstances, and (4) permit interviewees to anticipate preferred responses. Interviews are preferable because they give interviewers greater freedom to pursue promising lines of inquiry. Furthermore, a questionnaire tends to limit the focus of the interviewer. (S)he is less likely to address responses not within the parameters of the questionnaire. B It is an advantage to be able to ask clarifying questions.
C It is an advantage to be face-to-face with the interviewee. D It is an advantage to ask questions requiring an explanatory response. Question: 70 How does the use of an internal control questionnaire assist an internal auditor in planning an engagement? A.
Increases apprehension for the client’s employees.
B.
Provides a complete understanding of unfamiliar and complex operations.
C.
Information is gathered from those most familiar with it.
D.
Decreases the uniformity of data acquisition.
Answer (C) is correct. Internal auditors must develop and document a plan for each engagement, including the engagement’s objectives, scope, timing, and resource allocations. The auditor also prepares an engagement program prior to the beginning of the engagement. This program describes items such as the objectives, what is being examined, and procedures to be performed. Questionnaires provide an efficient method of planning the engagement program. They may be sent to the client prior to the auditor’s visit. The questionnaire may result in a more economical engagement because the information it generates is prepared by those most familiar with it. The auditor still must ask clarifying questions and verify responses. However, only those answers that appear inappropriate should be pursued by asking for clarification or other information. A A questionnaire involves the client’s supervisors and employees in the engagement and thereby minimizes their apprehension about the upcoming audit. B The questionnaire provides a means for ensuring that specific concerns are not overlooked, but it is not sufficient for an understanding of the entire system. Other information must be obtained. D Checklists increase the uniformity of data acquisition. They ensure that a standard approach is taken and minimize the possibility of omitting consideration of factors that can be anticipated. Question: 71 Which of the following is not true about formal questionnaires properly prepared and transmitted in advance? A.
They are less effective than interviewing.
B.
They are an opportunity for engagement client self-evaluation.
C.
They involve the questionnaire recipient in the audit.
D.
All circumstances may be addressed.
Answer (D) is correct.
One of the disadvantages of sending a questionnaire to the engagement client is that all circumstances cannot be addressed. It is important for auditors to follow-up with an interview to clarify information and to address matters not covered by the questionnaire. A Interviewing is a more flexible procedure, and the interviewer also has an opportunity to observe and interact with the interviewee. B Questionnaires properly prepared and transmitted in advance provide an opportunity for engagement client self-evaluation. Employees may be resistant to external evaluation. C Questionnaires involve the engagement client’s supervisors and employees in the engagement and thereby minimize their apprehension and resistance. Question: 72 When conducting interviews during the early stages of an internal auditing engagement, it is more effective to A.
Ask for specific answers that can be quantified.
B.
Ask people about their jobs.
C.
Ask surprise questions about daily procedures.
D.
Take advantage of the fact that fear is an important part of the engagement.
Answer (B) is correct. To improve internal auditor-client cooperation, the internal auditor should, to the extent feasible, humanize the engagement process. For example, individuals feel more important being asked peopletype questions, such as being asked about their jobs, rather than control-type questions. A Later field work will cover information that can be quantified. Building rapport is more important in early interviews. C Unless fraud is suspected or negotiable securities are audited, the more effective approach is to d Answer (D) is incorrect. D Although auditee fear is a natural part of anticipating the engagement, the internal auditor should keep it from playing an important role by using good interpersonal skills to build a positive, participative relationship with the auditee. efuse the auditee anxiety that results from anticipating the engagement. Question: 73 When an internal auditor is interviewing to gain information, (s)he will not be able to remember everything that was said in the interview. The most effective way to record interview information for later use is to A. Write notes quickly, trying to write down everything in detail as it is said; then highlight important points after the meeting.
B. Electronically record the interview to capture everything that everyone says; then type everything said into a computer for documentation. C. Hire a professional secretary to take notes, allowing complete concentration on the interview; then delete unimportant points after the meeting. D. Organize notes around topics on the interview plan and note responses in the appropriate area, reviewing the notes after the meeting to make additions. Answer (D) is correct. Preparing for the interview is crucial. The internal auditor should have learned as much as possible about the engagement client, determined the engagement objectives, and prepared questions. During the interview, the internal auditor should record notes on a split page, which lists the questions on one side and contains space for responses on the other. After the interview, the internal auditor should expand on the notes while the material is still fresh. A Extensive note taking may interfere with communication with the respondent. Maintaining eye contact and observing nonverbal signals is difficult if the interviewer is preoccupied with his or her notes. B Recording might be used for controversial material, but it usually will not elicit positive feelings from the respondent. For most organizational purposes, exact quotes are unnecessary. C Aside from cost, this option is unworkable given the loss of confidentiality and the probable negative reaction from the respondent. Question: 74 As part of an engagement to evaluate safety management programs, an internal auditor interviews the individual responsible for writing, issuing, and maintaining safety procedures. While the internal auditor’s primary interest is to identify the controls ensuring that procedures are kept current, the individual has a tremendous amount of information and seems intent on telling the internal auditor most of it. What might the internal auditor do to guard against missing what is important? A. Write down everything the individual says. If the internal auditor gets behind, ask for a pause and catch up. After the interview, the internal auditor can sift through the notes and be confident of finding the key information. B.
Tape record the interview and later extract the relevant information.
C. Do not sort through extraneous information. Revisit the topic with the individual’s supervisor and obtain any needed information at that time. D.
During the conversation, make an effort to anticipate the approach of a point of critical interest.
Answer (D) is correct.
Anticipation is one approach the internal auditor can use to maintain focus during a far-ranging discussion. It assumes that the internal auditor has done some homework and is prepared to listen intelligently. Active listening permits anticipation because the mind can process information more rapidly than most people speak. Thus, the listener has time to analyze the information and determine what is most important. A The internal auditor will probably miss important points in the effort to write everything down. B Recording the entire interview is inefficient. C This procedure would be a waste of everyone’s time, and the internal auditor still may not obtain the information sought. Question: 75 The auditor conducted an interview with the supervisor. The auditor noted that the supervisor became uncomfortable and nervous, and changed the subject whenever the auditor raised questions about certain types of claims. The supervisor’s answers were consistent with company policies and procedures. When documenting the interview, the auditor should A.
Document the supervisor’s answers noting the nature of the nonverbal communications.
B.
Not document the nonverbal communication because it is subjective and is not corroborated.
C. Conclude that the nonverbal communication is persuasive and that sufficient evidence exists to charge fraud against the group. D.
Ignore the specific answers given in the interview, because they are self-serving.
Answer (A) is correct. Auditors frequently encounter and act upon nonverbal communication. If the nonverbal communication affects the auditor’s perception of the information gathered, it should be documented so that it can be considered as the audit proceeds. B If the nonverbal communication affects the auditor’s perception of the information gathered, it should be documented. C Nonverbal communication, by itself, is not sufficient to reach a conclusion that fraud has occurred. However, along with the allegations made by the employee, it may be sufficient to justify a fraud investigation. D The answers given should be documented. Question: 76 To elicit views on broad organizational risks and objectives from the board and senior management, an internal auditor should A.
List specific risk factors for consideration.
B.
Develop spreadsheets with quantitative data relevant to the industry.
C.
Use a nondirective approach to initiating discussion of mitigating risks.
D.
Ask each member of management about specific risks listed in an industry reference.
Answer (C) is correct. Effective interview planning includes formulating basic questions. An internal auditor may use a directive approach by asking narrowly focused questions. A preferable alternative given the interviewees and the subject matter is a nondirective approach using broad questions that are more likely to provide clarification and yield unexpected observations. A Although such factors may be relevant, they will not necessarily create an opportunity for management to brainstorm. B Facts provide more of a teaching tool than a proper means to start relevant discussion. D Although an industry reference may raise many valid points, it may not address concerns specific to the organization. Question: 77 Tolerating silence, asking open-ended questions, and paraphrasing are three aids to more effective A.
Meetings.
B.
Listening.
C.
Interviews.
D.
Feedback.
Answer (B) is correct. Listening entails decoding and understanding the first message sent. The sender then becomes a listener with respect to the feedback. Thus, listening is necessary at both ends of the communication channel. Other aids to effective listening are using body language to encourage the speaker, showing appropriate emotion to signify empathy, understanding and correcting for one’s biases, avoiding making premature judgments, and briefly summarizing what has been said. A Tolerating silence, asking open-ended questions, and paraphrasing may slow down a meeting. C Tolerating silence, asking open-ended questions, and paraphrasing may or may not help depending on the purpose of the interview. D Only paraphrasing relates to feedback.
Question: 78 Auditors must be effective listeners, especially when asking complex questions. To improve their listening, auditors should take care to do all the following except A.
Stop talking. It is very difficult to listen and talk at the same time.
B.
Be patient. Allow the speaker ample time to respond.
C.
Avoid all questions until the speaker has concluded.
D.
Put the speaker at ease. A nervous speaker will be difficult to understand.
Answer (C) is correct. Questions asked at appropriate times during the interview can indicate that the interviewer is listening attentively. When done correctly, this also allows the interviewer to probe deeper when additional clarification is needed. A Listening tends to be more difficult than talking. Most people prefer to express their own ideas rather than listen. B A good listener does not interrupt and makes smooth transitions between listening and speaking. D Making eye contact and using other appropriate nonverbal cues characteristic of attentive listening will tend to put the speaker at ease and enhance the communication process. Question: 79
Listening effectiveness is best increased by
A.
Resisting both internal and external distractions.
B.
Waiting to review key concepts until the speaker is through talking.
C.
Tuning out messages that do not seem to fit the meeting purpose.
D.
Factoring in biases to evaluate the information being given.
Answer (A) is correct. Concentrating on what the speaker is saying is critical to effective listening. This result is best achieved by resisting internal and external distractions. Physical distractions such as noise, a tendency to be overly aware of the speaker’s physical and other differences from the listener, focusing on interesting details at the expense of major points, or emotional reactions to a statement with which the listener disagrees should be avoided. B Given that a person listens faster than a speaker talks, (s)he can review the key concepts silently without waiting for the speaker to conclude. This process helps the listener remember them better without notes. C Seemingly unrelated information may be important.
D The listener should concentrate on the information while listening. Later, that person can allow for bias on both the listener’s part and the speaker’s part. Question: 80 An internal auditor is interviewing an employee. While listening to the interviewee, the internal auditor should A.
Prepare a response to the interviewee.
B. Take mental notes on the speaker’s nonverbal communication because it is more important than what is being said. C.
Make sure all details, as well as the main ideas of the interviewee, are remembered.
D. Integrate the incoming information from the interviewee with information that is already known. Answer (D) is correct. The mind can process information more rapidly than most people speak. Thus, the listener has time to analyze the information and determine what is most important and how it relates to known information. This process of active listening helps the interviewer maintain focus. A Planning a reply before the speaker has finished may cause the listener to miss an important point or make an unfounded assumption. Thinking about a reply is not listening. B The nonverbal messages are not always more important. C An effective listener tries to remember the important points. Being distracted by interesting details is a mistake because of the danger of missing critical information. Question: 81 A supportive behavior that a listener, such as an auditor or a supervisor, can use to encourage a speaker is to A.
Look away from the speaker to avoid any intimidation.
B.
Interject a similar incident or experience.
C.
Stop other activity or work while the person is talking.
D.
Not respond verbally until the speaker stops talking.
Answer (C) is correct. An effective listener enhances the communication process by sending appropriate nonverbal signals to the speaker. Thus, even though a person can probably listen and do some routine work, a listener who wishes to convey a positive and encouraging message should stop other activities and focus complete attention on the speaker.
A Looking away is discouraging. B Interruptions devalue the speaker and the speaker’s message. D Complete silence may appear disapproving. Question: 82 When evaluating communication, the internal auditor should be aware that nonverbal communication A.
Is independent of a person’s cultural background.
B.
Is often imprecise.
C.
Always conveys a more truthful response than verbal communication.
D.
Always conveys less information than verbal communication.
Answer (B) is correct. Nonverbal communication (body language) consists of facial expressions, vocal intonations, posture, gestures, appearance, and physical distance. Thus, by its nature, nonverbal communication is much less precise than verbal communication. A Nonverbal communication is heavily influenced by culture. For example, a nod of the head may have opposite meanings in different cultures. C Nonverbal communication is not necessarily more truthful than verbal communication. D Nonverbal communication can sometimes convey more information than verbal communication. Question: 83 Internal auditors should be active listeners to gain the most information in an internal audit interview. Which of the following best describes how an active listener behaves in an interview? The listener A.
Judges and evaluates the information as it is presented.
B.
Listens with acceptance, empathy, and intensity.
C.
Avoids looking directly at the speaker and interrupting his or her train of thought.
D.
Formulates arguments and conclusions as pieces of the speaker’s information fit together.
Answer (B) is correct. Active listening involves acceptance of the speaker’s ideas, that is, deferring judgment until the speaker has finished. Empathy is a sensitive awareness of the speaker’s feelings, thoughts, and experience. An empathic listener understands what the speaker wants to communicate rather than what the listener wants to understand. Listening with intensity involves concentrating on the speaker’s message and
disregarding distractions. An active listener also is responsible for completeness. (S)he considers nonverbal and emotional content and asks questions to clarify the communication. A Good listeners are objective, not judgmental. C A good listener makes eye contact. D Formulating arguments and conclusions before the speaker has finished is the antithesis of acceptance. Question: 84 An internal auditor is using an internal control questionnaire as part of a preliminary survey. Which of the following is the best reason for the auditor to interview management regarding the questionnaire responses? A.
Interviews provide the opportunity to insert questions to probe promising areas.
B. Interviews are the most efficient way to upgrade the information to the level of objective evidence. C.
Interviewing is the least costly audit technique when a large amount of information is involved.
D. Interviewing is the only audit procedure that does not require confirmation of the information obtained. Answer (A) is correct. The main purpose of interviews is to gather facts related to the audit engagement. Interviews allow internal auditors to (1) ask questions clarifying initial testimony, (2) deepen their understanding of operations, and (3) to seek reasons for unexpected results and unusual events and circumstances. B Interviews are a time-consuming method of obtaining evidence. C Interviewing is very costly in terms of audit resources used when a large amount of information is involved. The least costly audit method is likely to be a computer-assisted audit technique (CAAT). D Confirming the information obtained from interviewing may be necessary. Question: 85 During an interview with a data input clerk to discuss a computerized system used to track employee training requirements and compliance, an internal auditor identifies a potentially significant weakness in the system. The internal auditor should A.
Not mention the weakness, directly or indirectly, to avoid making the clerk uncomfortable.
B. Ask indirect questions that will help get more factual information relating to the potential weakness. C. Ask the clerk about the weakness and determine immediately whether the observation should be communicated.
D.
Conduct a second interview after determining whether the weakness actually exists.
Answer (B) is correct. Indirect questions may allow the internal auditor to obtain some information without making the clerk feel accused. An interviewee who has been put at ease and does not feel threatened is more likely to be cooperative. A The internal auditor has an obligation to obtain information. The weakness may compromise the security of the company, so the internal auditor should not simply avoid the issue. C The clerk is not likely to provide sufficient information to permit the internal auditor to determine whether the observation should be communicated immediately. D A second interview is probably inefficient. The internal auditor should learn as much as possible from the first interview, speak to others who may have additional information, and return to this clerk only if needed to clarify something specific about his or her duties. Question: 86 During an interview to identify controls over the quality of wastewater discharge, the responsible employee refers only to a department procedure when asked about controls to ensure that samples are collected and analyzed. In the internal auditor’s experience, such operations should maintain a log to record all samples, the types of analyses performed, and whether results should be reported to management or regulatory agencies. For some reason, this employee is reluctant to discuss detailed responsibilities in this area. The best thing for the internal auditor to do in this case is A. Continue the interview and discuss other elements of the employee’s duties, returning periodically to the samples and analytical results. B. Relate what the internal auditor has seen at other facilities and tell the employee that the log is necessary. C. Accept the information as given and record an observation finding that adequate controls are in place. D.
Interview the supervisor of the employee and discuss the auditee’s duties in detail.
Answer (A) is correct. The internal auditor may wish to return to the issue of controls over the samples after the employee has been put at ease. Nonjudgmental questioning, good listening habits, and a cooperative approach may lower the employee’s defenses and elicit the desired information. B The employee need not be lectured about what is in place at another facility. However, at the conclusion of an engagement, including such information about best management practices in the final engagement communication is appropriate.
C If an internal auditor strongly suspects that a control is not in place, accepting the employee’s first, unsupported representation is an insufficient basis for an observation that will ultimately be challenged. D Interviewing the supervisor will not extract additional information from the employee. Question: 87 The current internal auditing engagement to evaluate disbursements activities shows a significant number of errors made during the accounts payable vouchering process that have resulted in lost discounts and an extraordinary number of adjustments and credit memos. Engagement hours are already over budget in this section because of the number of exceptions to be analyzed. Internal auditing staff has had time to observe the operations performed by each of the voucher clerks; sample and analyze transaction documents in the accounts payable, purchasing, and receiving departments; and obtain system statistics on transaction volume, error-correction transactions, and lost-discount summaries. To date, the causes for all types of errors noted during detail testing, observation, and analysis of exceptions have not been fully identified in any of the three departments. The most appropriate course of action for the lead internal auditor to determine the causes of these errors is to A. Question and get the opinions of the accounts payable clerks and those involved in processing these transactions. B. Expand sample sizes for attributes already tested in transactions entered by accounts payable, purchasing, and receiving. C. Concentrate on engagement work program requirements for cash disbursements testing to discover any related information from those tests. D. Describe the transaction-related problems identified to date in a special engagement communication to management without expressing a cause or an internal auditor’s conclusion about the situation. Answer (A) is correct. The methods of gathering feedback include observing, analyzing, and questioning. Questioning (interviewing) the personnel of the engagement clients and others affected within the organization is the method that has not yet been used. B Expanding sample sizes will generate more factual information about error rates in these attributes, but it will not provide feedback. C Cash disbursements testing provides information about transaction processing after the vouchering process has been performed and corrections have been posted to the system. This information will not provide additional feedback. D An engagement communication to management will not generate additional information about the causes of the problem.
Question: 88 As part of the test of the effectiveness of a disaster recovery plan, the auditor plans to interview five employees from each of five different departments (25 employees in all). After the first few interviews, what would be the best way for the auditor to remain attentive during the remaining interviews? A.
Make up completely different questions to stay interested.
B.
Ask the questions in a slightly different format and in a different sequence.
C.
Have the rest of the employees write down their responses.
D.
Interview the remaining employees in groups of four or five.
Answer (B) is correct. An auditor cannot be an effective interviewer unless (s)he is an effective listener. However, effective listening requires remaining attentive. Attentiveness is promoted by use of active listening techniques. For example, changing the wording of the questions and the sequence in which they are asked may eliminate some of the tedium associated with a series of interviews. The auditor may also be able to refine the technique during the process. A The results of the auditor’s test depend on comparing responses to the same questions. C Written responses to questions are often very different from verbal responses. Moreover, the interviewer does not have the option of immediately pursuing a particular answer or observing the demeanor of the employees. D Employees are less likely to be forthcoming in a group, particularly when their responses may be critical of management. Question: 89 Which of the following is most likely appropriate for an auditor conducting a preliminary survey interview? A.
Be aggressive because the interviewee must be made to realize the importance of the topic.
B. Use surprise interviewing as often as possible because an unsettled interviewee is less likely to deliver prepared answers. C.
Avoid being overly critical of the interviewee and his or her organizational unit.
D.
Prepare questions beforehand and always make them broadly focused.
Answer (C) is correct. The internal auditor must gain the confidence of clients by demonstrating self-assurance, persuasiveness, fairness, empathy, and competence.
A The internal auditor must gain the confidence of clients by demonstrating self-assurance, persuasiveness, fairness, empathy, and competence. B Except when surprise is needed (e.g., in a review of cash or a fraud engagement), an appointment should be made well in advance for a specific time and place. D An internal auditor may use a directive approach emphasizing narrowly focused questions. An alternative is a nondirective approach using broad questions that are more likely to provide clarification and to result in unexpected observations. A combination of these approaches is often recommended. Fact Pattern: An internal auditing team has been assigned to review “the customer satisfaction measurement system” that the Industrial Products Division implemented 2 years ago. This system consists of an annual mail survey conducted by the division’s customer service office. A survey is sent to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. The survey is three pages long, and its 30 questions use a mixture of response modes (e.g., some questions are open-ended, some are multiple-choice, and others use a response scale). The customer service office mails the survey in September and tabulates the results for questionnaires returned by October 15. Only one mailing is sent. If the customer does not return the questionnaire, no follow-up is conducted. When the survey was last conducted, 45 of the questionnaires were not returned. Question: 90
Which of the following is not an advantage of face-to-face interviews over mail surveys?
A.
The response rate is typically higher.
B.
Interviewers can increase a respondent’s comprehension of questions.
C.
Survey designers can use a wider variety of types of questions.
D.
They are less expensive because mailing costs are avoided.
Answer (D) is correct. One of the principal advantages of mail surveys is their cost efficiency. Mailing costs are lower than the costs of telephone interviews and still lower than the costs of face-to-face interviews. A Mail surveys often have low response rates. B The interviewer’s ability to interpret responses and rephrase questions increases response quality. C Audiovisual aids, complex sequences, and other varieties of questions are made possible by the interactive nature of interviews. Question: 91 An internal auditor must weigh the cost of an engagement procedure against the persuasiveness of the evidence to be gathered. Observation is one engagement procedure that involves cost-benefit trade-offs. Which of the following statements regarding observation as an engagement technique is (are) true?
1. Observation is limited because individuals may react differently when being observed. 2. When testing financial statement balances, observation is more persuasive for the completeness assertion than it is for the existence assertion. 3. Observation is effective in providing information about how the organization’s processes differ from those specified by written policies. A.
1 only.
B.
2 only.
C.
1 and 3 only.
D.
1, 2, and 3.
Answer (C) is correct. Observation consists of watching the physical activities of the employees in the organization to see how they perform their duties. The internal auditor can determine whether written policies have been put into practice. Observation is limited because employees who know they are being observed may behave differently while being observed. Moreover, observation is more persuasive for the existence or occurrence assertion (whether assets or liabilities exist and whether transactions have occurred) than for the completeness assertion (whether all transactions that should be reported are reported). A Observation also is effective for determining whether written policies have been put into practice. B Observation is more persuasive for the existence assertion than for the completeness assertion. D Observation is more persuasive for the existence assertion than for the completeness assertion. Fact Pattern: An internal auditing team has been assigned to review “the customer satisfaction measurement system” that the Industrial Products Division implemented 2 years ago. This system consists of an annual mail survey conducted by the division’s customer service office. A survey is sent to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. The survey is three pages long, and its 30 questions use a mixture of response modes (e.g., some questions are open-ended, some are multiple-choice, and others use a response scale). The customer service office mails the survey in September and tabulates the results for questionnaires returned by October 15. Only one mailing is sent. If the customer does not return the questionnaire, no follow-up is conducted. When the survey was last conducted, 45 of the questionnaires were not returned. Question: 92 Nonresponse bias is often a concern in conducting mail surveys. The main reason that nonresponse bias can cause difficulties in a sample such as the one taken by the customer service office is that A.
The sample means and standard errors are harder to compute.
B.
Those who did not respond may be systematically different from those who did.
C.
The questionnaire is too short.
D.
Confidence intervals are narrower.
Answer (B) is correct. The sample will not be truly random if respondents as a group differ from nonrespondents. Thus, people may choose not to respond for reasons related to the purpose of the questionnaire. A Formulas are as easy to use with bad data as with good data. C Longer questionnaires increase nonresponse bias. D Nonresponse decreases sample size, so confidence intervals would be wider rather than narrower. Fact Pattern: An internal auditing team has been assigned to review “the customer satisfaction measurement system” that the Industrial Products Division implemented 2 years ago. This system consists of an annual mail survey conducted by the division’s customer service office. A survey is sent to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. The survey is three pages long, and its 30 questions use a mixture of response modes (e.g., some questions are open-ended, some are multiple-choice, and others use a response scale). The customer service office mails the survey in September and tabulates the results for questionnaires returned by October 15. Only one mailing is sent. If the customer does not return the questionnaire, no follow-up is conducted. When the survey was last conducted, 45 of the questionnaires were not returned. Question: 93 Many questionnaires are made up of a series of different questions that use the same response categories (e.g., strongly agree, agree, neither, disagree, strongly disagree). Some designs will have different groups of respondents answer alternative versions of the questionnaire that present the questions in different orders and reverse the orientation of the endpoints of the scale (e.g., agree on the right and disagree on the left or vice versa). The purpose of such questionnaire variations is to A.
Eliminate intentional misrepresentations.
B.
Reduce the effects of pattern response tendencies.
C.
Test whether respondents are reading the questionnaire.
D. Make it possible to get information about more than one population parameter using the same questions. Answer (B) is correct. The sequence and format of questions have many known effects. For example, questions should be in a logical order, and personal questions should be asked last because of the emotions they may evoke. One
method for reducing these effects is to use questionnaire variations that cause these biases to average out across the sample. A Questionnaire variations cannot eliminate intentional misrepresentations. C Questionnaire variations cannot test whether respondents are reading the questionnaire. D Questionnaire variations cannot make it possible to get information about more than one population parameter using the same questions. Fact Pattern: An internal auditing team has been assigned to review “the customer satisfaction measurement system” that the Industrial Products Division implemented 2 years ago. This system consists of an annual mail survey conducted by the division’s customer service office. A survey is sent to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. The survey is three pages long, and its 30 questions use a mixture of response modes (e.g., some questions are open-ended, some are multiple-choice, and others use a response scale). The customer service office mails the survey in September and tabulates the results for questionnaires returned by October 15. Only one mailing is sent. If the customer does not return the questionnaire, no follow-up is conducted. When the survey was last conducted, 45 of the questionnaires were not returned. Question: 94 Several of the internal auditing team members are concerned about the low response rate, the poor quality of the questionnaire design, and the potentially biased wording of some of the questions. They suggest that the customer service office might want to supplement the survey with some unobtrusive data collection such as observing customer interactions in the office or collecting audiotapes of phone conversations with customers. Which of the following is not a potential advantage of unobtrusive data collection compared to surveys or interviews? A.
Interactions with customers can be observed as they occur in their natural setting.
B.
It is easier to make precise measurements of the variables under study.
C.
Unexpected or unusual events are more likely to be observed.
D.
People are less likely to alter their behavior because they are being studied.
Answer (B) is correct. Lack of experimental control and measurement precision are weaknesses of observational research. Another is that some things, such as private behavior, attitudes, feelings, and motives, cannot be observed. A Observing the phenomenon in its natural setting eliminates some aspects of experimental bias. C The possibility of observing unexpected or unusual behavior makes unobtrusive measures useful for exploratory investigations.
D If research subjects are unaware of being studied, they are less likely to do what they think the researcher wants, censor their comments, etc. Question: 95 An internal auditing team developed a preliminary questionnaire with the following response choices: 1. Probably not a problem 2. Possibly a problem 3. Probably a problem The questionnaire illustrates the use of A.
Trend analysis.
B.
Ratio analysis.
C.
Unobtrusive measures or observations.
D.
Rating scales.
Answer (D) is correct. A rating scale may be used when a range of opinions is expected. The scale represents a continuum of responses. In this case, it reflects probability statements. A Trend analysis extrapolates past and current conditions. B Ratio analysis considers the internal relationships of financial data. C Use of rating scales requires the participant to participate actively. Thus, it is not unobtrusive. Question: 96 Which of the following procedures is the least effective in gathering information about the nature of the processing and potential problems? A. Interview supervisors in the claims department to find out more about the procedures used, and the rationale for the procedures, and obtain their observations about the nature and efficiency of processing. B. Send an email message to all clerical personnel detailing the alleged problems and request them to respond. C. Interview selected clerical employees in the claims department to find out more about the procedures used, and the rationale for the procedures, and obtain their observations about the nature and efficiency of processing. D. Distribute a questionnaire to gain a greater understanding of the responsibilities for claims processing and the control procedures utilized.
Answer (B) is correct. Sending an email message to clerical staff is the least effective communication and informationgathering method. It is impersonal and alleges inefficiencies before evidence has indicated that the problems are caused by inefficiencies in processing. This impersonal method might have been useful if the auditor wished to solicit open responses, but not enough guidance is given to encourage that kind of response. A Interviewing supervisors and employees is a good method of learning more about the nature of processing and soliciting input as to the potential causes of the problems being investigated. These individuals are intimately involved with the processing of transactions. C Interviewing supervisors and employees is a good method of learning more about the nature of processing and soliciting input as to the potential causes of the problems being investigated. These individuals are intimately involved with the processing of transactions. D Using a questionnaire is a procedure that is not as effective as interviewing individuals, but it is an efficient method of gathering preliminary information that would be useful in structuring the interviews. Question: 97 The annual physical inventory of the main warehouse was recorded by existing surveillance cameras. The cameras were unobtrusive and the employees had long forgotten of their existence. Unable to attend the actual physical inventory, the audit manager observed the video footage. What advantage did the auditor gain by observing the recorded video inventory over observing in person? A.
The recorded version is more persuasive for the occurrence assertion.
B.
The auditor can determine whether written policies have been implemented.
C.
Employee behavior was not influenced by observation.
D.
Private behavior, feelings, and motives can be better observed using the recorded version.
Answer (C) is correct. Observation is looking at a process or procedure being performed. Through observation, an auditor can determine whether written policies have been implemented and is most persuasive for the existence or occurrence assertion. Observation as a data-gathering method is limited because employees who know they are being observed may behave differently while being observed. Accordingly, unobtrusive measures may be preferable. Another limitation of observation is the lack of experimental control and measurement precision; however, observing a phenomenon in its natural setting eliminates some experimental bias. A Observation is most persuasive for the existence or occurrence assertion, whether witnessed live or on video footage.
B By watching the physical activities of employees to see how they perform their duties, the auditor can determine whether written policies have been implemented. The auditor can determine this with both methods (live or recorded) of observing physical inventory. D Observing inventory in its natural setting eliminates some experimental bias. However, some things, such as private behavior, attitudes, feelings, and motives, cannot be observed, whether witnessed live or on video footage. Question: 98 An organization has continual large shortages at the cash registers despite having procedures in place. A local accounting firm was retained to audit the organization’s control procedures over cash. Several types of audit procedures were used during the engagement. Which of the following is the best example of the data-gathering method of observation? A. Upon examination of cash register tapes, the auditor discovered cash drawers were opened several times during employee shifts with no corresponding sales. B. The auditor spoke with several employees, including the store manager, about the steps they follow when voiding a sales transaction. C.
Reconciliations of cash deposits with sales records were performed by the auditor.
D. The auditor watched one of the morning shift employees pay the delivery driver out of the cash register. Answer (D) is correct. Watching the physical activities of employees to see how they perform their duties is called observation. By watching, the auditor can determine whether written policies have been implemented. There is also the possibility of observing unexpected or unusual behavior that may be useful in exploratory investigations. A Inspection is the examination of documents or records. B Seeking information from employees of the organization is the inquiry data-gathering method. C Evaluation of financial information, including reconciliations, is an analytical procedure. Question: 99
Which of the following is not a limitation of observation?
A.
It has a slow response time.
B.
It lacks measurement precision.
C.
It is less persuasive for the completeness assertion.
D.
Certain attributes cannot be observed.
Answer (A) is correct.
Slow response time is a limitation of mail questionnaires. Mail questionnaires are relatively inexpensive, eliminate interviewer bias, and gather large amounts of data. However, they tend to be inflexible, have slow response times, and have nonresponse bias. The limitations of observation include (1) some things cannot be observed, such as private behavior, attitudes, and motives; (2) gathered data are less persuasive for the completeness assertion than for the existence or occurrence assertion; and (3) gathered data lack measurement precision. B Lack of measurement precision is a limitation of observation. C Observation is less persuasive for the completeness assertion than for the existence or occurrence assertion. D A limitation of observation is that some things, such as private behavior, attitudes, feelings, and motives, cannot be observed. Question: 100 The dean at a prestigious private performing arts college was reading about the 20 amazing students graduating with honors in the spring. The dean wants to gather the following information from the students’ families: • •
Why did the students choose this college? How did the students go through the decision-making process?
What method would the college’s audit manager most likely suggest for gathering this information? A.
Sending a questionnaire to the students’ families.
B.
Interviewing the students’ families via telephone.
C.
Having the students complete a rating scale survey.
D.
Observing the activities of the students.
Answer (B) is correct. Telephone interviews are a flexible means of obtaining data rapidly and controlling the sample size. Though more costly than a mail survey, the primary purpose of the interview is not to gather data, but to ascertain the choices the students and their respective families made. Additionally, the small sample of students is predefined, not random. A Questionnaires are used for gathering large amounts of data and eliminating interviewer bias. Due to the small sample size and the nature of the questions, a questionnaire is not the best choice. Questionnaires are designed for random samples and gathering large amounts of data. C A rating scale is designed to allow people to rate things such as service or performance. A rating scale would not achieve the desired results. D Observation of the students’ activities would not gather the desired information.
PART 2 UNIT 7
1.The variability of a population, as measured by the standard deviation, is the
A.Extent to which the individual values of the items in the population are spread about the mean. B.Degree of asymmetry of a distribution. C.Tendency of the means of large samples (at least 30 items) to be normally distributed. D.Measure of the closeness of a sample estimate to a corresponding population characteristic.
Answer (A) is correct. The standard deviation measures the degree of dispersion of items in a population about its mean
B.The dispersion of items in a population is not a function of the degree of asymmetry of the distribution. For example, a distribution may be skewed (positively or negatively) with a large or small standard deviation. C.The central limit theorem states that the distribution of sample means for large samples should be normally distributed even if the underlying population is not. D.Precision is the interval about the sample statistic within which the true value is expected to fall.
2.When sampling methods are used, the concept of sufficiency of information means that the samples selected provide
A.Reasonable assurance that they are representative of the sampled population. B.The best information that is reasonably obtainable. C.Reasonable assurance that the information has a logical relationship to the engagement objective. D.Absolute assurance that a sample is representative of the population.
Answer (A) is correct. Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor (Inter. Std. 2310). If properly designed and executed, a statistical sample is representative of the sampled population.
B.The best information reasonably obtainable is reliable information. C.The logical relationship indicates relevance. D.Cost-benefit considerations usually preclude absolute assurance.
3.The measure of variability of a statistical sample that serves as an estimate of the population variability is the
A.Basic precision. B.Range. C.Standard deviation. D.Confidence interval.
Answer (C) is correct. The standard deviation is a measure of variability. If the sample is representative, its standard deviation will approximate that of the population.
A.Basic precision is the range around the sample statistic that is expected to contain the true population parameter. B.The range is the difference between the largest and smallest values in a sample. It is a crude measure of variability but is not used to estimate population variability. D.Confidence interval is a synonym for precision. It is the range around a sample statistic that is expected to contain the true population parameter.
4.The measure of variability most useful in variables sampling is the A.Median. B.Range. C.Standard deviation. D.Mean.
Answer (C) is correct. The standard deviation is a mathematical measure of the variability of items in a population about its mean.
A.The median (the value at the 50th percentile) measures central tendency, not variability. B.The range (difference between the largest and smallest values) has far less significance than the standard deviation. D.The mean (arithmetic average) measures central tendency, not variability.
5.In sampling applications, the standard deviation represents a measure of the
A.Expected error rate.
B.Level of confidence desired. C.Degree of data variability. D.Extent of precision achieved.
Answer (C) is correct. The standard deviation measures the variability within a population
A.The expected error rate is associated with attribute sampling. B.The desired confidence level is determined by the internal auditor’s judgment. D.The extent of precision achieved in variables sampling is computed using the standard deviation.
6.In a sampling application, the group of items about which the auditor wants to estimate some characteristic is called the
A.Population. B.Attribute of interest. C.Sample. D.Sampling unit.
Answer (A) is correct. The population is the group of items about which an auditor wishes to draw conclusions
B.The attribute of interest is the characteristic of the population the auditor wants to estimate. C.The sample is a subset of the population used to estimate the characteristic. D.A sampling unit is the item that is actually selected for examination. It is a subset of the population.
7.A specified range is based on an estimate of a population characteristic calculated from a random sample. The probability that the range contains the true population value is the
A.Error rate. B.Lower precision limit. C.Confidence level. D.Standard error of the mean.
Answer (C) is correct.
In principle, given repeated sampling and a normally distributed population, the confidence level is the percentage of all the precision intervals that may be constructed from simple random samples that will include the population value. In practice, the confidence level is regarded as the probability that a precision interval calculated from a simple random sample drawn from a normally distributed population will contain the population value.
A.The error rate in an attribute sampling application is the proportion of incorrect items in a population B.The lower precision limit is the lower bound of the interval constructed from the sample result at a specified confidence level. D.The standard error of the mean is the standard deviation of the distribution of sample means
8.A 90% confidence interval for the mean of a population based on the information in a sample always implies that there is a 90% chance that the
A.Estimate is equal to the true population mean. B.True population mean is no larger than the largest endpoint of the interval. C.Standard deviation will not be any greater than 10% of the population mean. D.True population mean lies within the specified confidence interval.
Answer (D) is correct. The confidence interval, e.g., 90%, is specified by the auditor. A confidence interval based on the specified confidence level, also called precision, is the range around a sample value that is expected to contain the true population value. In this situation, if the population is normally distributed and repeated simple random samples are taken, the probability is that 90% of the confidence intervals constructed around the sample results will contain the population value.
A.Computation of a confidence interval permits the probability that the interval contains the population value to be quantified. B.Two-sided confidence intervals are more common. The area in each tail of a two-sided 90% level is 5%. C.The confidence interval is based on the standard deviation, but it has no bearing on the size of the standard deviation.
9.The degree to which the auditor is justified in believing that the estimate based on a random sample will fall within a specified range is called
A.Sampling risk. B.Non-sampling risk. C.Confidence level.
D.Precision.
Answer (C) is correct. The confidence level is the percentage of times that one would expect the sample to adequately represent the population. Thus, a confidence level of 90% should result in samples that adequately represent the population 90% of the time. In other words, given repeated random sampling from a normally distributed population, 90% of the confidence intervals that may be constructed from simple random samples will contain the population mean.
A.Sampling risk is the complement of the confidence level. B.Non-sampling risk is the risk of improperly auditing the sampled items. It cannot be quantified. D.Precision is the confidence interval.
10.The standard error of a sample reflects
A.The projected population error based on errors in the sample. B.The average rate of error in the sample. C.The degree of variation in sample items. D.The error in the population that the auditor can accept.
Answer (C) is correct. The standard error of the sample enables the auditor to assess the precision (confidence interval) used to describe the population. The greater the standard error, the higher the precision the auditor must use.
A.The standard error of the sample cannot be used to project the error rate in the population. B.The standard error of the sample does not calculate the average error rate in the sample. D.The error in the population that the auditor can accept, i.e., the tolerable error rate, is a matter of auditor judgment.
11.One standard deviation corresponds to what approximate percentage of the area under a bell curve?
A.34% B.68%
C.90% D.95.5%
Answer (B) is correct. A person selecting an item at random from a normally distributed population (one with a bell curve) can be 68% confident that the value of the item is within 1.0 standard deviation of the mean. Thus, that area under the curve corresponds to the 68% confidence level.
A.One standard deviation corresponds to approximately 68% of the area under a bell curve. C.A 90% confidence level has a confidence coefficient of 1.64 standard deviations. D.A 95.5% confidence level has a confidence coefficient of 2.0 standard deviations.
12.Which of the following methods of data collection would be most appropriate to identify hypotheses that can be tested on a larger scale?
A.Case study. B.Sampling. C.Evaluation synthesis. D.Modeling.
Answer (A) is correct. Case study is a data collection method that identifies hypotheses that can be tested on a larger scale.
B.Sampling involves selecting representative items from a population, examining those selected items, and drawing a conclusion about the population based on the results derived from the examination of the selected items. C.Evaluation synthesis is a systematic procedure for organizing observations and results from separate engagements. A single evaluation then is made for all included engagements. D.Modeling collects data to simulate an existing fact, occurrence, or circumstance for further study.
13.Which of the following techniques could be used to estimate the standard deviation for a sampling plan?
A.Difference estimation. B.Pilot sample. C.Regression. D.Discovery sampling.
Answer (B) is correct. Auditors may use the standard deviation of a pilot sample to estimate the standard deviation of a population.
A. Difference estimation is a type of variables sampling plan that calculates the mean difference between audit and recorded amounts in the sample and then multiplies by the number of items in the population. It is not a technique for estimating the standard deviation. C.Auditors use regression (an extension of correlation analysis) to project balances of accounts or other populations. D.Discovery sampling is a type of attribute sampling plan used for detection of critical deviations. Attribute sampling applies to binary (yes/no or error/nonerror) propositions.
14.If an internal auditor is sampling to test compliance with a particular company policy, which of the following factors should not affect the allowable level of sampling risk?
A.The experience and knowledge of the auditor. B.The adverse consequences of noncompliance. C.The acceptable level of risk of making an incorrect audit conclusion. D.The cost of performing auditing procedures on sample selections.
Answer (A) is correct. Sampling risk is the possibility that engagement conclusions based on a sample may differ from those reached if the test were applied to all items in the population. The experience and knowledge of the auditor are elements of nonsampling risk.
B.As the adverse consequences of noncompliance increase, the allowable level of sampling risk tends to decrease. C.The acceptable level of sampling risk is one element of the acceptable level of risk of drawing an incorrect audit conclusion. The other element is nonsampling risk. D.The cost of performing procedures on sample selections is weighed against the benefit of minimizing the chance of making an incorrect decision.
15.In preparing a sampling plan for an inventory pricing test, which of the following describes an advantage of statistical sampling over nonstatistical sampling?
A.Requires nonquantitative expression of sample results. B.Provides a quantitative measure of sampling risk. C.Minimizes nonsampling risk. D.Reduces the level of tolerable error.
Answer (B) is correct. Statistical and nonstatistical sampling are both used to project the characteristics of a population. However, statistical sampling permits the internal auditor to make a quantitative assessment of how closely the sample represents the population for a given level of reliability.
A.Statistical sampling provides quantified results. C.Nonsampling risk exists in both statistical and nonstatistical sampling. D.Tolerable error is related to materiality and auditor judgment.
16.An auditor tested a population by examining 60 items selected judgmentally and found one error. The main limitation of the auditor’s sample is the inability to
A.Quantify sampling risk. B.Quantify the acceptable error rate. C.Project the population’s error rate. D.Determine whether the sample is random.
Answer (A) is correct. The limitation of all nonstatistical sampling techniques is the auditor’s inability to quantify sampling risk. Based on past experience and intuition, the auditor may conclude that the sampling risk is acceptable, but the auditor is not able to quantify this risk.
B.The auditor could quantify the acceptable error rate independently of the sample design. C.The auditor can project an error rate of 1/60, or .0167. The problem is that the auditor cannot quantify the risk that the rate in the sample is significantly different from the rate in the population. D.A mathematician may be able to determine whether the auditor’s selections are random, although it is unlikely that they are. If the sample is representative, it does not matter whether it is random.
17.An important difference between a statistical and a judgmental sample is that with a statistical sample,
A.No judgment is required because everything is computed according to a formula. B.A smaller sample can be used. C.More accurate results are obtained. D.Population estimates with measurable reliability can be made.
Answer (D) is correct. The principal benefit of statistical sampling is that it permits the auditor to make a quantitative assessment of how closely the sample represents the population for a given level of reliability, i.e., how unbiased the sample is.
A.Judgment is needed to determine confidence levels and sample unit definition B.A statistical sample may result in either a smaller or larger sample. C.Either method may produce greater accuracy.
18.Statistical sampling is appropriate to estimate the value of an auto dealer’s 3,000 line-item inventory because statistical sampling is
A.Reliable and objective. B.Thorough and complete. C.Thorough and accurate. D.Complete and precise.
Answer (A) is correct. The results of statistical (probability) sampling are objective and subject to the laws of probability. Thus, sampling risk can be quantified and controlled at a specified level of confidence (reliability). Sampling risk is the risk that the sample selected does not represent the population.
B.By definition, a sample is not complete or thorough. C.By definition, a sample is not thorough. Also, it cannot be considered accurate because of the existence of sampling risk. D.By definition, a sample is not complete.
19.To project the frequency of shipments to wrong addresses, an internal auditor chose a random sample from the busiest month of each of the four quarters of the most recent year. What underlying concept of statistical sampling did the auditor violate?
A.Attempting to project a rate of occurrence rather than an error rate. B.Failing to give each item in the population an equal chance of selection. C.Failing to adequately describe the population. D.Using multistage sampling in conjunction with attributes.
Answer (B) is correct. A random sample is one in which every item in the population has an equal and nonzero chance of being selected for the sample. Here, the auditor deliberately excluded shipments from the slower months.
A.Randomness is not associated with a rate of occurrence (often referred to as an error rate). C.The population is adequately described as the four quarters of the most recent year. D.Multistage sampling is appropriate when homogeneous subpopulations can be identified and sampled from; sample items are then selected from the randomly selected subpopulations.
20.A distinguishing characteristic of random number sample selection is that each
A.Item is selected from a stratum having minimum variability. B.Item’s chance for selection is proportional to its dollar value. C.Item in the population has an equal chance of being selected. D.Stratum in the population has an equal number of items selected. Answer (C) is correct. A random sample is one in which every item in the population has an equal and nonzero chance of being selected.
A.Stratifying the population does not ensure random selection. B.Deliberately biasing the sample makes random selection impossible. D.Stratifying the population does not ensure random selection.
21.Using random numbers to select a sample
A.Is required for a variables sampling plan. B.Is likely to result in an unbiased sample. C.Results in a representative sample. D.Allows auditors to use smaller samples.
Answer (B) is correct. The principal issue in statistical sampling is selecting a sample that is representative of the population, i.e., unbiased. This can be achieved by ensuring the sample is drawn randomly.
A.Although random-number sampling may be used for a variables sampling plan, it is not required. Systematic selection is also acceptable unless the population is not randomly organized. C.The use of random numbers does not always result in a representative sample. Statistical methods allow auditors to estimate the probability that a random sample is not representative. D.The use of random numbers does not affect sample size.
22.Which one of the following statements about sampling is true?
A.A larger sample is always more representative of the underlying population than a smaller sample. B.For very large populations, the absolute size of the sample has more impact on the precision of its results than does its size relative to its population. C.For a given sample size, a simple random sample always produces the most representative sample. D.The limitations of an incomplete sample frame can almost always be overcome by careful sampling techniques.
Answer (B) is correct. When the size of the population is very large, the absolute size of the sample may vary considerably even though its size relative to the population does not.
A.A large sample selected in a biased way is often less representative than a smaller but more carefully selected sample. C.Simple random sampling does not eliminate sampling risk. Proper execution of a simple random sample increases the probability of drawing a representative sample. D.Items excluded from the sampling frame cannot be included by an appropriate sampling technique.
23.Random numbers can be used to select a sample only when each item in the population
A.Can be assigned to a specific stratum. B.Is independent of outside influence. C.Can be identified with a unique number. D.Is expected to be within plus or minus three standard deviations of the population mean
Answer (C) is correct. A random sample is one in which every item in the population has an equal and nonzero chance of being selected and that selection is not influenced by whether any other item is selected.
A.Random-number sampling applies to both simple and stratified sampling. B.No such requirement exists. D.By definition, there are a few population items outside plus or minus three standard deviations from the population mean.
24.Systematic selection can be expected to produce a representative sample when
A.Random number tables are used to determine the items included in the sample. B.The population is arranged randomly with respect to the audit objective. C.The sample is determined using multiple random starts and includes more items than required. D.Judgmental sampling is used by the auditor to offset any sampling bias.
Answer (B) is correct. A sample selected using a systematic sampling procedure and a random start will behave as if it were a random sample when the population is randomly ordered with respect to the audit objective. Sampling bias due to systematic selection will be small when the population items are not arranged in a pattern.
A.Systematic selection is random only with respect to the start. C.The number of items in a sample is not relevant to the procedures used to select the specific items in the sample. The use of multiple random starts might increase the chance that a sample will behave randomly, but only if the population is arranged randomly. D.Judgmental sampling will not increase the randomness of a sample but will introduce sampling bias into the sample.
25.As part of an internal audit, a benchmark must be established for the defect rate for an innovative new production process. The auditor can either use a large sample that is already available from other production processes in the same plant or draw a fresh sample from the new process. However, a fresh sample would be expensive, time consuming, and much smaller in size. Which one of the following is the best course of action for the auditor?
A.The auditor should accept this large historical sample because analyses based on it will have high statistical power. B.The auditor should draw a fresh sample and combine it with the old sample. C.The auditor should accept the historical sample but use nonparametric statistics to analyze it.
D.The auditor should first determine how similar the new process is to the old process before deciding what to do.
Answer (D) is correct. If the old and new processes are not substantially similar, the existing sample will not be representative.
A.High statistical power based on an inappropriate sample will only provide a very precise wrong answer. B.A fresh sample may not be cost effective if the old sample is representative of the new process. C.Nonparametric statistics is applied to problems for which specific distributions are not known.
26.An auditor was presented with a population of 1,253 invoices for the period under audit. The auditor selected every 60th invoice for testing. This is an example of
A.Stop-or-go sampling. B.Cluster sampling. C.Interval sampling. D.Probability sampling.
Answer (C) is correct. Interval sampling selects every nth item after a random start. The value of n equals the population divided by the number of sampling units. The random start should be in the first interval. Because the sampling method requires only counting in the population, no correspondence between random numbers and sampled items is necessary. An interval sampling plan assumes the items are arranged randomly.
A.Stop-or-go sampling is a form of attribute sampling that does not use a fixed sample size. Its objective is to reduce the sample size when the error rate is low. B.Cluster sampling randomly selects groups of items as the sampling units. D.Probability sampling is random sampling. 27.Which of the following is(are) true when using cluster sampling? 1.
Sampling units are groups of items.
2.
Sample items within clusters need not be assigned random numbers.
3.
The auditor selects every nth item after a random start.
4.
The auditor uses cluster sampling when random sampling is not cost-effective.
A.1 only.
B.1 and 2 only. C.1, 2, and 4 only. D.1, 2, 3, and 4.
Answer (C) is correct. Cluster sampling is a sample selection method. Groups of items are randomly selected as the sampling units. For example, these groups (clusters) may consist of file drawers. From this sample, another sample may include all or some of the documents in the drawers. An advantage of cluster sampling is that individual items need not be assigned random numbers. Instead, clusters are randomly selected. Moreover, cluster sampling may be more cost-effective than random sampling.
A.Cluster sampling has more stated characteristics than simply the formation of sampling units as groups (clusters) of items. B.An auditor also uses cluster sampling when random sampling is not cost effective. D.Systematic (interval) sampling selects every nth item after a random start.
28.Fact Pattern: Using mean-per-unit sampling to estimate the value of inventory, an internal auditor had the following results:
Projected inventory value Confidence level
US $3,000,000 95%
Confidence interval
$2,800,000 to $3,200,000
Standard error
$100,000
Z-value (approximate)
2.0
Precision
$200,000
The recorded value of inventory was US $3,075,000.
Q:If the internal auditor had used nonstatistical sampling instead of statistical sampling, which of the following would be true?
A.The confidence level could not be quantified. B.The precision would be larger. C.The projected value of inventory would be less reliable. D.The risk of incorrect acceptance would be higher.
Answer (A) is correct.
One advantage of statistical sampling is that it allows the auditor to quantify sampling risk and the confidence level. An auditor should never attempt to quantify the sampling risk or confidence level of a nonstatistically drawn sample.
B.Unless the auditor uses statistical sampling, (s)he cannot quantify precision. C.Nonstatistical sampling does not always result in less reliable estimates. However, reliability cannot be quantified. D.The risk of incorrect acceptance is not quantified in nonstatistical sampling.
29.An auditor is designing a sampling plan to test the accuracy of daily production reports over the past 3 years. All of the reports contain the same information except that Friday reports also contain weekly totals and are prepared by managers rather than by supervisors. Production normally peaks near the end of a month. If the auditor wants to select two reports per month using an interval sampling plan, which of the following techniques reduces the likelihood of bias in the sample?
A.Estimating the error rate in the population. B.Using multiple random starts. C.Increasing the confidence level. D.Increasing the precision.
Answer (B) is correct. Systematic (interval) sampling involves choosing a random start and then selecting subsequent items at fixed intervals. However, if the population is not random, for example, because it exhibits cyclical variation, the results will be biased. This bias may be overcome by taking repeated systematic samples, each with a random start. In effect, each possible systematic sample in the population is a cluster. Thus, the repeated systematic samples, each with a random start, constitute a random sample of clusters.
A.Estimating the deviation rate in the population has no effect on bias. Bias is related to the selection method. C.Increasing the confidence level has no effect on bias. D.Increasing the precision has no effect on bias.
30.The most appropriate methodology for drawing a sample from 3,000 time cards to check for signatures would be
A.Interval sampling. B.Cluster sampling. C.Stratified sampling.
D.Variables sampling.
Answer (A) is correct. Systematic (interval) sampling is accomplished by selecting a random start and taking every nth item in the population, if n is the sampling interval, computed by dividing the population by the size of the sample. The random start should be within the first interval. A systematic sampling plan assumes the items are arranged randomly in the population. If the auditor discovers that this is not true, a random selection method should be used. The population of time cards may be in random order.
B.The time cards are not arranged in clusters (blocks). C.The time cards are not arranged in strata or subpopulations. D.The purpose of the sample is to estimate the rate at which a control (presumably supervisors’ signatures) has been applied, not the value of the population.
31.An internal auditor uses a number of techniques to select samples. A frequently, and appropriately, used technique is random selection. In which of the following situations would random selection be least justified? The auditor needs to
A.Test sales transactions to determine that they were properly authorized and are supported by shipping documents. B.Confirm accounts receivable and has already selected the 10 largest accounts for confirmation. The remaining accounts are not numbered. The auditor only has a computer listing of the accounts in alphabetical order approximately 250 pages long with 50 account balances on every page. C.Obtain evidence on the proper sales cut-off by sampling items from the monthly sales journal to determine if the items were recorded in the correct time period. D.Test the perpetual inventory records to ensure that the sample covers the largest monetary value items in the account.
Answer (C) is correct. Random selection is the least justified for a sales cutoff test because the auditor is concerned that the monthly sales journal has been held open to record the next month’s sales. The auditor should select transactions from the latter part of the month and examine supporting evidence to determine whether they were recorded in the proper period.
A.Interval (systematic) sampling may be better than random sampling for testing controls over sales. A random sample might not result in testing items from throughout the year. However, interval sampling begins with a random start and is based on the assumption that items are arranged randomly in the population. If this assumption is unsound, random selection should be used. B.Confirming receivables is appropriate for use of random selection. Individual account balances could be selected by using probability-proportional-to-size (monetary-unit) sampling or by randomly choosing a page number and then selecting an account item (1-50) on each page. D.The auditor can audit the largest monetary-value items and then randomly sample small items.
32.An auditor is conducting a survey of perceptions and beliefs of employees concerning an organization health care plan. The best approach to selecting a sample is to
A.Focus on people who are likely to respond so that a larger sample can be obtained. B.Focus on managers and supervisors because they can also reflect the opinions of the people in their departments. C.Use stratified sampling where the strata are defined by marital and family status, age, and salaried/hourly status. D.Use monetary-unit sampling according to employee salaries.
Answer (C) is correct. Stratified sampling divides a population into subpopulations, thereby permitting the application of different techniques to each stratum. This approach reduces the effect of high variability if the strata are selected so that variability among the strata is greater than variability within each stratum. For example, one expects to find greater similarities among married people than between married people and unmarried people. A.This convenience sample is likely to emphasize people with the time to respond at the expense of employees who are too busy with company work to respond. B.Managers and supervisors often do not have the same needs and perceptions as their subordinates and also often misperceive the views of employees. C.The survey tests perceptions and beliefs, not monetary amounts.
33.A bank’s internal auditor wishes to determine whether all loans are supported by sufficient collateral, properly aged regarding current payments, and accurately categorized as current or noncurrent. The best audit procedure to accomplish these objectives would be to
A.Use generalized audit software to read the total loan file, age the file by last payment due, and extract a statistical sample stratified by the current and aged population. Examine each loan selected for proper collateralization and aging. B.Select a block sample of all loans in excess of a specified monetary limit and determine if they are current and properly categorized. For each loan approved, verify aging and categorization. C.Select a discovery sample of all loan applications to determine whether each application contains a statement of collateral. D.Select a sample of payments made on the loan portfolio and trace them to loans to see if the payments are properly applied. For each loan identified, examine the loan application to determine that the loan has proper collateralization.
Answer (A) is correct. In some cases, stratifying the population is done to reduce the effect of high variability by dividing the population into subpopulations. Reducing the variance within each subpopulation allows the auditor to sample a smaller number of items while holding precision and confidence level constant. This
procedure is the most appropriate in this situation because it takes a sample from the total loan file and tests to determine that each sampling unit is properly categorized as well as properly collateralized and aged.
B.Block sampling (cluster sampling) randomly selects groups of items as the sampling units. For this plan to be effective, variability within the blocks should be greater than variability among them. If blocks of homogeneous samples are selected, the sample will be biased. Furthermore, this sample only consists of large loan amounts and does not test for proper collateralization. C.Discovery sampling is a form of attribute sampling used to identify critical deviations in a population. The occurrence rate is assumed to be at or near 0%, and the method cannot be used to evaluate results statistically if deviations are found in the sample. Hence, discovery sampling is used for tests of controls, but it is appropriate only when one deviation is critical. Moreover, this procedure is inefficient because it samples from loan applications, not loans approved.
D.This procedure is ineffective. It is based only on loans for which payments are currently being made. It does not include loans that should have been categorized differently because payments are not being made. It also does not address whether the loans are properly classified as current or noncurrent.
34.The supervisor of claims processing for a health insurance firm selects all claims processed in the past 2 days by a particular employee for audit. From this sample, the supervisor can develop
A.An overall representative view of employee work for the year. B.A quantification of sampling error. C.Conclusions about the correctness of processing for the department. D.An understanding of the details contained in the processing task.
Answer (D) is correct. The auditor has used judgment sampling, not statistical sampling. Thus, (s)he cannot quantitatively assess precision and confidence level and therefore is precluded from drawing valid statistical inferences about the population. However, this sample should assist the auditor in obtaining a preliminary understanding of the system and in determining whether a statistical sample will be needed.
A.The sample is not representative of the employee’s work for the whole year. B.The sample is a judgment, not a statistical, sample. C.Conclusions about the whole department cannot be drawn from a sample of one employee’s work.
35.If all other sample size planning factors were exactly the same in attribute sampling, changing the confidence level from 95% to 90% and changing the desired precision from 2% to 5% would result in a revised sample size that would be
A.Larger. B.Smaller. C.Unchanged. D.Indeterminate.
Answer (B) is correct. In an attribute test, the confidence level is directly related, and the precision is inversely related, to sample size. Thus, if the confidence level is reduced and precision is widened, sample size will be smaller.
A.Increasing the confidence level while narrowing the precision interval would result in a larger sample size. C.Decreasing the confidence level while widening the precision interval would allow the sample size to be decreased. D.The revised sample size is determinable.
36.When planning an attribute sampling application, the difference between the expected error rate and the maximum tolerable error rate is the planned
A.Precision. B.Reliability. C.Dispersion. D.Skewness.
Answer (A) is correct. The precision of an attribute sample (also called the confidence interval or allowance for sampling risk) is an interval around the sample statistic that the auditor expects to contain the true value of the population. In attribute sampling (used for tests of controls), the achieved precision is the difference between the sample deviation rate and the achieved upper deviation limit (customarily determined from a standard table given the sample deviation rate and the sample size). B.Reliability is the confidence level. It is the percentage of times that repeated samples will be representative of the population from which they are taken. C.Dispersion is the degree of variation in a set of values. D.Skewness is the lack of symmetry in a frequency distribution.
37.In evaluating an attribute sample, the range within which the estimate of the population characteristic is expected to fall is called
A.Confidence level. B.Precision. C.Upper error limit. D.Expected error rate.
Answer (B) is correct. The precision of an attribute sample (also called the confidence interval or allowance for sampling risk) is an interval around the sample statistic that the auditor expects to contain the true value of the population. In attribute sampling (used in tests of controls), precision is determined by subtracting the expected error rate from the tolerable error rate in the population.
A.The confidence level is the specified measure of how reliable the auditor wants the sample results to be. C.The confidence interval (precision) is the range between the lower and upper error limits. D.The expected error rate is a measure of how frequently the auditor expects the characteristic of interest to exist in the population prior to selecting and evaluating the sample.
38.In selecting a sample of items for attributes testing, an auditor must consider the confidence level factor, the desired precision, and the
A.Recorded monetary amount of the population. B.Sampling interval. C.Expected occurrence rate. D.Standard deviation in the population.
Answer (C) is correct. The expected occurrence rate, also called the expected deviation rate, is one of the three necessary factors in determining sample size for an attribute test.
A.The monetary amount of the population relates to testing for variables. B.The sampling interval is used in monetary-unit sampling. D.The standard deviation is an element in the variables sampling formula.
39.An internal auditor is planning to use attribute sampling to test the effectiveness of a specific internal control related to approvals for cash disbursements. In attribute sampling, decreasing the estimated occurrence rate from 5% to 4% while keeping all other sample size planning factors exactly the same would result in a revised sample size that would be
A.Larger. B.Smaller. C.Unchanged. D.Indeterminate.
Answer (B) is correct. In an attribute test, the expected deviation rate is directly related to sample size. If it is decreased, sample size will decrease.
A.Increasing the expected error rate increases the sample size. C.Changing one variable while holding all other factors constant changes the sample size. D.Decreasing the expected error rate while holding all other factors constant decreases the sample size.
40.The size of a given sample is jointly a result of characteristics of the population of interest and decisions made by the internal auditor. Everything else being equal, sample size will
A.Increase if the internal auditor decides to accept more risk of incorrectly concluding that controls are effective when they are in fact ineffective. B.Double if the internal auditor finds that the variance of the population is twice as large as was indicated in the pilot sample. C.Decrease if the internal auditor increases the tolerable rate of deviation. D.Increase as sampling risk increases.
Answer (C) is correct. In an attribute test, the tolerable deviation rate is inversely related to sample size. If it is increased, sample size will decrease.
A.An increase in allowable risk decreases sample size. B.Doubling the variability of the population will cause the sample size to more than double. D.Sampling risk increases as the sample size decreases.
41.If all other factors specified in an attribute sampling plan remain constant, decreasing the confidence level from 95% to 90% would cause the required sample size to
A.Increase.
B.Decrease. C.Change by 5%. D.Remain the same.
Answer (B) is correct. In an attribute test, the confidence level is directly related to sample size. Thus, decreasing the confidence level permits a smaller sample size to be used.
A.Decreasing the confidence level permits a smaller sample size. C.The percentage change is not proportionate. D.Decreasing the confidence level permits a smaller sample size.
42.n an attribute sampling application, holding other factors constant, sample size will increase as which of the following becomes smaller?
A.Confidence coefficient. B.Population. C.Planned precision. D.Expected rate of occurrence.
Answer (C) is correct. In an attribute test, planned precision is inversely related to sample size. A decrease (tightening) increases sample size.
A.A decrease in a numerator factor will decrease the sample size. B.A population decrease permits a decrease in sample size. D.A decrease in a numerator factor will decrease the sample size.
43.An auditor has to make a number of decisions when using attribute sampling. The term efficiency is used to describe anything that affects sample size. The term effectiveness is used to describe the likelihood that the statistical sample result will be a more accurate estimate of the true population error rate. Assume an auditor expects a control procedure failure rate of 0.5%. The auditor is making a decision on whether to use a 90% or a 95% confidence level and whether to set the tolerable control failure rate at 3% or 4%. Which of the following statements regarding efficiency and effectiveness of an attribute sample is true?
A.Decreasing the confidence level to 90% and decreasing the tolerable control failure rate to 3% will result in both increased efficiency and effectiveness. B.Decreasing the tolerable failure rate from 4% to 3% will increase audit efficiency. C.Increasing the confidence level to 95% and decreasing the tolerable control failure rate to 3% will increase audit effectiveness. D.Increasing the confidence level to 95% will increase audit efficiency.
Answer (C) is correct. In an attribute test, confidence level and expected deviation rate are in the numerator, while the tolerable deviation rate is in the denominator. Hence, increasing the confidence level increases the sample size, and decreasing the tolerable rate also increases the sample size. A larger sample increases audit effectiveness.
A.Decreasing the confidence level reduces the sample size and thus decreases effectiveness. B.Decreasing the tolerable failure rate increases the sample size and thus decreases efficiency. D.Increasing the confidence level increases the sample size and thus decreases audit efficiency.
44.Which of the following must be known to evaluate the results of an attribute sample?
A.Estimated dollar value of the population. B.Standard deviation of the sample values. C.Actual size of the sample selected. D.Finite population correction factor.
Answer (C) is correct. Sample size is used to evaluate the actual occurrence rate (number of a particular attribute identified ÷ actual sample size) of the attribute of interest, such as a control deviation.
A.Dollar values are irrelevant to attribute sampling. B.The standard deviation is an element in the variables sampling formula. D.The finite population correction factor is used to adjust an initial computed sample size.
45.Fact Pattern: An individual is an internal auditor for a car rental agency that operates a fleet of 75,000 vehicles in 1,000 cities throughout North America. As a part of an operational audit, the auditor tested the impact of vehicle age on the incidence of major repairs. A computer program showed that 20% of the fleet has been in service for more than 12 months. A sample of 375 is drawn based on
Confidence level = 95% Expected rate of occurrence = 10% Precision = ±3% The records related to repairs completed after 12 months of service for the selected vehicles were reviewed to determine if major repairs were needed.
Q:Assuming that all other factors remain constant, how would sample size and achieved precision be affected by a change in confidence level from 95% to 90%?
A.Sample size would be smaller; achieved precision would be larger. B.Both sample size and achieved precision would be larger. C.Both sample size and achieved precision would be smaller. D.Sample size would be larger; achieved precision would be smaller.
Answer (A) is correct. Because the confidence coefficient of an attribute test is directly related to the sample size, a smaller coefficient would result in a smaller sample. Also, since sample size is inversely related to precision, a larger precision would result from using a smaller sample.
B.Sample size would be smaller, not larger. C.Achieved precision would be larger, not smaller. D.The opposite is true: sample size would be smaller and achieved precision larger. 46.An auditor applying a discovery-sampling plan with a 5% risk of overreliance may conclude that there is
A.A 95% probability that the actual rate of occurrence in the population is less than the critical rate if only one exception is found. B.A 95% probability that the actual rate of occurrence in the population is less than the critical rate if no exceptions are found. C.A 95% probability that the actual rate of occurrence in the population is less than the critical rate if the occurrence rate in the sample is less than the critical rate. D.Greater than a 95% probability that the actual rate of occurrence in the population is less than the critical rate if no exceptions are found.
Answer (B) is correct. Discovery sampling is a form of attribute sampling that is appropriate when even a single deviation would be critical. The sample size is calculated so that it will include at least one instance of a deviation if deviations occur in the population at a given rate. If no exceptions are found, the correct conclusion is that the probability is 95% that the occurrence rate is less than the critical rate.
A.The probability is 95% that the actual rate of occurrence is equal to or greater than the critical rate if one exception is found. C.The probability is 95% that the actual rate is equal to or exceeds the critical rate if any exceptions are found. D.The probability does not increase if no exceptions are found.
47.How does stop-or-go attribute sampling differ from fixed-sample-size attribute sampling?
A.Nonsampling error is smaller. B.Total expected sample size will always be smaller. C.Desired reliability does not have to be specified in advance. D.It cannot be used to determine the assessed level of control risk.
Answer (B) is correct. The objective of stop-or-go sampling, sometimes called sequential sampling, is to reduce the sample size when the auditor believes the error rate in the population is low. Thus, total expected sample size is always lower for stop-or-go sampling.
A.Nonsampling error is not affected by the sampling method. C.Both methods require desired reliability to be specified in advance. D.It expresses the principal objective of stop-or-go attribute sampling
48.Which form of sampling is most likely to be used in a fraud investigation?
A.Stop-or-go sampling. B.Discovery sampling. C.Acceptance sampling for attributes. D.Probability-proportional-to-size (PPS) sampling.
Answer (B) is correct. Attribute sampling tests the effectiveness of controls because it can estimate a rate of occurrence of control deviations in a population. Discovery sampling is a form of attribute sampling that is appropriate when only a single deviation might be critical, such as when an auditor investigates fraud. The sample size is calculated so that the sample includes at least one example of a deviation if it occurs in the population at a given rate.
A.The objective of stop-or-go sampling is to reduce the sample size. The auditor examines only enough sample items to be able to state that the deviation rate is below a prespecified rate. Sample size is not fixed as in discovery sampling. C.Acceptance sampling for attributes is useful in quality control applications when products (1) are available in lots, (2) are subject to inspection, and (3) can be classified as acceptable or not. Items are drawn randomly, and the results indicate whether the lots are accepted or rejected. D.PPS sampling is appropriate for account balances that may include only a few overstated items, such as inventory or receivables. This sampling method uses a monetary unit as the sampling unit, but the item containing the sampled monetary unit, such as an invoice or check, is selected for examination.
49.The appropriate sampling plan to use to identify at least one irregularity, assuming some number of such irregularities exist in a population, and then to discontinue sampling when one irregularity is observed is
A.Stop-or-go sampling. B.Discovery sampling. C.Variables sampling. D.Attribute sampling.
Answer (B) is correct. Discovery sampling is a form of attribute sampling applied when a control is critical and a single deviation is important, for example, commission of a material fraud. The expected deviation rate should be at or near zero, and the sample size is calculated so that the sample will include at least one example of a deviation if it occurs in the population at a given rate.
A.Stop-or-go sampling is a variant of attribute sampling intended to reduce sample sizes when the population is relatively deviation free. It allows for discontinuing sampling when few or no errors are found or for expanding the sample if the initial sample does not provide sufficient assurance. C.Variables sampling estimates the value of a population. D.Most attribute sampling applications are not discontinued when a single deviation is found.
50.Which sampling plan requires no additional sampling once the first error is found?
A.Stratified sampling. B.Attribute sampling. C.Stop-or-go sampling. D.Discovery sampling.
Answer (D) is correct.
Discovery sampling is a form of attribute sampling used to identify critical deviations in a population. The occurrence rate is assumed to be at or near 0%, and the method cannot be used to evaluate results statistically if deviations are found in the sample. Hence, discovery sampling is used for tests of controls, but it is appropriate only when one deviation is critical. The sample size is calculated so that the sample will contain at least one example of a deviation if it occurs in the population at a given rate.
A.Stratifying the population is done to reduce the effect of high variability by dividing the population into subpopulations. It is not concerned with errors in the population, and sampling would not stop when the first error is encountered. B.The goal of attribute sampling is to arrive at an estimate of the rate of occurrence of some characteristic in a population. Hence, the entire sample size must be taken, regardless of when the first error occurs. C.Stop-or-go sampling is a sequential sampling procedure. The next step is determined by the results of the previous step. Once a step is initiated, it is carried out until it is completed. Each phase of the sample is conducted without reference to when the first error is observed.
51.When an internal auditor’s sampling objective is to obtain a measurable assurance that a sample will contain at least one occurrence of a specific critical exception existing in a population, the sampling approach to use is
A.Random. B.Discovery. C.Probability-proportional-to-size. D.Variables.
Answer (B) is correct. Discovery sampling is a form of attribute sampling used to identify critical deviations in a population. The occurrence rate is assumed to be at or near 0%, and the method cannot be used to evaluate results statistically if deviations are found in the sample. Hence, discovery sampling is used for tests of controls, but it is appropriate only when one deviation is critical. The sample size is calculated so that the sample will contain at least one example of a deviation if it occurs in the population at a given rate.
A.Random sampling is a method used to choose the sample C.Probability-proportional-to-size (monetary-unit) sampling is a modified version of attribute sampling that relates deviation rates to monetary amounts. D.Variables sampling is used to estimate the value of a population, not the occurrence rate of deviations.
52.Assume the internal auditor becomes concerned that significant fraud may be taking place by dentists who are billing the health care processor for services that were not provided. For
example, employees may have their teeth cleaned, but the dentist charges the processor for pulling teeth and developing dentures. The most effective procedure to determine whether such a fraud exists is to
A.Develop a schedule of payments made to individual dentists. Verify that payments were made to the dentists by confirming the payments with the health care processor. B.Take a random sample of payments made to dentists and confirm the amounts paid with the dentists’ offices to determine that the amounts agree with the amounts billed by the dentists. C.Take a random sample of claims submitted by dentists and trace through the system to determine whether the claims were paid at the amounts billed. D.Take a discovery sample of employee claims that were submitted through dentist offices, and confirm the type of service performed by the dentist through direct correspondence with the employee who had the service performed.
Answer (D) is correct. A discovery sample is used to identify critical errors or irregularities, that is, when a single deviation is critical. This method cannot be used to evaluate the results statistically if deviations are found. Because dentists are suspected of filing fraudulent claims, the auditor should take a discovery sample of employee claims. The internal auditor should then confirm the work done by the dentist according to the claim with the employee. The employee is the best source of information as to whether the service was provided.
A.Developing a schedule of payments and verifying that the payments were made does not reveal whether the claims were proper or fraudulent. B.Verifying that dentists were paid the amounts that they billed does not reveal whether the claims were proper or fraudulent. C.Verifying that claims were paid at the amounts billed does not reveal whether the claims were proper or fraudulent.
53.After partially completing an internal control review of the accounts payable department, an auditor suspects that some type of fraud has occurred. To ascertain whether the fraud is present, the best sampling approach is to use
A.Simple random sampling to select a sample of vouchers processed by the department during the past year. B.Probability-proportional-to-size sampling to select a sample of vouchers processed by the department during the past year. C.Discovery sampling to select a sample of vouchers processed by the department during the past year. D.Judgmental sampling to select a sample of vouchers processed by clerks identified by the department manager as acting suspiciously.
Answer (C) is correct.
The purpose is to determine whether fraud has occurred rather than to estimate its overall frequency. Discovery sampling is a method designed specifically for this purpose. It is a form of attribute sampling used to identify critical deviations in a population. The occurrence rate is assumed to be 0%, and statistical evaluation of results is impossible if deviations are found. Thus, discovery sampling is only appropriate when one deviation is critical.
A.Simple random sampling is appropriate if the extent of fraud is to be estimated. B.Probability-proportional-to-size sampling is appropriate if the monetary value of fraud is to be estimated. D.Restricting the population to the vouchers processed by suspicious workers presents a significant potential for biasing the sample. The department manager may be the guilty party.
54.Management is legally required to prepare a shipping document for all movement of hazardous materials. The document must be filed with bills of lading. Management expects 100% compliance with the procedure. Which of the following sampling approaches is most appropriate?
A.Attribute sampling. B.Discovery sampling. C.Targeted sampling. D.Variables sampling.
Answer (B) is correct. Discovery sampling is a form of attribute sampling used to identify critical errors or irregularities, i.e., when the occurrence rate is assumed to be 0%.
A.The particular type of attribute sampling that is appropriate in this situation is discovery sampling. C.Targeted sampling is a nonsense answer. D.Variables sampling concerns amounts.
55.A random attribute sample taken from a large population should be representative. However, a random sample may not detect fraud. For this reason, the size of a random sample is most dependent on which of the following factors?
A.The size of the population. B.The level of risk that the organization has accepted. C.The comprehensive basis of accounting used to prepare the organization’s financial statements. D.The size of the internal audit function.
Answer (B) is correct. The confidence interval is the allowance for sampling risk. It is based on the confidence level, i.e., the percentage of times that a sample is expected to represent the population. The greater the desired confidence level, the larger the sample should be. Thus, the size of a random sample is related to the level of risk the organization is willing to accept.
A.For a very large population, the size of the population has a small effect on the size of the sample. C.The basis of accounting is not a factor in the calculation of the sample size. D.The size of the internal audit function is not a factor in the calculation of the sample size.
56.A sample size of 50 purchase orders was selected for testing by the auditor. The results were above the desired deviation rate of 2%. The audit manager increased the sample size to 75 purchase orders. This is an example of
A.Stratified mean-per-unit sampling. B.Discovery sampling. C.Block sampling. D.Stop-or-go sampling.
Answer (D) is correct. In stop-or-go sampling, the auditor examines only enough sample items to be able to state that the deviation rate is below a specified rate at a specified level of confidence. If the auditor needs to expand the sample to obtain the desired level of confidence, (s)he can do so in stages because the sample size is not fixed. The objective of stop-or-go sampling, also called sequential sampling, is to guard against selecting an unnecessarily large sample size when the auditor believes the deviation rate in the population is low.
A.Stratified MPU sampling is a means of increasing audit efficiency by separating the population into logical groups, usually by various ranges of the tested amounts. By creating multiple populations, the variability within each is reduced, allowing for a smaller overall sample size. B.Discovery sampling is appropriate when even a single deviation (noncompliance) is critical. The sample size is fixed and is calculated so that it will include at least one instance of a deviation if deviations occur in the population at a given rate. C.Block (cluster) sampling randomly selects groups of items as the sampling units rather than individual items. An example is the inclusion in the sample of all cash payments for May and September.
57.In a variables sampling application, which of the following will result when confidence level is changed from 90% to 95%?
A.Standard error of the mean will not be affected. B.Nonsampling error will decrease. C.Sample size will increase. D.Point estimate of the arithmetic mean will increase.
Answer (C) is correct. In any sampling application (attribute or variables), an increase in the confidence level requires a larger sample.
A.The standard error of the mean is the standard deviation of the distribution of sample means. The larger the sample, the lower the degree of variability in the sample. An increase in confidence level from 90% to 95% requires a larger sample. Thus, the standard error of the mean will be affected. B.By definition, nonsampling error is unaffected by changes in sampling criteria. D.The estimate of the mean may increase or decrease if sample size changes.
58.In selecting a sample of items for variables testing, an auditor must consider the desired precision, the standard deviation, and the
A.Recorded monetary amount of the population. B.Acceptable risk level. C.Expected occurrence rate. D.Sampling interval.
Answer (B) is correct. Four factors determine the size of a classical variables sample: the confidence coefficient, the estimated standard deviation of the population, the population size, and the tolerable misstatement (desired precision).
A.The recorded monetary amount is not needed for variables testing. C.he expected occurrence rate is a factor in the sample-size formula for attribute sampling. D.The sampling (skip) interval is the dollar interval calculated for monetary-unit sampling.
59.If all other factors in a sampling plan are held constant, changing the measure of tolerable misstatement to a smaller value will cause the sample size to be
A.Smaller. B.Larger.
C.Unchanged. D.Indeterminate.
Answer (B) is correct. The size of the precision interval in a variables test is based upon the tolerable misstatement that is determined by materiality judgments. As this value decreases, for example, because of a decrease in tolerable misstatement, the size of the required sample increases accordingly, and vice versa. Hence, tolerable misstatement (precision) and sample size are inversely related.
A.The relationship is inverse. C.The relationship is inverse. D.The relationship is inverse.
60.Fact Pattern: Using mean-per-unit sampling to estimate the value of inventory, an internal auditor had the following results:
Projected inventory value
US $3,000,000
Confidence level
95%
Confidence interval
$2,800,000 to $3,200,000
Standard error
$100,000
Z-value (approximate)
2.0
Precision
$200,000
The recorded value of inventory was US $3,075,000.
Q:Which of the following changes will result in a narrower confidence interval?
A.An increase in the confidence level from 95% to 99%. B.A decrease in the confidence level from 95% to 90%. C.A decrease in the allowable risk of incorrect rejection. D.An increase in the precision.
Answer (B) is correct. Decreasing the confidence level of any variables sample allows the auditor to narrow the confidence interval.
A.Increasing the confidence level results in a wider confidence interval if the standard error is constant. C.Decreasing the confidence level of any variables sample allows the auditor to narrow the confidence interval. D.Precision is simply another word for confidence interval. Increasing the precision makes the confidence interval wider.
61.An auditor is using the mean-per-unit method of variables sampling to estimate the correct total value of a group of inventory items. Based on the sample, the auditor estimates, with precision of ±4% and confidence of 90%, that the correct total is US $800,000. Accordingly,
A.There is a 4% chance that the actual correct total is less than US $720,000 or more than US $880,000. B.The chance that the actual correct total is less than US $768,000 or more than US $832,000 is 10%. C.The probability that the inventory is not significantly overstated is between 6% and 14%. D.The inventory is not likely to be overstated by more than 4.4% (US $35,200) or understated by more than 3.6% (US $28,800).
Answer (B) is correct. A 90% confidence level implies that 10% of the time the true population total will be outside the computed range. Precision of ±4% gives the boundaries of the computed range: US $800,000 × 4% = US $32,000. Hence, the range is US $768,000 to US $832,000.
A.The precision, not the confidence level, is ±4%. C.Precision is a range of values, not the probability (confidence level) that the true value will be included within that range. D.The precision percentage is not multiplied by the confidence percentage.
62.An auditor for the state highway and safety department needs to estimate the average highway weight of tractor-trailer trucks using the state’s highway system. Which estimation method must be used?
A.Mean-per-unit. B.Difference. C.Ratio. D.Probability-proportional-to-size.
Answer (A) is correct. Mean-per-unit sampling estimates the average value of population items, in this case, truck weight.
B.Difference estimation compares recorded and audit amounts. Recorded amounts are not relevant to the current procedure. C.Ratio estimation compares recorded and audit amounts. Recorded amounts are not relevant to the current procedure. D.Probability-proportional-to-size estimation compares recorded and audit amounts. Recorded amounts are not relevant to the current procedure.
63.When relatively few items of high monetary value constitute a large proportion of an account balance, stratified sampling techniques and complete testing of the high monetary-value items will generally result in a
A.Simplified evaluation of sample results. B.Smaller nonsampling error. C.Larger estimate of population variability. D.Reduction in sample size.
Answer (D) is correct. Stratifying a population means dividing it into subpopulations, thereby reducing sample size. Stratifying allows for greater emphasis on larger or more important items.
A.While stratifying reduces sample size, stratification requires a combination of sample results from more than one sample, in contrast to simple random sampling. B.A nonsampling error is an error in “performing” audit procedures, which is independent of sample selection. C.Stratified sampling, when properly used, will result in a smaller estimate of population variability.
64.To use stratified variables sampling to evaluate a large, heterogeneous inventory, an appropriate criterion for classifying inventory items into strata is
A.Monetary values. B.Number of items. C.Turnover volume. D.Storage locations.
Answer (A) is correct. Stratifying a population means dividing it into subpopulations, thereby reducing sample size. Stratifying allows for greater emphasis on larger or more important items. Inventory is measured and
recorded based on a monetary value (e.g., cost, market, or net realizable value). Accordingly, the appropriate criterion for classifying inventory items into strata is monetary values.
B.Monetary values are the usual characteristic to create strata in variables sampling, not number of items. C.Turnover volume is a characteristic of interest in attribute sampling but not in variables sampling. D.Storage location is not a relevant characteristic when creating strata for variables sampling.
65.Which one of the following is not an important consideration in determining the appropriate sample size?
A.Whether the sample is designed to estimate a mean or a proportion. B.The amount of variability in the population under study. C.The sensitivity of the decision using this sample to errors of estimation. D.The cost per sample observation.
Answer (A) is correct. Difference and ratio estimation use the same variables sampling formula. Thus, sample size considerations are the same for both.
B.The greater the variability, the greater the required sample size. C.The more sensitive the decision is to estimation errors, the greater the appropriate sample size. D.In accordance with the cost-benefit principle, the greater the cost per observation, the smaller the appropriate sample size.
66.Difference estimation sampling would be appropriate to use to project the monetary error in a population if
A.Subsidiary ledger book balances for some individual inventory items are unknown. B.Virtually no differences between the individual carrying amounts and the audited amounts exist. C.A number of nonproportional differences between carrying amounts and audited amounts exist. D.Observed differences between carrying amounts and audited amounts are proportional to carrying amounts.
Answer (C) is correct. Difference estimation of population error entails determining the differences between the audit and carrying amounts for items in the sample, calculating the mean difference, and multiplying the mean by the number of items in the population. This method is used when the population contains sufficient
misstatements to provide a reliable sample and when differences between carrying and audit amounts are not proportional. If differences are proportional, ratio estimation is used. A sufficient number of nonproportional errors must exist to generate a reliable sample estimate.
A.Individual carrying amounts must be known to use difference estimation. B.Sufficient misstatements must exist to generate a reliable sample. D.Ratio estimation is appropriate for proportional differences.
67.The auditor wishes to sample the perpetual inventory records to develop an estimate of the monetary amount of misstatement, if any, in the account balance. The account balance is made up of a large number of small-value items and a small number of large-value items. The auditor has decided to audit all items over US $50,000 plus a random selection of others. This audit decision is made because the auditor expects to find a large amount of errors in the perpetual inventory records but is not sure that it will be enough to justify taking a complete physical inventory. The auditor expects the errors to vary directly with the value recorded in the perpetual records. The most efficient sampling procedure to accomplish the auditor’s objectives is
A.Monetary-unit sampling. B.Ratio estimation. C.Attribute sampling. D.Stratified mean-per-unit sampling.
Answer (B) is correct. Ratio estimation estimates the population misstatement by multiplying the recorded amount of the population by the ratio of the total audit amount of the sample to its total recorded amount. It is reliable and efficient when small errors predominate and are not skewed. Thus, ratio estimation should be used in this situation because the auditor is not sampling the very large items and the errors are not skewed (they vary directly with the size of the recorded values).
A.Monetary-unit (probability-proportional-to-size) sampling becomes less accurate when many errors are expected. C.Attribute sampling is not used to estimate a monetary amount. D.Mean-per-unit (MPU) variables sampling averages audit values in the sample and multiplies by the number of items in the population to estimate the population value. When many errors are expected, MPU and stratified MPU are not as efficient as ratio estimation. 68.Ratio estimation sampling would be inappropriate to use to project the monetary error in a population if
A.The recorded carrying amounts and audited amounts are approximately proportional. B.A number of observed differences exist between carrying amounts and audited amounts.
C.Observed differences between carrying amounts and audited amounts are proportional to carrying amounts. D.Subsidiary ledger book balances for some inventory items are unknown.
Answer (D) is correct. Ratio estimation is similar to difference estimation except that it estimates the population error by multiplying the carrying amount of the population by the ratio of the total audit amount of the sample items to their total carrying amount. It has been demonstrated that both ratio and difference estimation are reliable and efficient when small errors predominate and the errors are not skewed. Moreover, audit amounts should be proportional to carrying amounts. Consequently, ratio estimation requires that carrying amounts be known.
A.Proportional relationships tend to support the use of ratio estimation. B.A minimum number of differences must be present to use ratio estimation. C.The existence of proportional differences favors the use of ratio estimation.
69.When an internal auditor uses monetary-unit statistical sampling to examine the total value of invoices, each invoice
A.Has an equal probability of being selected. B.Can be represented by no more than one monetary unit. C.Has an unknown probability of being selected. D.Has a probability proportional to its monetary value of being selected.
Answer (D) is correct. Monetary-unit sampling, also called probability-proportional-to-size sampling, results in the selection of every nth monetary unit. Thus, a US $1,000 item is 1,000 times more likely to be selected than a US $1 monetary unit item. The probability of selection of a sampled item is directly proportional to the size of the item.
A.Each monetary unit, not each invoice, has an equal probability of being selected (unless all invoices are for the same amount). B.It is possible for two or more monetary units to be selected from the same item; e.g., a US $4,500 item will be represented by four monetary units if every 1,000th dollar is selected. C.The probability of selection can be calculated using the monetary value of the item and the monetary value of the population.
70.Monetary-unit sampling (MUS) is most useful when the internal auditor
A.Is testing the accounts payable balance. B.Cannot cumulatively arrange the population items. C.Expects to find several material misstatements in the sample. D.Is concerned with overstatements.
Answer (D) is correct. MUS, also called probability-proportional-to-size (PPS) sampling, is a modified version of attribute sampling that relates deviation rates to monetary amounts. It uses the monetary unit as the sampling unit. MUS is appropriate for testing account balances, such as those for inventory and receivables, in which some items may be far larger than others in the population. In effect, MUS stratifies the population because the larger account balances have a greater chance of being selected.
A.An audit of accounts payable is primarily concerned with understatements. B.The items in the population must be arranged by cumulative monetary total. The first monetary unit is chosen randomly, the second equals the random start plus the sample interval in monetary units, etc. C.As the expected amount of misstatement increases, the MUS sample size increases. MUS may also overstate the upper misstatement limit when misstatements are found. The result might be rejection of an acceptable balance.
71.The use of probability-proportional-to-size sampling is inefficient if
A.Bank accounts are being examined. B.Statistical inferences are to be made. C.Each account is of equal importance. D.The number of sampling units is large.
Answer (C) is correct. Probability-proportional-to-size sampling, also called monetary-unit sampling, gives greater weight to larger, more significant items. If all items are of the same importance, PPS is inappropriate.
A.PPS sampling could be appropriate in an examination of bank accounts if larger items are more important than smaller items (which is usually true in variables sampling). B.PPS sampling permits statistical inferences to be made. D.PPS sampling could be appropriate with a large number of sampling units if larger items are more important than smaller items.
72.Which of the following factors would most likely prevent the auditor from using monetary-unit sampling?
A.The auditor expects to find a limited number of understatements of individual account balances. B.The auditor expects to find that a large percentage of items sampled have misstatements. C.Individual accounts are not assigned a number, but are listed only alphabetically. D.The auditor expects to find more errors in the larger dollar value items than in the smaller dollar value items.
Answer (B) is correct. Monetary-unit sampling, also called probability-proportional-to-size sampling, combines attribute and variables sampling techniques. It uses the monetary unit as the sampling unit and effectively stratifies the population because larger items are more likely to be selected. Monetary-unit sampling is most useful when few misstatements are expected and overstatements are more likely than understatements.
A.Monetary-unit sampling can effectively handle a small number of understatement errors. C.Account numbers do not have to be assigned to use monetary-unit sampling. D.Misstatements in larger balances indicate that monetary-unit sampling should be used.
73.An internal auditor is planning to use monetary-unit sampling for testing the monetary value of a large accounts receivable population. The advantages of using monetary-unit sampling (MUS) include all of the following except that it
A.Is an efficient model for establishing that a low error rate population is not materially misstated. B.Does not require the normal distribution approximation required by variables sampling. C.Can be applied to a group of accounts because the sampling units are homogenous. D.Results in a smaller sample size than classical variables sampling for larger numbers of misstatements.
Answer (D) is correct. MUS, also called probability-proportional-to-size (PPS) sampling, is a modified version of attribute sampling that relates deviation rates to monetary amounts. It uses a monetary unit as the sampling unit. In effect, MUS stratifies the population because the larger account balances have a greater chance of being selected. However, as the number of expected misstatements increases, MUS requires a larger sample size than classical variables sampling.
A.MUS is efficient when few misstatements are expected. B.MUS does not assume normally distributed populations. C.MUS uses monetary units as sampling units. 74.What effect does an increase in the standard deviation have on the required sample size of mean-per-unit estimation and probability-proportional-to-size sampling? Assume no change in
any of the other characteristics of the population and no change in desired precision and confidence.
Mean-per-Unit Estimation
Probability Proportional to Size
A.Increase in sample size
Increase in sample size
B.No change in sample size
Decrease in sample size
C.Increase in sample size
No change in sample size
D.Decrease in sample size
No change in sample size
Answer (C) is correct. An increase in the standard deviation reflects an increase in the variability of the population. This increase in the variability of the sampling units increases sample size in a mean-per-unit test. However, a change in the standard deviation has no effect on the required sample size when PPS sampling is used because the sampling units (monetary units) are not variable.
A.An increase in standard deviation has no effect on the required sample size for PPS sampling. B.An increase in standard deviation increases sample size for mean-per-unit estimation but has no effect on the required sample size for PPS sampling. D.An increase in standard deviation increases sample size for mean-per-unit estimation
75.In which of the following situations will monetary-unit sampling be more effective and efficient than ratio estimation?
A.The population contains a large number of differences between the recorded amount and the actual amount. B.The population is expected to contain few differences between the recorded amount and the actual amount. C.The population has a high degree of variability in monetary amount. D.The population has a low degree of variability in monetary amount.
Answer (B) is correct. Monetary-unit sampling, also called probability-proportional-to-size sampling, is especially efficient and effective when the population contains few differences. However, variables sampling approaches
(e.g., ratio estimation) tend to be more efficient (samples are smaller) as the amount of misstatement increases. Monetary-unit sampling is also inefficient when understatements and negative amounts are expected.
A.Monetary-unit sampling, also called probability-proportional-to-size sampling, is inefficient compared with classical variables sampling when many differences exist. C.A high degree of variability in the monetary amount of items in the population is not a basis for preferring one of these methods to another. D.A low degree of variability in the monetary amount of items in the population is not a basis for preferring one of these methods to the other.
76.Fact Pattern: An auditor is testing on a company’s large, normally distributed accounts receivable file. The objectives of the audit are to test end-of-period monetary balances and accounts receivable posting exception (error) rates.
Q:The accounts receivable file contains a large number of small monetary balances and a small number of large monetary balances, and the auditor expects to find numerous errors in the account balances. The most appropriate sampling technique to estimate the monetary amount of errors is
A.Difference or ratio estimation. B.Unstratified mean-per-unit. C.Probability-proportional-to-size. D.Attribute.
Answer (A) is correct. Difference estimation calculates the average difference between the audit and recorded amounts of sample items and multiplies by the number of items in the population. Ratio estimation multiplies the recorded amount of the population by the ratio of the observed amount of the sample to its total recorded amount. These methods are useful when small errors predominate and the errors are not skewed. If the number of errors is small, a very large sample is required to provide a representative difference between audit and recorded amounts.
B.Mean-per-unit estimation is used to project a total monetary amount by multiplying the mean sample value by the number of items in the population. Unstratified means that the population is not divided into subpopulations. This method is inappropriate when many small balance account errors exist. C.Probability-proportional-to-size sampling is used for estimating monetary amounts of errors when the expected error frequency is low. Because the sampling unit is the monetary unit, this method increases the likelihood of selecting large items. D.Attribute sampling does not involve estimation of monetary amounts.
77.Fact Pattern:An auditor is testing on a company’s large, normally distributed accounts receivable file. The objectives of the audit are to test end-of-period monetary balances and accounts receivable posting exception (error) rates.
Q:The expected population exception rate is 3% for the accounts receivable posting processes. If the auditor has established a 5% tolerable rate, the auditor would use which sampling plan for testing the actual exception rate?
A.Difference or mean-per-unit estimation. B.Discovery. C.Stratified. D.Attribute.
Answer (D) is correct. The accounts receivable posting exception rate would be determined using attribute sampling. Attribute sampling is used for applications involving binary (yes/no or right/wrong) propositions. Whether an item has been posted requires a yes/no answer.
A.Difference or mean estimation is used when sampling for monetary values. B.Discovery sampling is only used when exception rates are expected to be very low. C.Stratified sampling arranges populations for more efficient sampling.
78.Fact Pattern: An auditor is testing on a company’s large, normally distributed accounts receivable file. The objectives of the audit are to test end-of-period monetary balances and accounts receivable posting exception (error) rates.
Q:To test the accounts receivable file to compute an estimated monetary total, the auditor could use any one of the following sampling techniques except
A.Difference or ratio estimation. B.Unstratified mean-per-unit estimation. C.Probability-proportional-to-size sampling. D.Attribute sampling.
Answer (D) is correct. Attribute sampling is used for applications involving binary (yes/no or right/wrong) propositions. Attribute sampling does not involve estimation of monetary amounts.
A.Difference or ratio estimation can be used to estimate population dollar values. Both methods involve determining the difference between the audit and recorded amounts of items in the sample. B.Mean-per-unit estimation averages audit values and multiplies them by the units in the population to estimate the account balance. C.Probability-proportional-to-size sampling uses the monetary unit as the sampling unit. It is a means of testing account balances.
79.Variability of the monetary amount of individual items in a population affects sample size in which of the following sampling plans?
A.Attribute sampling. B.Monetary-unit sampling. C.Mean-per-unit sampling. D.Discovery sampling.
Answer (C) is correct. The sample size for a variable test depends on confidence level, population size, precision, and variability of the population. The standard deviation measures variability. The larger the standard deviation, the larger the sample size that is required to achieve specified levels of precision and confidence.
A.Attribute sampling tests binary (yes/no) propositions. It is not used for tests of monetary amounts, so the variability of monetary amounts is not an issue in determining sample size. B.Monetary-unit (probability-proportional-to-size) sampling neutralizes variability by defining the sampling unit as an individual monetary unit. D.The objective of discovery sampling is to select items until at least one item is discovered with a particular characteristic, such as evidence of fraud.
80.An internal auditor is performing a test to determine whether a gas and electric appliance manufacturer should move its service center from one location to another. The service center houses the service trucks that are used to drive to the customers’ locations to service their appliances. The internal auditor wants to determine the reduction in average miles driven as a result of moving to the other location. Which of the following statistical sampling methods would be most appropriate for this test?
A.Attribute sampling. B.Discovery sampling. C.Probability-proportional-to-size (monetary-unit) sampling. D.Mean-per-unit sampling.
Answer (D) is correct. Mean-per-unit sampling is the only variables sampling method designed to estimate a variable for which individual carrying amounts of items in a population are not available.
A.Attribute sampling will not produce a quantitative value. B.Discovery sampling is used to uncover an attribute that exists in the population with a low rate of occurrence, not to estimate a variable. C.Individual carrying amounts adding up to a total carrying amount are required for probability-proportional-to-size (monetary-unit) sampling to be used.
81.The internal auditor for an insurance company is conducting an audit of claims processing and wants to assess the average length of time taken to process automobile claims to determine whether processing is being completed within standards set by company policy. The auditor plans to take a sample of claims made during the year and perform the needed analysis. The most appropriate sampling method is
A.Mean-per-unit variables sampling. B.Probability-proportional-to-size sampling. C.Attribute sampling. D.Discovery sampling. Answer (A) is correct. Mean-per-unit (MPU) variables sampling averages audit values in the sample and multiplies by the number of items in the population to estimate the population value. This is the most appropriate sampling procedure because it allows the auditor to calculate the mean for the processing time and construct a confidence interval around the mean.
B.Probability-proportional-to-size sampling uses attribute sampling methods to estimate monetary amounts. It is not appropriate in this situation. C.Attribute sampling tests binary propositions and therefore cannot estimate the average length of time to process the claims. It could, however, be used to estimate the probability that a claim is not processed within the company’s defined standard. D.Discovery sampling is used to determine if an isolated event is occurring in the population. It would be used here only if exceeding the policy for claims processing were expected to be extremely rare and extremely important.
82.An auditor is checking the accuracy of a computer-printed inventory listing to determine whether the total monetary value of inventory is significantly overstated. Because there is not adequate time or resources to check all items in the warehouse, a sample of inventory items must be used. If the sample size is fixed, which one of the following would be the most accurate sampling approach in this case?
A.Select those items that are most easily inspected.
B.Employ simple random sampling. C.Sample so that the probability of a given inventory item being selected is proportional to the number of units sold for that item. D.Sample so that the probability of a given inventory item being selected is proportional to its book value.
Answer (D) is correct. The audit objective is to determine whether the total monetary amount of inventory is significantly overstated. Thus, monetary-unit (probability-proportional-to-size) sampling is appropriate. It increases the likelihood that a sample of a given size will include high monetary-value inventory items.
A.Using ease of inspection as a selection criterion provides no statistical validity. B.Simple random sampling selects units of inventory. Large and small items are equally likely to be chosen. Thus, it will probably result in a sample that accounts for a lesser percentage of the total monetary value than PPS sampling. C.Although better than simple random sampling, selection of items with high sales volumes may result in a sample with a relatively small monetary value.
83.A manufacturer mass produces nuts and bolts on its assembly line. The line supervisors sample every nth unit for conformance with specifications. Once a nonconforming part is detected, the machinery is shut down and adjusted. The most appropriate tool for this process is a
A.Fishbone (Ishikawa) diagram. B.Cost of quality report. C.ISO 9000 audit. D.Statistical quality control chart.
Answer (D) is correct. Statistical quality control is a method of determining whether the shipment or production run of units lies within acceptable limits. It is also used to determine whether production processes are out of control. Statistical control charts are graphic aids for monitoring the status of any process subject to random variations.
A.A fishbone diagram is useful for determining the unknown causes of problems, not routine mechanical adjustments. B.The contents of a cost of quality report are stated in monetary terms. This tool is not helpful for determining when to adjust machinery. C.An ISO 9000 audit focuses on the quality of the organization’s total process, not the routine adjustment of machinery.
84.A health insurer uses a computer application to monitor physician bill amounts for various surgical procedures. This program allows the organization to better control reimbursement rates. The X-bar chart below is an example of the output from this application.
Select the interpretation that best explains the data plotted on the chart.
A.Random variation. B.Abnormal variation. C.Normal variation. D.Cyclic variation.
Answer (B) is correct. Statistical quality control charts are graphic aids for monitoring the status of any process subject to random variations. The X-bar chart presented here depicts the sample means for a variable. If the values fall within the upper and lower control limits, no action is taken. Accordingly, values outside these limits are abnormal and should be investigated for possible corrective action.
A.Random variations should fall within realistically determined control limits C.Normal variations should fall within realistically determined control limits. D.In time series analysis, cyclic variation is the fluctuation in the value of a variable caused by change in the level of general business activity.
85.Fact Pattern: An organization has collected data on the complaints made by personal computer users and has categorized the complaints.
Q:Using the information collected, the organization should focus on
A.The total number of personal computer complaints that occurred. B.The number of computer complaints associated with CD-ROM problems and new software usage. C.The number of computer complaints associated with the lack of user knowledge and hardware problems. D.The cost to alleviate all computer complaints
Answer (C) is correct. Complaints based on lack of user knowledge and hardware problems are by far the most frequent according to this chart. Consequently, the company should devote its resources primarily to these issues. A.The organization should focus its scarce resources on those areas generating the highest levels of dissatisfaction. Pareto diagrams such as this one are tools for facilitating this kind of analysis. B.Complaints about CD-ROMs and software are infrequent. D.Cost information is not provided.
86.Fact Pattern: An organization has collected data on the complaints made by personal computer users and has categorized the complaints.
Q:The chart displays the
A.Arithmetic mean of each computer complaint. B.Relative frequency of each computer complaint. C.Median of each computer complaint. D.Absolute frequency of each computer complaint.
Answer (D) is correct. This Pareto diagram depicts the frequencies of complaints in absolute terms. It displays the actual number of each type of complaint. The chart does not display arithmetic means, relative frequencies, or medians of each type of complaint.
A.The chart does not display arithmetic means, relative frequencies, or medians of each type of complaint. B.The chart does not display arithmetic means, relative frequencies, or medians of each type of complaint. C.The chart does not display arithmetic means, relative frequencies, or medians of each type of complaint.
87.Statistical quality control often involves the use of control charts whose basic purpose is to
A.Determine when accounting control procedures are not working. B.Control labor costs in production operations. C.Detect performance trends away from normal operations. D.Monitor internal control applications of information technology.
Answer (C) is correct. Statistical control charts are graphic aids for monitoring the status of any process subject to random variations. The chart consists of three horizontal lines plotted on a horizontal time scale. The vertical scale represents the appropriate quantitative measure. The center line represents the average range or overall mean for the process being controlled. The other two lines are the upper control limit and the lower control limit. The processes are measured periodically, and the values are plotted on the chart. If the value falls within the control limits, no action is taken. If the value falls outside the limits, the process is considered out of control, and an investigation is made for possible corrective action. Another advantage of the chart is that it makes trends visible.
A.Quality control applies to product quality, not controls over accounting procedures B.Quality control applies to product quality, not costs. D.Quality control applies to product quality, not information technology.
88.The statistical quality control department prepares a control chart showing the percentages of defective production. Simple statistical calculations provide control limits that indicate whether assignable causes of variation are explainable on chance grounds. The chart is particularly valuable in determining whether the quality of materials received from outside vendors is consistent from month to month. What is the best term for this chart?
A.C chart. B.P chart. C.R chart. D.X-bar chart.
Answer (B) is correct. The question states that “the statistical quality control department prepares a control chart showing the percentages of defective production.” P charts show the percentage of defects in a sample.
A.A C chart is also an attribute control chart. It shows defects per item. C.An R chart displays the range of dispersion of a variable, such as size or weight. D.An X-bar chart plots the sample mean for a variable.
89.An automobile parts manufacturer has received complaints from customers about declining quality. After a quick review, management realizes the problem has no single source. To perform a thorough process of problem identification, the most appropriate tool is a(n)
A.Fishbone (Ishikawa) diagram. B.Histogram. C.Pareto diagram.
D.ISO 9000 audit.
Answer (A) is correct. A fishbone diagram (also called a cause-and-effect diagram or an Ishikawa diagram) is used in total quality management for process improvement. It is useful in studying causation (why the actual and desired situations differ). This format organizes the analysis of causation and helps to identify possible interactions among causes.
B.A histogram displays the continuum of values for an independent variable. It is useful for visually inspecting the range of a quantifiable variable. C.A Pareto diagram (also known as 80:20 analysis) displays the values of an independent variable such that managers can quickly identify the areas most in need of attention. The variables involved must be quantifiable. D.An ISO 9000 audit focuses on process, not product, quality.
90.The director of sales asks for a count of customers grouped in descending numerical rank by (1) the number of orders they place during a single year and (2) the dollar amounts of the average order. The visual format of these two pieces of information is most likely to be a
A.Fishbone (Ishikawa) diagram. B.Cost of quality report. C.Kaizen diagram. D.Pareto diagram.
Answer (D) is correct. A Pareto diagram (also known as 80:20 analysis) displays the values of an independent variable such that managers can quickly identify the areas most in need of attention. A.A fishbone diagram is useful for determining the unknown causes of problems, not for stratifying quantifiable variables. B.The contents of a cost of quality report are stated in monetary terms. This report is not helpful for stratifying quantifiable variables. C.Kaizen diagram is not a meaningful term in this context.
91.In the context of quality control, which chart is best for displaying the 80:20 rule?
A.Benchmark. B.Pareto. C.Fishbone.
D.Cost-benefit.
Answer (B) is correct. The Pareto diagram is a bar chart that assists with what is commonly called 80:20 analysis. The 80:20 rule states that 80% of all effects are the result of only 20% of all causes. The occurrences of the factor selected as the area of interest is ranked form highest to lowest, allowing the manager to see at a glance which areas are of most concern. In the context of quality control, managers optimize their time by focusing their effort on the sources of the most problems
A.Benchmarks are often used to establish control limits. The limits are important because they are the decision criteria for determining whether a deviation will be investigated. Benchmarking does not display the 80:20 rule. C.The fishbone diagram does not display the 80:20 rule. The format of a fishbone diagram visually identifies the problem and the principal classifications of causes. The head of the skeleton contains the statement of the problem and the causation classifications are represented by lines (bones) drawn diagonally from a heavy horizontal line (the spine). D.A cost-benefit analysis, using expected values, provides a more objective basis for setting control limits. It does not display the 80:20 rule. The control limits should be set so that the cost of an investigation is less than or equal to the benefits derived. Expected costs include investigation cost and the cost of corrective action. The benefit of an investigation is the avoidance of the costs of continuing to operate an out-of-control process.
92.The new purchasing director is analyzing purchase orders for the organization. Which of the following analyses would best be displayed on a histogram?
A.In the past year the organization placed 10,000 purchase orders. Organize the number of orders placed with each supplier, sorted in descending order. B.The average turnaround time from issuing a purchase order to receiving the merchandise is 7 days. Review the last 2,000 purchase orders, and using 10 days as the upper control limit and 4 days as the lower control limit, graph the turnaround time for each order. C.The organization purchased $27 million worth of inventory in the past year. Distribute by value, using $500 increments, the quantity of purchase orders that fall within each range. D.Identify and organize the reasons the average turnaround time for purchase orders falls outside the control parameters of 4-10 days.
Answer (C) is correct. The histogram displays a continuous frequency distribution of the independent variable in the form of a bar graph. The y axis is the quantity of purchase orders and the x axis is the purchase order amount. The histogram would best display the quantity of purchase orders by dollar value.
A.The Pareto diagram is a bar chart that ranks the occurrences of the independent variable from highest to lowest value. The independent variable is the factor selected by the manager as the area of interest, in this case the supplier. The frequency of occurrence of the dependent variable (quantity of orders) is plotted on the y axis.
B.The statistical control chart is a useful aid for monitoring the status of any process subject to acceptable (between 4-10 days) or unacceptable (less than 4 or greater than 10 days) variations during repeated operations. Plotted on a horizontal time scale, values outside the predefined control limits are considered abnormal. An advantage of the chart is that it makes trends and cycles visible. A disadvantage of the chart is that it does not indicate the cause of the variation. D.The fishbone diagram (also called a cause-and-effect diagram) is a total quality management process improvement technique. The format identifies and organizes the analysis of causation and helps to identify possible interactions among causes.
PART 2 UNIT 8 Question: 1
An auditor is least likely to use computer software to
A.
Construct parallel simulations.
B.
Access client data files.
C.
Prepare spreadsheets.
D.
Assess computer control risk.
Answer (D) is correct. The auditor is required to evaluate the adequacy and effectiveness of the system of internal control and to assess risk to plan the audit. This assessment is a matter of professional judgment that cannot be accomplished with a computer alone. A Parallel simulation involves using an auditor’s program to reproduce the logic of management’s program. B Computer software makes accessing company files much faster and easier. C Many audit spreadsheet programs are available. Question: 2 When an auditor performs tests on a computerized inventory file containing over 20,000 line items, that auditor can maintain independence and perform most efficiently by A.
Asking the console operator to print every item that costs more than US $100.
B.
Using a generalized audit software package.
C.
Obtaining a printout of the entire file and then selecting each nth item.
D.
Using the systems department’s programmer to write an extraction program.
Answer (B) is correct. Independence can be preserved when the auditor acquires general audit software (GAS) from an external source rather than relying on auditee-developed audit software. Also, efficiency is enhanced to the extent GAS can be used (as compared to manual auditing or writing special audit programs). The leading GAS packages are currently and IDEA. A Independence is jeopardized when an operator is involved in the process. C Printing out the entire file is both unnecessary and inefficient. D Overreliance on an auditee’s programmer impairs independence.
Question: 3 Which of the following cannot be performed by an auditor using generalized audit software (GAS)? A.
Identifying missing check numbers.
B.
Correcting erroneous data elements, making them suitable for audit testwork.
C.
Matching identical product information in separate data files.
D.
Aging accounts receivable.
Answer (B) is correct. GAS can help an auditor identify erroneous data, but correcting them before performing testwork is inappropriate. A Identifying gaps is a function of major GAS packages. C Merging files is a function of GAS packages. D Aging is a function of GAS packages. Question: 4
Which of the following is not true about audit use of the Internet?
A.
It is a useful research tool for gathering audit-related information.
B.
It provides a secure medium to transmit confidential information.
C.
Electronic communication is the major use of the Internet by internal auditors.
D.
An electronic record of a user’s web browsing activities is created.
Answer (B) is correct. Users transmitting sensitive information across the Internet must understand the threats that arise that could compromise the confidentiality of the data. Security measures, such as encryption technology, need to be taken to ensure that the information is viewed only by those authorized to view it. A The Internet is a useful audit tool for gathering and disseminating audit-related information. C The major use of the Internet by internal auditors is electronic communication. D Web browsing leaves an electronic record of the user’s search path. Question: 5 A primary advantage of using generalized audit software (GAS) packages in auditing the financial statements of a client that uses a computer system is that the auditor may A.
Substantiate the accuracy of data through self-checking digits and hash totals.
B.
Reduce the level of required tests of controls to a relatively small amount.
C. Access information stored on computer files without a complete understanding of the client’s hardware and software features. D.
Consider increasing the use of substantive tests of transactions in place of analytical procedures.
Answer (C) is correct. A detailed knowledge of the client’s system is unnecessary because a generalized audit software package is designed to process data files from almost any platform. The leading packages are currently ACL (Audit Command Language) and IDEA (Interactive Data Extraction and Analysis). A Self-checking digits and hash totals are application controls used by clients. B GAS may permit far more comprehensive tests of controls than in a manual audit. C The auditor is required to apply analytical procedures in the planning and overall review phases of the audit. Question: 6 Which of the following strategies will an auditor most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system? A.
Continuous monitoring and analysis of transaction processing with an embedded audit module.
B.
Increased reliance on internal control activities that emphasize the segregation of duties.
C.
Verification of encrypted digital certificates used to monitor the authorization of transactions.
D.
Extensive testing of firewall boundaries that restrict the recording of outside network traffic.
Answer (A) is correct. An audit module embedded in the client’s software routinely selects and abstracts certain transactions. They may be tagged and traced through the information system. An alternative is recording in an audit log, that is, in a file accessible only by the auditor. B The same level of segregation of duties as in a manual system is not feasible in highly sophisticated computer systems. C Encrypted digital signatures help ensure the authenticity of the sender of information, but verifying them is a less pervasive and significant procedure than continuous monitoring of transactions. D Firewalls exclude unauthorized activity from entering a system. However, such activity would be independent of the internal processing of financial information.
Question: 7 Which of the following is the primary reason that many auditors hesitate to use embedded audit modules? A.
Embedded audit modules cannot be protected from computer viruses.
B.
Auditors are required to monitor embedded audit modules continuously to obtain valid results.
C.
Embedded audit modules can easily be modified through management tampering.
D.
Auditors are required to be involved in the system design of the application to be monitored.
Answer (D) is correct. Continuous monitoring and analysis of transaction processing can be achieved with an embedded audit module. To be successful, the internal auditor may need to be involved in the design of the application. Designing the system may impair independence unless the client makes all management decisions. A Embedded audit modules are no more vulnerable to computer viruses than any other software. B The advantage of embedded audit modules is that auditors are not required to monitor them continuously to obtain valid results. C Embedded audit modules cannot be easily modified through management tampering. Question: 8 An organization provides credit cards to selected employees for business use. The credit card company provides a computer file of all transactions by employees of the organization. An auditor plans to use generalized audit software (GAS) to select relevant transactions for testing. Which of the following would not be readily identified using GAS? A.
High-monetary-amount transactions.
B.
Fraudulent transactions.
C.
Transactions for specific cardholders.
D.
Suppliers used by each cardholder.
Answer (B) is correct. It is highly unlikely that the accounts payable system contains sufficient evidence of fraudulent transactions. GAS can be used to explore indicators of fraud, but it probably would not identify them. A GAS can be used to search for unusual transactions, such as those exceeding a specific monetary amount.
C Transaction data can be filtered using GAS. D Suppliers used by cardholders can be summarized using GAS. Question: 9 Insurers may receive hospitalization claims directly from hospitals by computer media; no paper is transmitted from the hospital to the insurer. Which of the following controls is most effective in detecting fraud in such an environment? A. Use integrated test facilities to test the correctness of processing in a manner that is transparent to data processing. B. Develop monitoring programs to identify unusual types of claims or an unusual number of claims by demographic classes for investigation by the claims department. C. Use generalized audit software to match the claimant identification number with a master list of valid policyholders. D. Develop batch controls over all items received from a particular hospital and process those claims in batches. Answer (B) is correct. Monitoring assesses the quality of internal control over time. Ongoing monitoring occurs as part of routine operations. It includes management and supervisory review, comparisons, reconciliations, and other actions by personnel as part of their regular activities. Thus, monitoring of the number and nature of claims may serve to detect failures of internal control. A An integrated test facility is useful in determining the correctness of processing of validly entered transactions. The issue in this case is the validity of the entered transactions. C An edit control should be built into the application to test for valid policy numbers. D Batch controls are designed to ensure that all items submitted are processed, i.e., that they are not lost or added to. Batch controls serve a control purpose, but the major concern in this situation is the validity of the input. Question: 10 Computer-assisted audit techniques are beneficial to the audit process because they provide for which of the following? A.
Ease of access to systems.
B.
Ease of training for auditors.
C.
Ability of auditors to deploy software solutions quickly.
D.
Ability of auditors to analyze large amounts of data.
Answer (D) is correct.
In contrast with manual audit procedures, CAATs provide automated methods for extracting and analyzing large amounts of data. A CAATs do not affect the internal auditor’s access to systems. Access to systems is controlled by the organization. B CAATs are used to improve the performance of engagements, not to train internal auditors. C CAATs give internal auditors the ability to analyze large amounts of data, not the ability to deploy software solutions quickly. Question: 11
Which of the following is not a benefit of using IT to solve audit problems?
A.
It helps reduce audit risk.
B.
It improves the timeliness of the audit engagement.
C.
It increases audit opportunities.
D.
It improves the auditor’s judgment.
Answer (D) is correct. Auditor judgment is improved through increased experience and professional development. A Audit risk is the risk that an auditor expresses an inappropriate opinion on materially misstated financial statements. An opinion should be supported by sufficient, reliable, relevant, and useful information. The use of IT improves information gathering by enabling the auditor to better analyze large amounts of data. The result is stronger support for conclusions and opinions as well as reduced audit risk. B The use of IT increases the internal audit activity’s productivity, which improves the timeliness of the audit engagement. C The use of IT improves the timeliness of audit engagements, which enables the internal audit activity to perform more audits during the audit period. Question: 12 Of the following, which is the most efficient source for an auditor to use to evaluate a company’s overall control system? A.
Control flowcharts.
B.
Copies of standard operating procedures.
C.
A narrative describing departmental history, activities, and forms usage.
D.
Copies of industry operating standards.
Answer (A) is correct. Control flowcharting is a graphical means of representing the sequencing of activities and information flows with related control points. It provides an efficient and comprehensive method of describing relatively complex activities, especially those involving several departments. B Copies of procedures and related forms do not provide an efficient overview of processing activities. C A narrative review covering the history and forms usage of the department is not as efficient or comprehensive as flowcharting for the purpose of communicating relevant information about controls. D Industry standards do not provide a picture of existing practice for subsequent audit activity. Question: 13 Which of the following tools would best give a graphical representation of a sequence of activities and decisions? A.
Flowchart.
B.
Control chart.
C.
Histogram.
D.
Run chart.
Answer (A) is correct. Flowcharting is an essential aid in the program development process that involves a sequence of activities and decisions. A flowchart is a pictorial diagram of the definition, analysis, or solution of a problem in which symbols are used to represent operations, data flow, equipment, etc. B A control chart is used to monitor deviations from desired quality measurements during repetitive operations. C A histogram is a bar chart showing conformance to a standard bell curve. D A run chart tracks the frequency or amount of a given variable over time. Question: 14
The diamond-shaped symbol is commonly used in flowcharting to show or represent a
A.
Process or a single step in a procedure or program.
B.
Terminal output display.
C.
Decision point, conditional testing, or branching.
D.
Predefined process.
Answer (C) is correct.
Flowcharts illustrate in pictorial fashion the flow of data, documents, and/or operations in a system. Flowcharts may summarize a system or present great detail, e.g., as found in program flowcharts. The diamond-shaped symbol represents a decision point or test of a condition in a program flowchart, that is, the point at which a determination must be made as to which logic path (branch) to follow. A The rectangle is the appropriate symbol for a process or a single step in a procedure or program. B A terminal display is signified by a symbol similar to the shape of a cathode ray tube. D A predefined processing step is represented by a rectangle with double lines on either side. Question: 15 An auditor’s flowchart of a client’s accounting system is a diagrammatic representation that depicts the auditor’s A.
Assessment of the risks of material misstatement.
B.
Identification of weaknesses in the system.
C.
Assessment of the control environment’s effectiveness.
D.
Understanding of the system.
Answer (D) is correct. The auditor should document (1) the understanding of the entity and its environment and the components of internal control, (2) the sources of information regarding the understanding, and (3) the risk assessment procedures performed. The form and extent of this documentation are influenced by the nature and complexity of the entity’s controls. For example, documentation of the understanding of internal control of a complex information system in which many transactions are electronically initiated, authorized, recorded, processed, or reported may include questionnaires, flowcharts, or decision tables. A The conclusions about the assessments of the RMMs should be documented. These are professional judgments of the auditor documented in the workpapers. B The conclusions about the assessments of the RMMs should be documented. These are professional judgments of the auditor documented in the workpapers. C The auditor’s judgment is the ultimate basis for concluding that controls are effective. Question: 16 When documenting internal control, the independent auditor sometimes uses a systems flowchart, which can best be described as a A.
Pictorial presentation of the flow of instructions in a client’s internal computer system.
B.
Diagram that clearly indicates an organization’s internal reporting structure.
C. Graphic illustration of the flow of operations that is used to replace the auditor’s internal control questionnaire.
D.
Symbolic representation of a system or series of sequential processes.
Answer (D) is correct. A systems flowchart is a symbolic representation of the flow of documents and procedures through a series of steps in the accounting process of the client’s organization. A A pictorial presentation of the flow of instructions in a client’s internal computer system is a computer program flowchart. B The organizational chart depicts the client’s internal reporting structure. C A flowchart does not necessarily replace the auditor’s internal control questionnaire. Controls beyond those depicted on the systems flowchart must also be considered by the auditor, and information obtained from the questionnaire may be used to develop the flowchart. Question: 17 flowchart is
The normal sequence of documents and operations on a well-prepared systems
A.
Top to bottom and left to right.
B.
Bottom to top and left to right.
C.
Top to bottom and right to left.
D.
Bottom to top and right to left.
Answer (A) is correct. The direction of flow in the normal sequence of documents and operations on a well-prepared systems flowchart is from top to bottom and from left to right. B The normal vertical movement is top to bottom. C The normal horizontal movement is left to right. D The normal sequence is top to bottom and left to right. Question: 18 Which method of evaluating internal controls during the preliminary survey provides the internal auditor with the best visual grasp of a system and a means for analyzing complex operations? A.
A flowcharting approach.
B.
A questionnaire approach.
C.
A matrix approach.
D.
A detailed narrative approach.
Answer (A) is correct. Flowcharts are graphical representations of the step-by-step progression of transactions, including document (information) preparation, authorization, flow, storage, etc. Flowcharting allows the internal auditor to analyze a system and to identify the strengths and weaknesses of the purported internal controls and the appropriate areas of audit emphasis. B A questionnaire approach provides only an agenda for evaluation. C A matrix approach does not provide the visual grasp of the system that a flowchart does. D A detailed narrative does not provide the means of evaluating complex operations that a flowchart does. Question: 19 Internal auditors often flowchart a control system and reference the flowchart to narrative descriptions of certain activities. This is an appropriate procedure to A.
Determine whether the system meets established management objectives.
B.
Document that the system meets international auditing requirements.
C.
Determine whether the system can be relied upon to produce accurate information.
D.
Gain the understanding necessary to test the effectiveness of the system.
Answer (D) is correct. Flowcharting is a pictorial method of analyzing and understanding the processes and procedures involved in operations, whether manual or computerized. Flowcharting is therefore useful in the preliminary survey and in obtaining an understanding of internal control. It is also helpful in systems development. A To determine whether the system meets established management objectives, the auditor must perform more extensive procedures. A flowchart is an aid to understanding the system. It does not provide evidence about the actual operating effectiveness of the system. B International auditing standards do not require the use of flowcharts. C To determine whether the system can be relied upon to produce accurate information, the auditor must perform more extensive procedures. A flowchart is an aid to understanding the system. It does not provide evidence about the actual operating effectiveness of the system. Question: 20
An internal auditor develops a flowchart primarily to
A.
Detect errors and irregularities.
B.
Analyze a system and identify internal controls.
C.
Determine functional responsibilities.
D.
Reduce the need for interviewing auditee personnel.
Answer (B) is correct. Flowcharting is a tool commonly used to learn what set of procedures is supposed to be in effect in a control system. An internal control flowchart is a pictorial diagram of documents and their processing and disposition within the system. It is a basis for preliminary evaluation and is followed by testing to see if the prescribed procedures are in effect and are working as intended. A Flowcharts only show where errors and irregularities might occur. C Questionnaires are used to determine functional responsibilities. D Flowchart development usually requires asking questions of the auditee. Question: 21 The internal auditor wishes to develop a flowchart of (1) the process of receiving sales order information at headquarters, (2) the transmission of the data to the plants to generate the shipment, and (3) the plants’ processing of the information for shipment. The internal auditor should A. Start with management’s decisions to set sales prices. Gather internal documentation on the approval process for changing sales prices. Complement documentation with a copy of the program flowchart. Prepare an overview flowchart that links these details. B. Start with a shipment of goods and trace the transaction back through the origination of the sales order as received from the sales representative. C. Start with the receipt of a sales order from a sales representative and “walk through” both the manual and computerized processing at headquarters and the plant until the goods are shipped and billed. D. Obtain a copy of the plants’ systems flowchart for the sales process, interview relevant personnel to determine if any changes have been made, and then develop an overview flowchart which will highlight the basic process. Answer (C) is correct. The survey during the engagement planning phase helps the internal auditor to become familiar with activities, risks, and controls and to identify areas for audit emphasis. Flowcharting is a typical survey procedure, and the walk-through is a means of gathering information to be reflected in the flowchart. A The issue is the processing of sales orders, not the system for making changes in the sales price data. B Starting with the completed transaction does not identify processing steps in which documents or data were diverted and processed separately.
D Processing steps that occur other than at the plant level must also be considered. Question: 22 An internal auditor reviews and adapts a systems flowchart to understand the flow of information in the processing of cash receipts. Which of the following statements is true regarding the use of such flowcharts? The flowcharts A. Show specific control procedures used, such as edit tests that are implemented and batch control reconciliations. B.
Are a good guide to potential segregation of duties.
C.
Are generally kept up to date for systems changes.
D.
Show only computer processing, not manual processing.
Answer (B) is correct. Systems flowcharts are overall graphic analyses of the flow of data and the processing steps in an information system. Accordingly, they can be used to show segregation of duties and the transfer of data between different segments in the organization. A A program flowchart will identify the specific edit tests implemented. C The flowcharts are usually not kept up to date for changes. Thus, the auditor will have to interview key personnel to determine changes in processing since the flowchart was developed. D A systems flowchart should show both manual and computer processing. Question: 23 Graphical notations that show the flow and transformation of data within a system or business area are called A.
Action diagrams.
B.
Program structure charts.
C.
Conceptual data models.
D.
Data flow diagrams.
Answer (D) is correct. Data flow diagrams show how data flow to, from, and within the system and the processes that manipulate the data. A data flow diagram can be used to depict lower-level details as well as higherlevel processes. A system can be divided into subsystems, and each subsystem can be further subdivided at levels of increasing detail. Thus, any process can be expanded as many times as necessary to show the required level of detail.
A Action diagrams are process logic notations that combine graphics and text to support the definition of technical rules. B Program structure charts are graphical depictions of the hierarchy of modules or instructions in a program. C Conceptual data modules are independent definitions of the data requirements that are explained in terms of entities and relationships. Question: 24 Which of the following is a true statement comparing a horizontal flowchart with a vertical flowchart? A.
A horizontal flowchart provides more room for written descriptions that parallel the symbols.
B. A horizontal flowchart brings into sharper focus the assignment of duties and independent checks on performance. C.
A horizontal flowchart is usually longer.
D.
A horizontal flowchart does not provide as broad a picture at a glance.
Answer (B) is correct. A horizontal or systems flowchart depicts the functions or departments involved in a process successively from left to right. Thus, the steps performed by a function or department are presented in the same column. A vertical flowchart displays step-by-step processes effectively, but it does not delineate the system’s components as well. By emphasizing the flow of processing between departments or people, a horizontal flowchart more clearly shows any inappropriate separation of duties and lack of independent checks on performance. A A vertical flowchart is usually designed to provide for written descriptions. C A horizontal flowchart is usually shorter. Space for written descriptions is not usually provided. D More of the flow of processing can be depicted on one page than in a vertical flowchart with written descriptions. Question: 25
The following is a section of a system flowchart for a payroll application:
Symbol X could represent A.
Erroneous time cards.
B.
An error report.
C.
Batched time cards.
D.
Unclaimed payroll checks.
Answer (B) is correct. Symbol X is a document, that is, hard copy output of the validation routine shown. The time card data, the validated data, and the errors are recorded on magnetic disk after the validation process. Thus, either an error report or the valid time card information is represented by Symbol X. A Time cards were stored offline before the validation process. C Time cards were stored offline before the validation process.
D No payroll checks are shown. Question: 26 An advantage of using systems flowcharts to document information about internal control instead of using internal control questionnaires is that systems flowcharts A.
Identify internal control deficiencies more prominently.
B.
Provide a visual depiction of clients’ activities.
C.
Indicate whether controls are operating effectively.
D.
Reduce the need to observe clients’ employees performing routine tasks.
Answer (B) is correct. Systems flowcharts provide a visual representation of a series of sequential processes, that is, of a flow of documents, data, and operations. In many instances, a flowchart is preferable to a questionnaire because a picture is usually more easily comprehended. A A systems flowchart can present the flow of information and documents in a system, but it does not specifically identify the deficiencies. C The flowchart does not provide evidence of how effectively controls are actually operating. D The flowchart is useful in documenting the understanding of internal control, but it does not reduce the need for observation of employees performing tasks if those tests of controls are deemed necessary. Question: 27 Which of the following is optimal to provide a summary-level description of a complex new computer system? A.
A control flowchart.
B.
Program code checking and flowchart verification.
C.
A system flowchart.
D.
A detailed narrative.
Answer (C) is correct. Flowcharts are graphical representations of the step-by-step progression of information through preparation, authorization, flow, storage, etc. In particular, a system flowchart depicts areas of responsibility arranged horizontally across the page in vertical columns. Accordingly, activities, controls, and document flows that are the responsibility of a given department or function are shown in the same column. A A control flowchart is specific to controls and therefore not optimal to provide a summary-level description of a complex new system.
B Program code checking and flowchart verification are verification procedures, not summary-level description tools. D A detailed narrative provides a detail-level description, not a summary-level description. Question: 28 Accounts payable schedule verification may include the use of analytical information. Which of the following is analytical information? A.
Comparing the schedule with the accounts payable ledger or unpaid voucher file.
B.
Comparing the balance on the schedule with the balances of prior years.
C.
Comparing confirmations received from selected creditors with the accounts payable ledger.
D.
Examining vendors’ invoices in support of selected items on the schedule.
Answer (B) is correct. Analytical procedures are used to compare information with expectations. Such procedures include period-to-period comparisons. Thus, comparing the balance on a schedule with the balances from prior years creates analytical information. A Comparing the schedule with the accounts payable ledger or unpaid voucher file is a test of details. C Comparing confirmations received from selected creditors with the accounts payable ledger is a test of details. D Examining vendors’ invoices in support of selected items on the schedule is a test of details. Question: 29 During an engagement, the internal auditor should consider the following factor(s) in determining the extent to which analytical procedures should be used during the engagement: A.
Adequacy of the system of internal control.
B.
Significance of the area being examined.
C.
Precision with which the results of analytical audit procedures can be predicted.
D.
All of the answers are correct.
Answer (D) is correct. When determining the extent to which analytical procedures should be used, the internal auditor considers (1) the significance of the area being examined, (2) the assessment of risk management in the audited area, (3) the adequacy of the internal control system, (4) the availability and reliability of financial and nonfinancial information, (5) the precision with which the results of analytical audit procedures can be predicted, (6) the availability and comparability of information regarding the industry in which the organization operates, and (7) the extent to which other procedures provide evidence.
A The adequacy of the system of internal control should be considered. B The significance of the area being examined should be considered. C The precision with which the results of analytical procedures can be predicted should be considered. Question: 30 During an operational audit engagement, an auditor compared the inventory turnover rate of a subsidiary with established industry standards in order to A.
Evaluate the accuracy of internal financial reports.
B.
Test controls designed to safeguard assets.
C.
Determine compliance with corporate procedures regarding inventory levels.
D.
Assess performance and indicate where additional audit work may be needed.
Answer (D) is correct. Inventory turnover provides analytical information. It equals cost of sales divided by average inventory. A low turnover ratio implies that inventory is excessive, for example, because the goods are obsolete or because the organization has overestimated demand. Accordingly, such an analytical procedure will provide an indication of the efficiency and effectiveness of the subsidiary’s management of the inventory. A Comparison with industry standards will not test the accuracy of internal reporting. B Comparison with industry standards will not test the controls designed to safeguard the inventory. C Comparison with industry standards will not test compliance. Question: 31 Analytical procedures enable the internal auditor to predict the balance or quantity of an item. Information to develop this estimate can be obtained by all of the following except A. Tracing transactions through the system to determine whether procedures are being applied as prescribed. B. Comparing financial data with data for comparable prior periods, anticipated results (e.g., budgets and forecasts), and similar data for the industry in which the entity operates. C. Studying the relationships of elements of financial data that would be expected to conform to a predictable pattern based upon the entity’s experience. D.
Studying the relationships of financial data with relevant nonfinancial data.
Answer (A) is correct.
Tracing transactions through the system is a test of controls directed toward the operating effectiveness of internal control, not an analytical procedure. B The basic premise of analytical procedures is that plausible relationships among data may be reasonably expected to exist and continue in the absence of known conditions to the contrary. Welldrafted budgets and forecasts prepared at the beginning of the year should therefore be compared with actual results, and engagement client information should be compared with data for the industry in which the engagement client operates. C The internal auditor should expect financial ratios and relationships to exist and to remain relatively stable in the absence of reasons for variation. D Financial information is related to nonfinancial information; e.g., salary expense should be related to the number of hours worked. Question: 32 Analytical procedures in which current financial statements are compared with budgets or previous statements are primarily intended to determine the A.
Adequacy of financial statement disclosure.
B.
Existence of specific errors or omissions.
C.
Overall reasonableness of statement contents.
D.
Use of an erroneous cutoff date.
Answer (C) is correct. An analytical procedure in the form of a period-to-period comparison is primarily intended to assess the reasonableness of current content in relation to previous content. A An analytical procedure in the form of a period-to-period comparison is not primarily intended to determine the adequacy of financial statement disclosure. B An analytical procedure in the form of a period-to-period comparison is not primarily intended to determine the existence of specific errors or omissions, even though errors or omissions may be discovered. D An analytical procedure in the form of a period-to-period comparison is not primarily intended to determine the use of an erroneous cutoff date. Question: 33 A rental car organization’s fleet maintenance division uses a different code for each type of inventory transaction. A daily summary report lists activity by part number and transaction code. The report is reconciled by the parts room supervisor to the day’s material request forms and is then forwarded to the fleet manager for approval. The use of transaction codes provides the fleet manager with information concerning the types of inventory activities. The internal auditor is considering an analytical review of transaction codes and materials used. The objective of this review is to
A.
Provide information about overstocked inventory items.
B.
Reveal shortages in perpetual inventory records.
C.
Determine whether inventory items are properly valued.
D.
Identify possible material lost due to employee theft.
Answer (D) is correct. Analytical procedures often provide the internal auditor with an efficient and effective means of obtaining evidence. The assessment results from comparing information with expectations identified or developed by the internal auditor. Analytical procedures are useful in identifying (1) unexpected differences, (2) the absence of differences when they are expected, (3) potential errors, (4) potential fraud or illegal acts, or (5) other unusual or nonrecurring transactions or events. An analysis of materials used and materials issued may reveal a discrepancy. One possible explanation for excessive issuance of materials is employee theft. A The summary report does not include stocking levels. B The summary report concerns only issued items. C The summary report does not address the valuation assertion. Question: 34 The use of an analytical review to verify the correctness of various operating expenses would not be a preferred approach if A.
An auditor notes strong indicators of a specific fraud involving these accounts.
B.
Operations are relatively stable and have not changed much over the past year.
C.
An auditor would like to identify large, unusual, or non-recurring transactions during the year.
D.
Operating expenses vary in relation to other operating expenses, but not in relation to revenue.
Answer (A) is correct. Analytical auditing procedures assist internal auditors in identifying conditions that may require subsequent engagement procedures. Accordingly, if the auditor already suspects fraud involving operating expenses, a more directed audit approach is appropriate. B Operational stability suggests that the normal analytical relationships involving operating expenses continue to exist. This stability helps the auditor to develop expectations that may be used for comparison with actual results. C Analytical review is useful in identifying unusual or nonrecurring transactions or events.
D Analytical review is appropriate when plausible relationships among the data allow the auditor to develop or identify reasonable expectations that may be compared with actual data. For example, such relationships may include the ways in which operating expenses vary relative to each other. Analytical review of these expenses does not require that they be related to revenue. Question: 35 An inexperienced internal auditor notified the senior auditor of a significant variance from the engagement client’s budget. The senior told the new internal auditor not to worry because the senior had heard that there had been an unauthorized work stoppage that probably accounted for the difference. Which of the following statements is most appropriate? A.
The new internal auditor should have investigated the matter fully and not bothered the senior.
B.
The senior used proper judgment in curtailing what could have been a wasteful investigation.
C.
The senior should have halted the engagement until the variance was fully explained.
D. The senior should have aided the new internal auditor in formulating a plan for accumulating appropriate information. Answer (D) is correct. When analytical audit procedures identify unexpected results or relationships, the internal auditor evaluates such results or relationships instead of obtaining information to explain the variance. The senior allowed the identified variance to go unevaluated. A An inexperienced internal auditor should refer this matter to the senior. B The facts given do not support the conclusion that accumulating additional information would be wasteful. C The variance needs explanation, but the engagement should continue. Question: 36 A small city managed its own pension fund. According to the city charter, investments could be made only in bonds, money market funds, or high-quality stocks. The internal auditor has already verified the existence of the pension fund’s assets. The fund balance was not very large and was managed by the city’s CFO. The internal auditor decided to estimate income from investments of the fund by multiplying the average fund balance by a weighted-average rate based on the current portfolio mix. Upon doing so, the internal auditor found that recorded return was substantially less than was expected. The internal auditor’s next procedure should be to A.
Inquire of the CFO as to the reason that income appears to be less than expected.
B. Prepare a more detailed estimate of income by consulting a dividend and reporting service that lists the interest or dividends paid on specific stocks and bonds. C. Inform management and the board that fraud is suspected and suggest that legal counsel be called in to complete the investigation.
D. Select a sample of entries to the pension fund income account and trace to the cash journal to determine if cash was received. Answer (B) is correct. When analytical audit procedures identify unexpected results or relationships, for example, when pension fund assets are suspiciously low, the internal auditor evaluates such results or relationships. Thus, before inquiring of client management, the auditor should obtain more detailed information about the unexpected results or relationships. A The internal auditor should refine the estimate further before discussing the matter with the CFO. Even if the internal auditor has confidence in the first estimate, the suspicion of potential fraud should lead the internal auditor to do further work, e.g., tracing the estimated income developed in the first step to the cash receipts book before confronting the CFO. C The internal auditor does not have sufficient information to justify the conclusion that fraud has occurred. D This procedure would provide information only about recorded income. Question: 37 While testing the effectiveness of inventory controls, the internal auditor makes a note in the workpapers that most of the cycle count adjustments for the facility involved transactions of the machining department. The machining department also had generated an extraordinary number of cycle count adjustments in comparison with other departments last year. The internal auditor should A. Interview management and apply other engagement procedures to determine whether transaction controls and procedures within the machining department are adequate. B. Do no further work because the concern was not identified by the analytical procedures included in the engagement work program. C.
Notify internal auditing management that fraud is suspected.
D.
Place a note in the workpapers to review this matter in detail during the next engagement.
Answer (A) is correct. When analytical audit procedures identify unexpected results or relationships, the internal auditor evaluates such results or relationships. The auditor may ask management about the reasons for the difference and would corroborate management’s explanation. B The engagement work program is a guide that does not restrict the auditor from pursuing information unknown at the time that the program was written. C The facts do not yet support a conclusion that fraud has occurred. D The risk of a material misstatement of inventory should be addressed promptly.
Question: 38 An internal auditor was evaluating the effectiveness and efficiency of the operation of the motor pool. The engagement work program included the use of analytical procedures to observe the trend of expenses for major overhauls of heavy-wheeled vehicles. This trend showed a substantial increase in the last year of the ratios of monetary amounts spent in relation to (1) the number of vehicles being used, (2) the mileage of the vehicles, (3) the age of the equipment, and (4) environmental conditions. The auditor’s investigation indicated that two new maintenance firms were being used. The expenditure packages from the maintenance work were complete; however, the billings for the work had an unusual regularity. The identification of the vehicles being serviced did not correspond to the vehicle maintenance reports. Possible engagement procedures include 1. Discussing the matter with the superintendent of maintenance and asking for an explanation 2. Preparing a schedule of the types of maintenance being performed and comparing it with manufacturers’ maintenance guides 3. Analyzing vehicles’ trip tickets to determine if they contain indications of problems needing attention 4. Reviewing deadline reports to determine that vehicles were not in service on the dates of maintenance work 5. Reviewing dispatch schedules to determine whether vehicles were dispatched for use on days the maintenance work was reported as performed 6. Discussing the matter with plant security Which of the above actions should have the highest priority? A.
1, 6, and 4.
B.
4, 5, and 6.
C.
6, 5, and 1.
D.
2, 3, and 4.
Answer (B) is correct. When analytical procedures identify unexpected results or relationships, the internal auditor evaluates such results or relationships. This evaluation includes determining whether the difference from expectations could be a result of fraud, error, or a change in conditions. The auditor may ask management about the reasons for the difference and would corroborate management’s explanation, for example, by modifying expectations and recalculating the difference or by applying other audit procedures. Substantial increases in maintenance cost ratios indicate a need for a more extensive investigation. Items 4 and 5 could provide information regarding the status of vehicles. If discrepancies are found, the appropriate authorities within the organization should be consulted. A Discussing the matter with the superintendent could compromise the investigation if (s)he is engaged in fraudulent activities or tells someone who is.
B Discussing the matter with the superintendent could compromise the investigation, and the days that the vehicles were in use is irrelevant. D Items 2 and 3, although potential indicators of fraud, do not provide conclusive information. Fact Pattern: The internal auditor of a construction enterprise that builds foundations for bridges and large buildings performed a review of the expense accounts for equipment (augers) used to drill holes in rocks to set the foundation for the buildings. During the review, the internal auditor noted that the expenses related to some of the auger accounts had increased dramatically during the year. The internal auditor inquired of the construction manager who offered the explanation that the augers last 2 to 3 years and are expensed when purchased. Thus, the internal auditor should see a decrease in the expense accounts for these augers in the next year but would expect an increase in the expenses of other augers. The internal auditor also found out that the construction manager is responsible for the inventorying and receiving of the augers and is a part owner of a business that supplies augers to the organization. The supplier was approved by the president to improve the quality of equipment. Question: 39 Assume the internal auditor did not find a satisfactory explanation for the results of the analytical procedures performed and has conducted the appropriate follow-up procedures. The engagement in this area is otherwise complete. Which of the following would be the most appropriate action to take? A. Note the actions and follow-up next year. Defer the reporting to management until a satisfactory explanation can be obtained. B. Expand engagement procedures by observing the receipt of all augers during a reasonable period of time and trace the receipts to the appropriate accounts. Determine causes of any discrepancies. C. Report the observations, as they are, to management and recommend an investigation for possible fraud. D. Report the observations to the construction manager and insist that appropriate controls such as independent receiving reports be implemented. Follow up to see if the controls are properly implemented. Answer (C) is correct. When analytical audit procedures identify unexpected results or relationships, the internal auditor evaluates such results or relationships. Unexplained results or relationships discovered by applying analytical procedures may be an indication of a significant problem (e.g., a potential error, fraud, or illegal act). Results or relationships that are not adequately explained may indicate a situation to be communicated to senior management and the board. Depending on the circumstances, the internal auditor may recommend appropriate action.
A The auditor has an ethical duty to report material facts that, if not disclosed, may distort the reporting of activities under review (Rule of Conduct 2.3). B The results should be reported to management. The suggested procedure is incomplete and not likely to determine the causes of the problem. D The results should be reported to other levels of management. The internal auditor has already noted that the construction manager has a conflict of interest. Furthermore, the internal auditor cannot insist that controls be implemented; (s)he can only recommend. Question: 40 An internal auditor performs an analytical review by comparing the gross margins of various divisional operations with those of other divisions and with the individual division’s performance in previous years. The internal auditor notes a significant increase in the gross margin at one division. The internal auditor does some preliminary investigation and also notes that no changes occurred in products, production methods, or divisional management during the year. The most likely cause of the increase in gross margin is a(n) A.
Increase in the number of competitors selling similar products.
B.
Decrease in the number of suppliers of the material used in manufacturing the product.
C.
Overstatement of year-end inventory.
D.
Understatement of year-end accounts receivable.
Answer (C) is correct. An overstatement of year-end inventory results in an increase in the gross margin (sales – cost of sales). Overstating ending inventory understates cost of sales. A An increase in the number of competitors most likely results in price competition and a decrease in sales revenue and gross margin. B A decrease in the number of suppliers most likely results in less price competition on the supply side, with a consequent increase in costs and decrease in gross margin. D An understatement of accounts receivable understates sales and the gross margin. Question: 41 Which result of an analytical procedure suggests the existence of obsolete merchandise? A.
Decrease in the inventory turnover rate.
B.
Decrease in the ratio of gross profit to sales.
C.
Decrease in the ratio of inventory to accounts payable.
D.
Decrease in the ratio of inventory to accounts receivable.
Answer (A) is correct. Inventory turnover is equal to cost of sales divided by average inventory. If inventory is increasing at a faster rate than sales, the turnover rate decreases and suggests a buildup of unsalable inventory. The ratios of gross profit to sales, inventory to accounts payable, and inventory to accounts receivable do not necessarily change when obsolete merchandise is on hand. B The ratio of gross profit to sales does not necessarily change when obsolete merchandise is on hand. C The ratio of inventory to accounts payable does not necessarily change when obsolete merchandise is on hand. D The ratio of inventory to accounts receivable does not necessarily change when obsolete merchandise is on hand. Question: 42 An internal auditor decides to perform an inventory turnover analysis for both raw materials inventory and finished goods inventory. The analysis would be potentially useful in A. Identifying products for which management has not been attuned to changes in market demand. B.
Identifying potential problems in purchasing activities.
C.
Identifying obsolete inventory.
D.
All of the answers are correct.
Answer (D) is correct. Inventory turnover provides analytical information. It equals cost of sales divided by average inventory. A low turnover ratio implies that inventory is excessive, for example, because the goods are obsolete or because the organization has overestimated demand. A An inventory turnover analysis may also indicate potential problems in purchasing activities and the presence of obsolete inventory. B An inventory turnover analysis may also indicate erroneous demand forecasts and the presence of obsolete inventory. C An inventory turnover analysis may also indicate potential problems in purchasing activities and erroneous demand forecasts. Question: 43 An internal auditor’s preliminary analysis of accounts receivable turnover revealed the following rates: Year 1
Year 2
7.3
6.2
Year 3 4.3
Which of the following is the most likely cause of the decrease in accounts receivable turnover? A.
Increase in the cash discount offered.
B.
Liberalization of credit policy.
C.
Shortening of due date terms.
D.
Increased cash sales.
Answer (B) is correct. The accounts receivable turnover ratio equals net credit sales divided by average accounts receivable. Accounts receivable turnover will decrease if net credit sales decrease or average accounts receivable increase. Liberalization of credit policy will increase receivables. A An increase in cash sales that reduces credit sales as a result of an increased cash discount has an indeterminate effect on the turnover ratio. Both the numerator and the denominator are decreased but not necessarily by the same amount. An increase in cash sales not affecting credit sales has no effect on the ratio. C Shortening due dates decreases the average accounts receivable outstanding and increases the ratio if other factors are held constant. D Increased cash sales have an indeterminate effect on the turnover ratio. Fact Pattern: A medium-sized municipality provides 8.5 billion gallons of water per year for 31,000 customers. The water meters are replaced at least every 5 years to ensure accurate billing. The water department tracks unmetered water to identify water consumption that is not being billed. The department recently issued the following water activity report:
Activity
Month 1 Month 2 Month 3 Actual 1st Quarter 1st Quarter Goal
Meters Replaced 475
400
360
1,235
1,425
Leaks Reported 100
100
85
285
Leaks Repaired
100
100
85
285
100%
Unmetered Water 2%
6%
2%
4%
2%
Question: 44 Based on the activity reported for the meter replacement program, an internal auditor would conclude that A.
Established operating standards are understood and are being met.
B.
Any corrective action needed has probably been taken during the quarter.
C.
Deviations from the goal should be analyzed and corrected.
D.
Meters should be changed every 3 years.
Answer (C) is correct. The goal has not been met and corrective action is needed. According to Performance Standard 2100, internal auditors are involved in evaluating and improving the effectiveness of control processes using a systematic and disciplined approach. Thus, internal auditors should determine the extent to which results are consistent with goals. They also should determine the extent to which management has established adequate criteria. If adequate, auditors should use these criteria in their evaluation. A The actual number of meters replaced is less than the goal; therefore, the goal is not being met. B Corrective action has apparently not been taken. Actual replacement did not meet the goal. D This cannot be determined from the information given. Fact Pattern: A medium-sized municipality provides 8.5 billion gallons of water per year for 31,000 customers. The water meters are replaced at least every 5 years to ensure accurate billing. The water department tracks unmetered water to identify water consumption that is not being billed. The department recently issued the following water activity report:
Activity
Month 1 Month 2 Month 3 Actual 1st Quarter 1st Quarter Goal
Meters Replaced 475
400
360
1,235
1,425
Leaks Reported 100
100
85
285
Leaks Repaired
100
100
85
285
100%
Unmetered Water 2%
6%
2%
4%
2%
Question: 45 Based on the activity reported for the unmetered water, an internal auditor would conclude that A.
Established operating standards are understood and are being met.
B.
Further audit investigation of unmetered water is not warranted.
C.
The deviation in Month 2 was probably not corrected.
D.
The operating standard should be changed.
Answer (B) is correct. Analytical auditing procedures assist internal auditors in identifying conditions, which may require subsequent engagement procedures. Month 3 performance met the standard, so the deviation in Month 2 was probably corrected, and further audit work is not warranted.
A The actual unmetered water percentage was greater than the goal; therefore, the goal was not met. C The deviation in Month 2 was apparently corrected. D No evidence indicates that the operating standard is inappropriate. Question: 46 Assume an internal auditor computes an inventory turnover rate by product line and identifies a number of product lines with a rate of less than 3.5. Which of the following conclusions can be justified by these engagement results? 1. The identified product lines contain obsolete inventory. 2. Inventory is valued at more than net realizable value. 3. Inventory costs are too high because the organization is carrying obsolete inventory. A.
1 and 3 only.
B.
2 only.
C.
1, 2, and 3.
D.
None of the answers are correct.
Answer (D) is correct. The inventory turnover rate equals cost of sales divided by average inventory. An inventory turnover rate tells the internal auditor how many times the inventory has been sold during the period. However, the rate cannot be interpreted without additional information. Thus, the internal auditor cannot determine whether obsolete items are in inventory, inventory valuation is too high, or inventory costs are too high. A The inventory turnover rate must be compared with industry averages to determine whether it is relatively high or low. B The information provided by the inventory turnover rate is insufficient to conclude that inventory is valued at more than net realizable value. C More information is needed before conclusions can be drawn about obsolescence, valuation, or cost. Question: 47 period:
The following represents accounts receivable information for a corporation for a 3-year
Year 1
Year 2
Year 3
Net accounts receivable as a percentage of total assets
23.4%
27.3%
30.8%
Accounts receivable turnover ratio
6.98
6.05
5.21
All of the following are plausible explanations for these changes except A.
Fictitious sales may have been recorded.
B.
Credit and collection procedures have become ineffective.
C.
Allowance for bad debts is understated.
D.
Sales returns for credit have been overstated.
Answer (D) is correct. Overstated sales returns for credit is not a plausible answer. They would understate (not overstate) net accounts receivable. This understatement would result in lower (not higher) net accounts receivable balances as a percentage of total assets and higher (not lower) receivables turnover (sales ÷ average accounts receivable). A Fictitious sales is a plausible answer. They would generate additional uncollectible accounts receivable that are not necessarily reflected in the allowance for bad debts. The result would be a lower turnover ratio and a higher ratio of net receivables to total assets. B Ineffective credit and collection procedures is a plausible answer. They could contribute to increases in uncollectible accounts receivable that are not necessarily reflected in the allowance for bad debts. The result would be a lower turnover ratio and a higher ratio of net receivables to total assets. C An understated allowance for bad debts is a plausible answer. It would contribute to overstatement of net accounts receivable as a percentage of total assets and decreases in receivables turnover. Question: 48 The audit committee has expressed concern that the financial institution has been taking on higher-risk loans in pursuit of short-term profit goals. Which of the following engagement procedures provides the least amount of information to address this concern? A. Perform an analytical review of interest income as a percentage of the investment portfolio in comparison with a group of peer financial institutions. B. Take a random sample of loans made during the period and compare the riskiness of the loans with that of a random sample of loans made 2 years ago. C. Perform an analytical review that involves developing a chart to compare interest income plotted over the past 10 years. D. Develop a multiple-regression time-series analysis of income over the past 5 years including such factors as interest rate in the economy, size of loan portfolio, and dollar amount of new loans each year. Answer (C) is correct.
Plotting the changes in interest income over the past 10 years is the least useful procedure. It does not consider other important factors, such as size of the portfolio, changes in interest rates, the development of new financial instruments, the level of inflation, and government regulation. A Higher-risk loans should generate higher short-term interest income compared with that earned by comparable institutions. Higher-risk loans have higher yields. B A historical comparison of loan risk for the institution addresses the engagement objective. D Multiple regression explains the change in a dependent variable (interest income) attributable to two or more independent variables. Thus, it allows the internal auditor to estimate how much of the change might be due to a change in the riskiness of the loans. Question: 49 The internal auditor wishes to assess the impact of advertising expense on sales of fall merchandise. Which of the following is the most appropriate procedure? A.
Regression analysis of the advertising budget in relation to sales for the most recent fall quarter.
B.
Examination of customer surveys for comments in relation to the new ad campaign.
C.
Comparison of same-store sales for the most recent fall quarter and previous fall quarters.
D.
Trend analysis of sales for the previous year.
Answer (C) is correct. A comparison of like time periods would provide the best evidence of the impact of advertising on sales. A Actual, not budgeted, advertising expenses are relevant in relation to sales figures. B Customer surveys cannot be related directly to sales figures. D A trend analysis for a single year would provide no basis for comparison of seasonal items. Question: 50
Over the past 3 years, A+ auto dealership reported the following: Year 1
Total sales Sales promotions or events Sales associates Total vehicles sold
US $1 million
Year 2 US $2 million
Year 3 US $3 million
10
15
10
5
10
15
35
50
60
Which of the following is (are) a justified conclusion(s)? 1. The average sale price per vehicle increased each year.
2. Total sales are closely related to sales promotions or events for the year. 3. The number of sales associates is closely related to total sales for the year. A.
1 only.
B.
1 and 2 only.
C.
3 only.
D.
1 and 3 only.
Answer (D) is correct. Analytical procedures provide internal auditors with an efficient and effective means of assessing and evaluating information collected in an engagement. The assessment results from comparing information with expectations identified or developed by the internal auditor. Analytical procedures may include, among other things, (1) comparison of current information with similar prior-period information, (2) study of relationships of financial information with the appropriate nonfinancial information (for example, recorded payroll expense compared with changes in average number of employees), or (3) study of relationships among elements of information (for example, fluctuation in recorded interest expense compared with changes in related debt balances). Analytical procedures may be performed using monetary amounts, physical quantities, ratios, or percentages. The average sale price per vehicle (rounded to US $100) is US $28,600 (US $1 million ÷ 35 vehicles) for Year 1, US $40,000 (US $2 million ÷ 50 vehicles) for Year 2, and US $50,000 (US $3 million ÷ 60 vehicles) for Year 3. The number of sales associates appears to be directly correlated with total annual sales. Each increase of five sales associates corresponds to an increase of US $1 million in sales. But the sales promotions or events are not directly correlated with sales according to the data presented. A The number of sales associated also is closely correlated with total sales for the year. B Total sales are not closely correlated with sales promotions or events for the year. C The average sale price per vehicle increased each year.
Fact Pattern: Jane Jackson had been the regional sales manager for an organization for over 10 years. During this time, she had become very close friends with Frank Hansen, an internal audit manager. In addition to being neighbors, Jane and Frank had many of the same interests and belonged to the same tennis club. They trusted each other. Frank had helped Jane solve some sales problems, and Jane had given Frank some information that led to significant engagement observations during the past three engagements.
Percent increase in sales
Below are selected analytical data from the organization that have led staff internal auditors to believe that there has been a financial statement fraud. The perpetrator appears to have falsified sales information for the past 2 years. Frank is concerned because he recently completed an engagement in the area and accepted Jane’s explanation for differences in the analytical data. Frank is now certain that Jane is involved in the fraud.
Current
Last
–2
–3
–4
Year
Year
Year
Year
Year
10
8
6
4
5
4
5
3.5 4
54
49
42
Percent change in sales returns 8
6
3
Inventory turnover Gross margin percentage
39
5
40
2.5 3
Question: 51 Which combination of the following analytical data provides the strongest indication of the possibility of the fraud? A. Percentage increase in sales and inventory turnover. B. Gross margin percentage and change in sales returns. C. Inventory turnover and change in sales returns. D. Percentage increase in sales and gross margin percentage.
Answer (B) is correct. Rapid increases in gross margin percentage are expected if sales are fictitious, that is, if sales are recorded without shipments and a consequent increase in cost of sales. The large increase in returns is also symptomatic of falsified sales. A The increase in percentage change in sales is not unreasonable, and given the constant increase, one might expect increases in inventory that could keep turnover constant. C The turnover and return figures, when taken together, are not indications of sales overstatements. D If the increase in sales was due to a market sales price increase, one might expect these results.
Fact Pattern: Jane Jackson had been the regional sales manager for an Below are selected analytical data from the organization organization for over 10 years. During this time, she had that have led staff internal auditors to believe that there become very close friends with Frank Hansen, an internal has been a financial statement fraud. The perpetrator audit manager. In addition to being neighbors, Jane and appears to have falsified sales information for the past Frank had many of the same interests and belonged to the 2 years. Frank is concerned because he recently same tennis club. They trusted each other. Frank had completed an engagement in the area and accepted helped Jane solve some sales problems, and Jane had Jane’s explanation for differences in the analytical data. given Frank some information that led to significant Frank is now certain that Jane is involved in the fraud. engagement observations during the past three engagements.
Percent increase in sales
Last
–2
–3
–4
Year
Year
Year
Year
Year
10
8
6
4
5
4
5
3.5 4
54
49
42
Percent change in sales returns 8
6
3
Inventory turnover Gross margin percentage
Question: 52
Current
39
5
40
2.5 3
The current dilemma in which Frank finds himself was least likely caused by
A.
Not rotating engagements every year.
B.
Accepting an engagement in an area where he was a close personal friend of management.
C.
Failing to select the appropriate analytical procedures.
D.
Accepting the response of management without additional testing.
Answer (C) is correct. The information given suggests that Frank applied the proper analytical procedures but accepted management’s explanation of the findings. A Failure to rotate engagements seems to have contributed to Frank’s decision to accept management’s explanation for the analytical findings. B Frank’s friendship with Jane impaired his objectivity. D Frank’s acceptance of management’s explanations apparently resulted in his failure to obtain sufficient information. Question: 53 An unexpected decrease in which of the following ratios could indicate that fictitious inventory has been recorded? A.
Average collection period.
B.
Total asset turnover.
C.
Price-earnings.
D.
Current.
Answer (B) is correct. The total asset turnover ratio equals sales divided by total assets. An increase in reported inventory will increase total assets and decrease the ratio. A The average collection period equals average receivables divided by average daily net sales. An increase in reported inventory does not affect it. C The price-earnings ratio (price per share ÷ EPS) is not directly affected by fictitious inventory. D The current ratio (current assets ÷ current liabilities) is increased when fictitious inventory is recorded. Question: 54 An internal auditor’s workpapers should support the observations, conclusions, and recommendations to be communicated. One of the purposes of this requirement is to A.
Provide support for the internal audit activity’s financial budget.
B.
Facilitate quality assurance reviews.
C.
Provide control over workpapers.
D.
Permit the audit committee to review observations, conclusions, and recommendations.
Answer (B) is correct. As a means of developing internal audit staff, supervisory review of workpapers may be a basis for assessing the internal audit activity’s quality assurance and improvement program. Thus, they facilitate quality assurance reviews. A Financial budgets are based on the planned scope of internal audit work. C Control over workpapers is obtained by other means. D Audit committees rarely review the full draft of a final engagement communication, much less the supporting workpapers. Question: 55
A workpaper is complete when it
A.
Complies with the internal audit activity’s format requirements.
B.
Contains all of the attributes of an observation.
C.
Is clear, concise, and accurate.
D.
Satisfies the engagement objective for which it is developed.
Answer (D) is correct. Engagement workpapers, among other things, document whether engagement objectives were achieved. A Format requirements are superficial and indicate only that mechanical requirements have been met. They do not relate to content. B A workpaper may relate to only a part of an observation. C Clarity, concision, and accuracy are desirable characteristics of workpaper content. These qualities may be present although the workpaper is not complete. Question: 56
The internal auditor prepares workpapers primarily for the benefit of
A.
The external auditor.
B.
The internal audit activity.
C.
The engagement client.
D.
Senior management.
Answer (B) is correct. Internal auditors must document sufficient, reliable, relevant, and useful information to support the engagement results and conclusions (Perf. Std. 2330). Thus, internal auditors prepare workpapers primarily for the benefit of the internal audit activity. A Benefits to the external auditor are secondary. C Benefits to the engagement client are secondary. D Benefits to senior management are secondary. Question: 57 expense is to
The primary purpose of an engagement workpaper prepared in connection with payroll
A.
Record payroll data and analyses to support reported recommendations.
B.
Verify the work done by the internal auditor.
C.
Record the names of all employees.
D.
Provide documentation to support payroll taxes due.
Answer (A) is correct.
Workpapers should be sufficient and relevant to the objectives, observations, conclusions, and recommendations, making it useful to the organization. Thus, the primary purpose of an engagement workpaper prepared in connection with payroll expense is to record payroll data and analyses to support reported recommendations. B Verification of work done is a secondary purpose. C A list of employee names is but one part of the information required to support observations, conclusions, and recommendations. D Payroll expense, not payroll tax, is the subject of this workpaper. Question: 58 Standardized workpapers are often used, chiefly because they allow workpapers to be prepared more A.
Efficiently.
B.
Professionally.
C.
Neatly.
D.
Accurately.
Answer (A) is correct. Standardized engagement workpapers improve the efficiency and consistency of the engagement process. B Standard forms do not necessarily result in greater professionalism. C Standard forms clearly reduce time spent in workpaper preparation but do not necessarily result in greater neatness. D Standard forms do not necessarily result in greater accuracy. Question: 59 When performing an engagement to evaluate the computerized purchasing activities of a manufacturing organization, which of the following should be included in the permanent file portion of the engagement workpapers? A.
Copies of the computer program documentation.
B.
Printouts using internal auditor-prepared programs and test data.
C.
Prior year’s workpapers revised to reflect changes during the current year.
D.
Information concerning administrative controls over the computer operations at each location.
Answer (D) is correct.
The permanent section of the workpapers should contain the information necessary for continuing engagements. Administrative controls over the computer operations of each location, which are not likely to change from year to year, are appropriately included in the permanent section of the workpapers. A Program documentation is likely to change each year and will require reevaluation during each engagement. B Auditor-prepared programs and test data are likely to change each year and will require reevaluation for each engagement. C Prior year’s workpapers revised to reflect changes in the current year pertain to the current year’s engagement. Thus, they should be contained in the current section of the workpapers. Question: 60 Engagement workpapers are indexed by means of reference numbers. The primary purpose of indexing is to A.
Permit cross-referencing and simplify supervisory review.
B.
Support the final engagement communication.
C.
Eliminate the need for follow-up reviews.
D. Determine that workpapers adequately support observations, conclusions, and recommendations. Answer (A) is correct. Indexing permits cross-referencing. It is important because it simplifies supervisory review either during the engagement or subsequently by creating a trail of related items through the workpapers. It thus facilitates preparation of final engagement communications, later engagements for the same engagement client, and internal and external assessments of the internal audit activity. B The workpapers as a whole should support the final engagement communication. C Follow-up is necessitated by engagement client conditions, not the state of workpapers. D The purpose of supervisory review of workpapers is to determine that workpapers adequately support observations, conclusions, and recommendations. Question: 61
Which of the following conditions constitutes inappropriate preparation of workpapers?
A.
All forms and directives used by the engagement client are included in the workpapers.
B.
Flowcharts are included in the workpapers.
C.
Engagement observations are cross-referenced to supporting documentation.
D.
Tick marks are explained in notes.
Answer (A) is correct. Performance Standard 2330 states that internal auditors must document sufficient, reliable, relevant, and useful information to support the engagement results and conclusions. Thus, workpapers should be confined to information that is material and relevant to the engagement and the observations, conclusions, and recommendations. Thus, forms and directives used by the engagement client should be included only to the extent they support the observations, conclusions, and recommendations and are consistent with engagement objectives. B A graphic representation of the engagement client’s controls, document flows, and other activities is often vital for understanding operations and is therefore a necessary part of the documentation. C Cross-referencing is essential to the orderly arrangement and understanding of workpapers and reduces duplication. D Tick marks are verification symbols that should be standard throughout the engagement. They should be described in a note. Question: 62 Which type of workpaper summary is typically used to consolidate numerical data scattered among several schedules? A.
Statistical summaries.
B.
Segment summaries.
C.
Results summaries.
D.
Pyramid summaries.
Answer (A) is correct. Summarization of facts in the workpapers is a means of emphasizing important information, establishing perspective, providing an overview, aiding memory, training staff, facilitating supervisory review, and controlling engagements. By the use of indexing and cross-referencing, summaries may be used to relate different workpapers that concern a given point. A statistical summary condenses the related numerical information from engagement work programs. B A segment summary is a narrative with respect to a particular part of the engagement. It should appear at the beginning of each section of the workpapers, which should be organized logically according to the different objectives of the engagement. C A results summary provides the significant facts about engagement observations. D The term “pyramid summaries” is not meaningful in this context.
Fact Pattern: XYZ Bank Reconciliation
Legend: (a) Confirmed with bank -- see confirmation on W/P A-4.
June 30, Year 1 (b)Verified by tracing to July 15 cutoff statement; traced to cash (Amounts in currency units) receipts journal. Balance per bank (a) 16,482.97 Deposits in transit (b) (c) Okay. 6/29 2,561.14 6/30 1,572.28 4,133.42 (d)Examined supporting documentation and traced to final disposition. Subtotal 20,616.39 Outstanding checks (e) Footed total and compared with balance in general ledger. (c) 248 842.11 952 2,000.00 968 571.00 969 459.82 970 714.25 (4,587.18) Subtotal 16,029.21 Bank service charge 12.50 NSF check returned 350.00 (d) Error on check #954 (14.00) Balance per books (e) To T/B16,377.71
Question: 63
A deficiency in this workpaper is that
A.
A standardized cash reconciliation workpaper was not used.
B.
All verification symbols were not properly explained.
C.
Analytical review procedures were not performed.
D.
Cross-referencing of workpapers was not accomplished.
Answer (B) is correct. Each engagement workpaper should contain a heading, which usually consists of the name of the client’s organization or function, a title or description of the contents or purpose of the paper, and the date or period covered. Each workpaper should be signed (initialed) and dated by the internal auditor and contain an index or reference number. Verification symbols (tick marks) are also likely to appear on most workpapers and should be adequately explained in a note. In this example, the explanation for tick mark (c) does not detail the procedures used to review outstanding checks. A Efficiency can be achieved through standardization; however, not every workpaper can be standardized. This workpaper may be subject to standardization but is not inadequate in that respect. C Analytical procedures are usually not as relevant to the examination of cash as to other assets and liabilities.
D Cross-referencing was accomplished. Question: 64 Which of the following concepts distinguishes the retention of computerized audit documentation from the traditional hard copy form? A. Analyses, conclusions, and recommendations are filed on electronic media and are therefore subject to computer system controls and security procedures. B. Evidential support for all findings is copied and provided to local management during the closing conference and to each person receiving the final report. C.
Computerized data files can be used in computer audit procedures.
D. Audit programs can be standardized to eliminate the need for a preliminary survey at each location. Answer (A) is correct. The only difference between the computerized audit documentation and hard copy form is how the workpapers are stored. Electronic audit documentation is saved either on disks or hard drive, whereas hard copy is stored in a file cabinet. Unlike computerized audit documentation, hard copies are not subject to computer controls and security procedures. B Evidential support would be retained and provided on the basis of the nature of the finding and not the media used for storing audit documentation. C his capability is not an exclusive function of computerized audit documentation. D Though the nature of the preliminary survey may change in some cases, the requirement for this phase of the audit is not eliminated by computerized audit documentation. Question: 65 Which of the following actions constitutes a violation of the confidentiality concept regarding workpapers? An internal auditor A.
Takes workpapers to his or her hotel room overnight.
B.
Shows workpapers on occasion to engagement clients.
C.
Allows the external auditor to copy workpapers.
D.
Misplaces workpapers occasionally.
Answer (D) is correct. The internal audit activity controls engagement workpapers and provides access to authorized personnel only. By misplacing workpapers occasionally, the internal auditor is thus violating the confidentiality concept.
A Continuous physical control of workpapers during fieldwork may be appropriate. B Engagement clients may be shown workpapers with the CAE’s approval. C Internal and external auditors commonly grant access to each others’ work programs and workpapers. Question: 66 Workpapers contain a record of engagement work performed and much confidential information. They are the property of the organization and remain under control of the internal audit activity, which is responsible for their security. Which of the following is the most important control requirement for workpapers? A.
Allow access to workpapers only to internal audit activity personnel.
B.
Provide for the protection of workpapers at all times and to the extent appropriate.
C. Make the administrative section of the internal audit activity responsible for the security of workpapers. D.
Purge workpapers periodically of materials that are considered confidential.
Answer (B) is correct. Workpapers should always be properly protected. During the field work, they should be in the internal auditor’s physical possession or control or otherwise protected against fire, theft, or other disaster. For example, the internal auditor may use the engagement client’s safe or other security facilities. In the internal auditing office, they should be kept in locked files and should be formally signed out when removed from the files. When others (government auditors, the external audit firm, etc.) review the workpapers, the reviews should take place in the internal auditing office. Secure files should be provided for long-term storage, and itemized records of their location should be maintained. When electronic workpapers are placed online, computer system security measures should be similar to those used for other highly sensitive information of the organization. A Workpapers may be shown to engagement clients or others if engagement objectives will not be compromised. C This arrangement is awkward for workpapers needed at the engagement site. D Lack of relevance to future needs, not confidentiality, is the criterion for destruction of workpapers. Question: 67 A fire destroyed a large portion of an organization’s inventory. Management is filing an insurance claim and needs to use the internal auditors’ workpapers in preparing the claim. Management A.
May not use the workpapers in preparing the claim.
B. May use the workpapers in preparing the claim, but such use should be approved by the chief audit executive.
C. Should be precluded from preparing the claim, and this function should be performed by the internal audit activity. D. May use the workpapers in preparing the claim, but such use should be approved by the organization’s external auditors. Answer (B) is correct. One potential use of engagement workpapers is to provide support in the organization’s pursuit of insurance claims, fraud cases, and lawsuits. In such cases, management and other members of the organization may request access to engagement workpapers. This access may be necessary to substantiate or explain engagement observations and recommendations or to use engagement documentation for other business purposes. The CAE should approve these requests. Accordingly, the insurance claim is an “other business purpose,” and management may use the internal auditors’ workpapers in preparing the claim. A Workpapers may be used for “other business purposes.” C Management, not the internal audit activity, should prepare the insurance claim. D The approval of external auditors is not needed.
Question: 68 client when
The internal auditor is most likely to make workpapers available to the engagement
A.
Fraud is suspected.
B.
The internal auditors have recorded specific damaging comments.
C.
The internal auditor considers the content noncontroversial.
D.
Engagement client comments are needed to evaluate significance and accuracy.
Answer (D) is correct. When the engagement objectives will not be compromised, the internal auditor may show all or part of the workpapers to the auditee (engagement client). For instance, the results of certain engagement procedures may be shared to encourage corrective action. Thus, workpapers as well as drafts of engagement communications may be reviewed with auditees to verify their accuracy, completeness, and significance. But complete disclosure may permit circumvention of the internal auditors’ procedures, and workpapers should never be shared with auditees in fraud investigations. A Workpapers are never shown to auditees when their involvement in fraud is suspected.
B The workpapers usually should not be shown to auditees when internal auditor-auditee relations might thereby be damaged or the engagement objectives compromised. C Access to noncontroversial matter may nevertheless permit circumvention of engagement procedures. Question: 69 must
Workpapers should be disposed of when they are of no further use. Retention policies
A.
Specify a minimum retention period of 3 years.
B.
Be prepared by the audit committee.
C.
Be approved by legal counsel.
D.
Be approved by the external auditor.
Answer (C) is correct. The chief audit executive must develop retention requirements for engagement records, regardless of the medium in which each record is stored. These retention requirements must be consistent with the organization’s guidelines and any pertinent regulatory or other requirements (Impl. Std. 2330.A2). Thus, approval by the organization’s legal counsel is appropriate. A Workpapers should not be retained for an arbitrary period. The duration of retention is a function of usefulness, including legal considerations. B The CAE must develop retention policies. C Retention policies need not be approved by the external auditor. Question: 70 should be
When current-file workpapers are no longer of use to the internal audit activity, they
A.
Destroyed.
B.
Placed in the custody of the organizational legal department for safekeeping.
C.
Transferred to the permanent file.
D.
Transferred to the custody of the engagement client for ease of future records.
Answer (A) is correct. Workpapers should be destroyed after they have served their purpose. Any parts having continuing value should be brought forward to current workpapers or to the permanent file. B If workpapers are useful, they should be controlled by the internal auditors.
C Useless workpapers should be destroyed. D Engagement clients should not have custody of confidential papers. Question: 71
The best description of the principal purpose for retaining workpapers is to
A.
Help perform the engagement in an orderly fashion.
B.
Maintain the engagement work program for reuse in the next engagement.
C.
Provide support for the final engagement communication.
D.
Provide a basis for supervisory review.
Answer (C) is correct. Engagement workpapers provide the principal support for the engagement results. They should be retained after the final engagement communication has been issued for a time that is consistent with organizational guidelines and any pertinent regulatory or other requirements. A An important but secondary purpose of workpaper retention is orderly performance of engagements. B An important but secondary purpose of workpaper retention is the reuse of work programs. D An important but secondary purpose of workpaper retention is supervisory review. Question: 72
Engagement workpapers are reviewed to ensure that
A.
They are properly cross-referenced to the engagement communications.
B.
No issues are open at the conclusion of the field work.
C.
They meet or exceed the work standards of the organization’s external auditors.
D.
They are properly referenced for easy follow-up within the next year.
Answer (B) is correct. All engagement workpapers are reviewed to ensure they support engagement communications and necessary audit procedures are performed. A Cross-referencing workpapers to the engagement communications is not specifically addressed. C Whether workpapers meet or exceed the work standards of the external auditors is not specifically addressed. D Proper referencing of workpapers for easy follow-up within the next year is not specifically addressed.
Question: 73 During the workpaper review, an internal auditing supervisor finds that the internal auditor’s observations are not adequately cross-referenced to supporting documentation. The supervisor will most likely instruct the internal auditor to A.
Prepare a workpaper to indicate that the full scope of the engagement was carried out.
B. Familiarize himself or herself with the sequence of workpapers so that (s)he will be able to answer questions about the conclusions stated in the final engagement communication. C.
Eliminate any cross-references to other workpapers because the system is unclear.
D. Provide a cross-referencing system that shows the relationship among observations, conclusions, recommendations, and the related facts. Answer (D) is correct. Cross-referencing is important because it simplifies review either during the engagement or subsequently by creating a trail of related items through the workpapers. It thus facilitates preparation of the final engagement communication and later engagements for the same engagement client. A A full set of properly indexed and cross-referenced workpapers, not a separate analysis, is necessary. B Proper cross-referencing avoids the need to memorize the locations of supporting information. C Cross-references should be added, not deleted. Question: 74 Which of the following represents appropriate evidence of supervisory review of engagement workpapers? 1. A supervisor’s initials on each workpaper. 2. An engagement workpaper review checklist. 3. A memorandum specifying the nature, extent, and results of the supervisory review of workpapers. 4. Performance appraisals that assess the quality of workpapers prepared by auditors. A.
2 and 4 only.
B.
1, 2, and 3 only.
C.
1, 3, and 4 only.
D.
1, 2, 3, and 4.
Answer (B) is correct. A supervisor’s initials, an engagement workpaper review checklist, and a memorandum describing the review are appropriate. Also, performance appraisals that mention workpaper quality are appropriate in
the evaluation of individual auditors, but they do not represent sufficient evidence of review for engagement workpapers. A A supervisor’s initials and a memorandum describing the review are appropriate. Also, performance appraisals that mention workpaper quality are appropriate in the evaluation of individual auditors, but they do not represent sufficient evidence of review for engagement workpapers. C An engagement workpaper review checklist is appropriate. Also, performance appraisals that mention workpaper quality are appropriate in the evaluation of individual auditors, but they do not represent sufficient evidence of review for engagement workpapers. D Performance appraisals that mention workpaper quality are appropriate in the evaluation of individual auditors, but they do not represent sufficient evidence of review for engagement workpapers. Question: 75 An internal auditing manager is reviewing the engagement workpapers prepared by the staff. Which of the following review comments is true? A. Each workpaper should include the actual and the budgeted times related to such engagement work. B. Including copies of all the forms and directives of the engagement client constitutes overdocumentation. C. Conclusions need not be documented in the workpapers when the engagement objectives are achieved. D.
Each workpaper should include a statement regarding the engagement client’s cooperation.
Answer (B) is correct. All engagement workpapers are reviewed to ensure they support engagement communications and necessary audit procedures are performed. However, adequate support includes only those forms and directives that are relevant to the engagement or to the observations, conclusions, and recommendations. Thus, including copies of all the forms and directives of the client constitutes overdocumentation. A Actual and budgeted times are documented in the budget section of the workpapers and not on each workpaper. C Conclusions should be documented in the workpapers whether or not the engagement objectives are achieved. D Only noncooperation is likely to be documented.
Question: 76 When reviewing engagement workpapers, the primary responsibility of an engagement supervisor is to determine that A.
Each worksheet is properly identified with a descriptive heading.
B.
Workpapers are properly referenced and kept in logical groupings.
C. Standard internal audit activity procedures are adhered to with regard to workpaper preparation and technique. D. Workpapers adequately support the engagement observations, conclusions, and recommendations. Answer (D) is correct. All engagement workpapers are reviewed to ensure they support engagement communications and necessary audit procedures are performed. A Descriptive headings are not of primary importance. B Proper referencing and logical groupings are not of primary importance. C Adherence to procedures is not of primary importance. Question: 77 “Except for the missing documentation noted above, the system of internal controls over petty cash is functioning as intended.” The preceding statement is an example of a(n) A.
Observation.
B.
Objective.
C.
Conclusion.
D.
Finding.
Answer (C) is correct. A conclusion or opinion is the auditor’s interpretation of the results of the engagement. It allows the reader to understand the meaning of what the auditor discovered. A A finding (observation) is a relevant statement of fact about the results of an internal audit without interpretation or commentary. B The IIA Glossary defines engagement objectives as broad statements developed by internal auditors that define intended engagement accomplishments.
D A finding (observation) is an objective statement of fact about the results of an internal audit without interpretation or commentary. Question: 78
Which two terms are often used interchangeably?
A.
“Conclusion” and “opinion.”
B.
“Finding” and “conclusion.”
C.
“Finding” and “opinion.”
D.
“Opinion” and “observation.”
Answer (A) is correct. Conclusions or opinions are the internal auditor’s evaluations of the effects of the observations and recommendations on the activities reviewed. They usually put the observations and recommendations in perspective based upon their overall implications. To some extent, the terms are interchangeable. B “Finding” is a synonym for “observation.” “Conclusion” is a synonym for “opinion.” C “Finding” is a synonym for “observation.” “Opinion” is a synonym for “conclusion.” D “Opinion” is a synonym for “conclusion.” “Observation” is a synonym for “finding.” Question: 79 “Three of six petty cash funds examined failed to contain either the correct amount of funds or sufficient documentation in lieu of funds, a 50% noncompliance rate.” The above statement is an example of a(n) A.
Observation.
B.
Opinion.
C.
Conclusion.
D.
Recommendation.
Answer (A) is correct. A finding or observation is a relevant statement of fact about the results of an internal audit without interpretation or commentary. B A conclusion or opinion is the auditor’s interpretation of the results of an internal audit. C A conclusion or opinion is the auditor’s interpretation of the results of an internal audit. D A recommendation is a description of actions that the auditor believes the auditee should undertake to remedy the negative observations made in the course of the engagement.
Question: 80 The single most important factor in drawing a useful conclusion or stating a useful opinion in an engagement report is A.
Use of statistical sampling techniques.
B.
Senior management interest in the engagement outcome.
C.
Auditee management assurances.
D.
Auditor judgment.
Answer (D) is correct. Auditor judgment is the essential element in moving from a finding/observation to a conclusion or opinion. No formula can tell an auditor whether a certain exception rate is indicative of a working or failing control. A Statistical sampling allows the auditor to state the results of the engagement with a certain level of confidence, but it is not a substitute for auditor judgment. B The level of interest of senior management in the engagement must not affect the auditor’s judgment in drawing conclusions and stating opinions. C Assurances provided by auditee management are among many factors used by internal auditors as input into forming findings/observations and the resulting conclusions/opinions. Question: 81 An internal auditor interviewed client personnel and obtained an understanding of the auditee department’s operations. The auditor then performed testwork. The auditor’s presentation of the results of the testwork will usually take the form of a A.
Finding.
B.
Conclusion.
C.
Recommendation.
D.
Meeting with senior management.
Answer (A) is correct. A finding (observation) is a relevant statement of fact about the results of audit testwork without interpretation or commentary. B A conclusion or opinion can only be drawn once the results of the engagement have taken the form of a finding or observation. C A recommendation can only be prepared once a finding/observation has been formulated and a conclusion or opinion has been stated.
D Unless the auditor has found evidence of fraud or a control deficiency that requires immediate correction, meeting with senior management is not the appropriate next step. Fact Pattern: A medium-sized municipality provides 8.5 billion gallons of water per year for 31,000 customers. The water meters are replaced at least every 5 years to ensure accurate billing. The water department tracks unmetered water to identify water consumption that is not being billed. The department recently issued the following water activity report: Month
Month
Month
Actual
1st Quarter
1
2
3
1st Quarter
Goal
Activity
Meters replaced 475
400
360
1,235
1,425
Leaks reported
100
100
85
285
Leaks repaired
100
100
85
285
100%
Unmetered water 2%
6%
2%
4%
2%
Question: 82 Based on the activity reported for leaks repaired in the first quarter, an internal auditor would conclude that A.
Established operating standards are understood and are being met.
B.
Deviations from the goal should be analyzed and corrective action should be taken.
C.
The operating standard should be changed.
D.
The leak-repair program is overstaffed.
Answer (A) is correct. Every leak reported during the quarter was repaired. The auditor can thus conclude that established operating standards are understood and are being met. B There were no deviations from the goal. Every leak reported during the quarter was repaired. C Every leak reported during the quarter was repaired. Current resources are sufficient to achieve the established goal. Therefore, no change to the operating standard is required. D Staffing information is not provided.
Question: 83 An internal audit staffer has just completed an assessment of the engagement client’s operating and financial controls. The auditor’s preliminary conclusion is that controls are adequately designed to achieve management’s operating and financial objectives. The auditor’s next step is to A.
Present his or her findings to the chief audit executive.
B.
Prepare a preliminary report on internal controls for presentation to the board.
C.
Report his or her results to the auditor in charge.
D.
Prepare a plan for testing internal controls.
Answer (C) is correct. The auditor in charge of the engagement is responsible for coordinating the results of audit work and ensuring that work performed supports conclusions and opinions. For this reason, internal audit staff must report the results of audit work to the auditor in charge. A The internal audit staffer presents his or her results to the auditor in charge of the engagement, not to the chief audit executive. B Preliminary results are not sufficient for the preparation of a report. Also, the internal audit staffer presents his or her results to the auditor in charge of the engagement, not to the board. D The auditor in charge must determine whether it is appropriate to proceed with testing controls after reviewing the internal audit staffer’s results. Question: 84 During an examination of a time-and-attendance system, an internal auditor determined that control over the time card system was excellent, all employees recorded their vacation time on weekly time cards, and each time card was properly reviewed and signed by a plant supervisor. The auditor also discovered one worker with no vacation time recorded on any time card for the period audited. Which of the following is reasonable for the auditor to conclude? A.
There was an error in the time cards for the one employee.
B.
There were errors in the time cards for other employees.
C.
Organizational policy required plant workers to take vacation time each year.
D.
The one employee took no time off for vacation during the period audited.
Answer (D) is correct. After performing procedures, the internal auditor applies experience, logic, and professional skepticism to analyzing and evaluating the evidence obtained (findings). The internal auditor then draws conclusions. The evidence is that (1) control over the time card system was excellent, (2) all employees recorded their vacation time on weekly time cards, and (3) each time card was properly reviewed and
signed by a plant supervisor. Evidence of excellent controls means the controls over the time card system are effectively managing related risks. Evidence that all employees recorded their vacation time means any employee who took vacation time recorded it on his or her time card. Evidence that each time card was properly reviewed and signed by a plant supervisor means the information on each time card was verified. Based on all the evidence, the reasonable conclusion when one employee does not record any vacation time during the period audited is that the employee did not take any vacation time during the period audited. A An error may have occurred, but the evidence suggests that the one employee took no time off. B No evidence suggests that any errors occurred. C Although the organization may have a policy that requires plant workers to take vacation time, no evidence suggests the existence of a required vacation policy. Question: 85 Internal auditing is conducting an assurance audit of a regional office. An internal audit team does not suspect fraud, but it has found the following significant gaps in controls that could create opportunities for fraud:
The same individual is allowed to send invoices and receive payments. Recordkeeping is lax. Some documentation of expenses is missing, but the internal auditor was able to obtain documentation from vendors. Some furniture is missing. It may have been stolen or discarded. The audit team has completed a report listing the various issues, explaining the potential for loss and fraud that these issues have created, and citing the organization’s policies and procedures. Management of the office responds to the report in an e-mail stating that (1) the recommendations are unwarranted, (2) the report questions the honesty of loyal employees, and (3) implementation of the recommendations would be an unnecessary waste of time. However, to satisfy concerns about invoicing and billing, the manager promises to review the paperwork weekly.
Which of the following best characterizes the nature of these findings? A. The findings do not describe conditions that could result in serious loss but are primarily procedural. B. The findings are significant because they are control weaknesses that could indicate further problems. C.
The findings represent significant violations of the organization’s policy.
D.
The findings are not significant because no allegations of fraud are made.
Answer (B) is correct.
The findings are significant because they involve control weaknesses. For example, allowing one individual to bill customers) and receive payment is a violation of the segregation of the duties of recording (e.g., preparation of invoices sent to customers) and asset custody (e.g., receipt of payments). The lack of precision in record keeping also may be creating opportunities for fraud, even though none may have occurred. A The findings describe conditions that could result in a serious loss. C The findings are not necessarily violations of policy. D Even though no allegations of fraud have been made, the findings are significant. Question: 86 The consumer products division of a large corporation has recently adopted a training program for its sales staff. The internal auditor has determined that one-half of the sales force has received the training. In the 6-month period following introduction of the training program, productivity increased 4% on a per-salesperson basis for those who had received the training. The soundest conclusion the auditor can reach based on these findings is that A.
The time spent on training has not been justified by the increase in productivity.
B.
The training program is a success so far.
C.
More information is needed before the success of the training program can be assessed.
D.
The remaining members of the sales force should receive training as soon as feasible.
Answer (C) is correct. No evidence is given that the auditor has determined the goals of the training program. Without a standard for measuring progress, the auditor cannot determine whether the program is effective. A The goals of the training program are not stated. Without this information, the auditor cannot determine whether the program is effective. B The goals of the training program are not stated. Whether the program is effective cannot be known without a standard of achievements. Before taking further action, the company should evaluate D the training program. Question: 87
Which of the following activities does not constitute engagement supervision?
A.
Preparing a preliminary engagement work program.
B.
Providing appropriate instructions to the internal auditors.
C.
Reviewing engagement workpapers.
D.
Ensuring that engagement communications meet appropriate criteria.
Answer (A) is correct. Preparing a preliminary engagement work program is part of engagement planning, not an aspect of engagement supervision. B Providing appropriate instructions to the internal auditors is an aspect of engagement supervision. C Reviewing engagement workpapers is an aspect of engagement supervision. D Ensuring that engagement objectives are achieved is an aspect of engagement supervision. Question: 88
Supervision of an internal audit engagement should include
A.
Determining that engagement workpapers adequately support the engagement observations.
B.
Assigning staff members to the particular engagement.
C.
Determining the scope of the engagement.
D.
Appraising each internal auditor’s performance on at least an annual basis.
Answer (A) is correct. Among other things, supervision includes ensuring that (1) the approved engagement work program is completed unless changes are justified and authorized, and (2) workpapers adequately support engagement observations, conclusions, and recommendations. B Engagement resource allocation is a planning function, not a supervisory function. C Determining the engagement scope is a planning function, not a supervisory function. D Appraising performance on an annual basis is not a supervisory function of a specific engagement but is part of the management of the human resources of the internal audit activity. Question: 89 A.
Which of the following best describes engagement supervision?
The manager of each engagement has the ultimate responsibility for supervision.
B. Supervision is primarily exercised at the final review stage of an engagement to ensure the accuracy of the engagement communications. C. Supervision is most important in the planning phase of the engagement to ensure appropriate coverage. D. Supervision is a continuing process beginning with planning and ending with the conclusion of the engagement. Answer (D) is correct.
The CAE (or designee) provides appropriate engagement supervision. Supervision is a process that begins with planning and continues throughout the engagement. A The CAE has the ultimate responsibility for supervision. B Supervision begins with planning and continues throughout the engagement. C Supervision is equally important in all phases of the engagement. Question: 90 When engagements are performed for the internal audit activity by nonstaff members, the chief audit executive is responsible for A.
Ensuring that the engagement communications are objective, clear, and timely.
B.
Reviewing the engagement work programs for approval.
C.
Providing appropriate supervision from the beginning to the conclusion of the engagement.
D.
None of the engagement work performed by those outside the department.
Answer (C) is correct. The CAE has overall responsibility for supervising the engagement, whether performed by or for the internal audit activity (Inter. Std. 2340). Supervision is a process that begins with planning and continues throughout the engagement. A Ensuring the quality of engagement communications is only one facet of supervision for which the CAE has ultimate, although perhaps not immediate, responsibility. B Approval of the engagement work program prior to the commencement of work by the CAE or a designee is only one facet of supervision for which the CAE has ultimate, although perhaps not immediate, responsibility. D The CAE is responsible for all work performed by or for the internal audit activity. Question: 91 Of the many tools available to assist an internal auditing supervisor, which of the following is of least assistance in the supervision of a specific engagement? A.
Assignment board.
B.
Time budget.
C.
Weekly status report.
D.
Time report.
Answer (A) is correct.
An assignment board is a cork board that uses assignment slips and numbered tack heads to display the scheduled engagements weekly for up to a year. It provides an overview of which staff members are working on each project and is therefore of minimal assistance in the actual supervision of a specific engagement. B A time budget is a tool for supervising a specific engagement. C A weekly status report is a tool for supervising a specific engagement. D A time report is a tool for supervising a specific engagement. Question: 92
The engagement team leader is least likely to have a primary role in
A.
Allocating budgeted engagement hours among assigned staff.
B.
Updating the permanent files.
C.
Reviewing the workpapers.
D.
Preparing the critique sheet for the engagement.
Answer (B) is correct. The engagement team leader (sometimes called a senior) is responsible for planning the engagement, coordinating the staff, and supervising the work. Updating the permanent files is a task most likely performed by the staff. A Allocating budgeted engagement hours among assigned staff is a planning task. C Reviewing the workpapers is a supervisory activity. D Preparing the critique sheet for the engagement is also a supervisory activity performed by the engagement team leader. Question: 93
The best control over the work on which internal auditors’ opinions are based is
A.
Supervisory review of all engagement work.
B.
Preparation of time budgets for internal audit activities.
C.
Preparation of engagement workpapers.
D.
Staffing of internal audit activities.
Answer (A) is correct. The engagement must be properly supervised to ensure objectives are achieved, quality is ensured, and staff is developed (Perf. Std. 2340). Supervision includes (1) ensuring the auditors possess the requisite knowledge, skills, and other competencies; (2) providing appropriate instructions during planning and
approving the engagement program; (3) ensuring the approved engagement program is complete unless changes are justified and authorized; (4) determining workpapers adequately support observations, conclusions, and recommendations; (5) ensuring communications are accurate, objective, clear, concise, constructive, and timely; (6) ensuring objectives are met; and (7) providing opportunities for developing internal auditors’ knowledge, skills, and other competencies. Thus, supervision is a control that applies to all aspects of engagements. B Although useful, time budgets do not ensure the adequacy of work. C Workpapers support the conclusions and engagement results, but supervision is necessary to ensure the adequacy of work. D Proper staffing is required, but supervision is essential to ensure the adequacy of work. Question: 94 The chief audit executive is responsible for engagement supervision. The most important form of supervision during the field work phase of engagements involves A. Ensuring that the approved engagement work program is completed unless changes are justified and authorized. B. Providing suitable instructions to subordinates at the outset of the engagement and approving the engagement work program. C.
Appraising each internal auditor’s performance at least annually.
D. Making sure that communications are accurate, objective, clear, concise, constructive, and timely. Answer (A) is correct. Supervision includes ensuring the approved engagement program is completed unless changes are justified and authorized. Execution of the work program requires supervision during field work. The other supervisory tasks generally are carried out before or after field work. B “At the outset of the engagement” is not during field work. C Annual performance appraisal is not specific to a particular engagement. D Engagement communications are prepared at the conclusion of field work. Question: 95 The auditor-in-charge of a financial audit for a global organization has assigned specific tasks to team members and reserved for herself the responsibility of maintaining contact with the managers of financial departments in eight countries. In reviewing the work papers of one auditor, the auditor-in-charge notes that some of the work is incomplete. The auditor explains that she is unfamiliar with the accounting practices and software systems used in this country. How could the auditor-incharge have managed this situation in a more efficient, effective manner?
A.
Work more closely with the audit client to secure more support for the assigned auditor.
B.
Build enough slack into the schedule to deal with delays due to an auditor’s lack of knowledge.
C.
Align auditor skills and knowledge with area needs before making assignments.
D. Allow more time in the schedule for the auditor to become more familiar with local practices and technology. Answer (C) is correct. Engagements must be properly supervised to ensure objectives are achieved, quality is assured, and staff is developed. In this case, the knowledge and skills of audit team members should have been considered before making assignments. The auditor in question might have been assigned to a different country or teamed with an auditor more familiar with the country’s practices and technology. A Working more closely with the audit client to secure more support for the assigned auditor is not an efficient solution. B Building enough slack into the schedule to deal with an auditor’s lack of knowledge is not an effective or efficient solution. D Allowing more time in the schedule for the auditor to become more familiar with local practices and technology is not the most efficient solution, especially if other auditors are available who have the appropriate skills and knowledge. Question: 96 An internal auditing manager is leading a three-person auditing team assigned to an assurance engagement at airport rental locations for a car rental company. All team members are experienced. In planning her own work schedule, the manager believes that it will be necessary to allow time to supervise the team during the execution phase, the planning process, and the drafting of the internal audit report. Is the manager taking the correct approach? Why? A.
No. Once planning is completed, the most critical supervisory task is review of workpapers.
B. No. When a team is experienced, supervision throughout the engagement is an unnecessary expense for the function. C.
Yes. All engagements should be closely supervised in the same manner.
D. Yes. Supervisory decisions must be made during all phases of the internal audit, regardless of the experience level of the team members. Answer (D) is correct. All engagements must be supervised properly to ensure objectives are achieved, quality is assured, and staff is developed. These responsibilities require attention throughout the engagement. Thus, supervisory decisions must be made during all phases of the internal audit.
A Supervisory decisions are made during all phases of the internal audit engagement. B Supervisory decisions are made during all phases of the internal audit engagement, regardless of the experience of the team members. C The degree and type of supervision depends on the circumstances of a particular engagement. Question: 97 1. 2. 3. 4.
Which of the following is(are) true about engagement supervision?
Specific activities are prescribed in the Standards. The extent varies depending on the proficiency of the internal auditors. The extent varies depending on the complexity of the engagement. The lead auditor has primary responsibility for supervision.
A.
1 only.
B.
1 and 3 only.
C.
1 and 4 only.
D.
1, 2, and 3 only.
Answer (D) is correct. The extent of supervision required depends on the proficiency and experience of internal auditors and the complexity of the engagement. The chief audit executive (CAE) has primary responsibility, but (s)he may delegate responsibility to appropriately experienced members of the internal audit activity. A The extent of supervision required also depends on the proficiency of the internal auditors and the complexity of the engagement. B The extent of supervision required also depends on the proficiency of the internal auditors. C The chief audit executive (CAE) has primary responsibility for supervision, although (s)he may delegate responsibility to experienced members of the internal audit activity. Question: 98 A new staff auditor was told to perform an audit in an area with which the auditor was not familiar. Due to time constraints, the audit was not supervised. The auditor was given the assignment because it represented a good learning experience, but the area was clearly beyond the auditor’s competence. Nevertheless, the auditor prepared comprehensive workpapers and reported the results to management. In this situation, A.
The audit department violated the Standards by not providing adequate supervision.
B. area.
The audit department violated the Standards by hiring an auditor without proficiency in the
C. The chief audit executive (CAE) has not violated the Standards because they do not address supervision. D.
The Standards and the Code of Ethics were followed by the audit department.
Answer (A) is correct. The extent of supervision required depends on the proficiency and experience of internal auditors and the complexity of the engagement. Because the auditor lacked adequate proficiency, supervision was required. Without adequate supervision, the Standards were violated. B Hiring an auditor without proficiency in a certain area is not a violation of the standards. C Properly supervising the engagement is directly addressed in the Standards. D The audit department violated the Standards by not providing proper supervision to the new staff auditor. Question: 99 When conducting a performance appraisal of an internal auditor who has been a belowaverage performer, an inappropriate procedure is to A.
Notify the internal auditor of the upcoming appraisal several days in advance.
B.
Use objective, impartial language.
C.
Use generalizations.
D.
Document the appraisal.
Answer (C) is correct. In a performance appraisal of a below-average performer, it is appropriate and advisable to notify the employee of the upcoming appraisal, use objective language, and document the appraisal. It is not appropriate to use generalizations when making a performance appraisal of a below-average performer. Rather, the evaluator must cite specific information and be prepared to support assertions with evidence. A This is an appropriate procedure when conducting a performance appraisal. B This is an appropriate procedure when conducting a performance appraisal. D This is an appropriate procedure when conducting a performance appraisal. Question: 100 An internal auditor notices that a particular supervisor’s performance appraisal ratings for any given subordinate tend to be consistently high, consistently low, or consistently in the middle across all performance dimensions. Which one of the following is the best conclusion to draw based on this observation?
A.
The way individuals are rated may be systematically biased.
B.
The performance appraisal forms probably have too many leading questions.
C.
This supervisor is trying too hard to treat everyone the same.
D.
This supervisor is too lenient in performance ratings.
Answer (A) is correct. If an employee’s performance appraisal of any given subordinate tends to be consistently high, consistently low, or consistently in the middle across the performance dimensions, a halo bias may exist in the way the subordinate is being rated. The halo effect is a generalization from the perception of one trait to others. B Appraisal ratings are not likely to remain consistent if the forms have too many leading questions. C Because some subordinates are ranked high, low, or in the middle, the supervisor is not treating everyone the same. D Some subordinates are ranked low, so the supervisor is probably not being too lenient.
PART-2 UNIT-9
1.During an engagement involving the receiving section of the purchasing division, the internal auditor discovers that a receiving problem might be the result of procedures followed in the procurement section. The internal audit activity’s management agrees that the internal auditor should extend the engagement, on a limited scale, into the procurement section. According to the Standards, which device should be used to communicate the change in engagement scope to the engagement client?
A.An informal notification of the involved supervisor. B.A formal written communication to the involved supervisor. C.A written interim communication to the involved supervisor and the same distribution as the original correspondence scheduling the engagement. D.No communication is necessary if the internal audit activity’s charter specifies the unrestricted scope of its work.
Answer (C) is correct. Interim reports are oral or written and may be transmitted formally or informally. Interim reports are used to communicate information that requires immediate attention, to communicate a change in engagement scope for the activity under review, or to keep management informed of engagement progress when engagements extend over a long period.
A.The engagement client’s management should be informed. B.The engagement client’s management should be informed. D.Nothing in the charter negates the need to inform concerned parties of changes in the scope of the engagement.
2.You are conducting an engagement to evaluate the organization’s marketing effort. You agreed to keep the marketing vice president informed of your progress on a regular basis. What method should be used for those progress reports?
A.Oral or written interim reports. B.Written reports signed by the chief audit executive. C.Copies of working paper summaries. D.Briefing by the appropriate marketing first-line supervisor.
Answer (A) is correct. Interim reports are oral or written and may be transmitted formally or informally. Interim reports are used to communicate information that requires immediate attention, to communicate a change in
engagement scope for the activity under review, or to keep management informed of engagement progress when engagements extend over a long period.
B.An oral report is acceptable. C.Engagement communications, not workpapers, should be submitted to engagement clients. D.The internal auditors, not a marketing supervisor, should submit engagement communications.
3.Which of the following is false with respect to the use of interim engagement communications? Interim engagement communications
A.Are used to communicate information that requires immediate attention. B.Are used to communicate a change in engagement scope for the activity under review. C.Keep management informed of engagement progress when engagements extend over a long period of time. D.Eliminate the need for issuing final engagement communications.
Answer (D) is correct. Interim reports are oral or written and may be transmitted formally or informally. They are used to communicate information that requires immediate attention, to communicate a change in engagement scope for the activity under review, or to keep management informed of engagement progress when engagements extend over a long period. The use of interim reports does not diminish or eliminate the need for a final report. A.Interim engagement communications are used to communicate information that requires immediate attention. B.Interim engagement communications are used to communicate a change in engagement scope for the activity under review. C.Interim engagement communications are used to keep management informed of engagement progress when engagements extend over a long period of time.
4.As an internal auditor for a multinational chemical producer, you have been assigned to an engagement at a local plant. This plant is similar in age, siting, and construction to two other plants owned by the same organization that have been recently cited for discharge of hazardous wastes. In addition, you are aware that chemicals manufactured at the plant release toxic by-products. Assume that you have evidence that the plant is discharging hazardous wastes. As a certified internal auditor, what is the appropriate communication requirement in this situation?
A.Send a copy of your engagement communication to the appropriate regulatory agency. B.Ignore the issue because the regulatory inspectors are better qualified to assess the danger. C.Issue an interim engagement communication to the appropriate levels of management. D.Note the issue in your workpapers but do not report it.
Answer (C) is correct. Interim reports are oral or written and may be transmitted formally or informally. Interim reports are used to communicate information that requires immediate attention, to communicate a change in engagement scope for the activity under review, or to keep management informed of engagement progress when engagements extend over a long period.
A.Internal auditors are not usually responsible for notifying outside authorities of suspected wrongdoing. B.Internal auditors must evaluate risk exposures and controls relating to compliance with laws, regulations, and contracts. D.The Standards require the reporting of violations of laws, regulations, and contracts.
5.Internal audit activity policy requires that final engagement communications not be issued without a management response. An engagement with significant observations is complete except for management’s response. Evaluate the following courses of action and select the best alternative.
A.Issue an interim engagement communication regarding the important issues noted. B.Modify the policy to allow a specific time period for management’s response. C.Wait for management’s response and then issue the engagement communication. D.Discuss the situation with the external auditors.
Answer (A) is correct. Interim reports are used to communicate information that requires immediate attention, to communicate a change in engagement scope for the activity under review, or to keep management informed of engagement progress when engagements extend over a long period. The use of interim reports does not diminish or eliminate the need for a final report.
B.Significant observations should be timely communicated. C.Significant observations should be timely communicated D.Significant observations should be timely communicated to senior management and the board.
6.An internal audit activity is conducting an engagement to evaluate the payroll and accounts receivable departments. Significant problems related to the approval of overtime have been noted. While the engagement is still in process, which of the following engagement communications is appropriate?
A.A summary communication. B.A final written communication.
C.A questionnaire-type communication. D.An oral communication.
Answer (D) is correct. Interim reports are oral or written and may be transmitted formally or informally. Interim reports are used to communicate information that requires immediate attention, to communicate a change in engagement scope for the activity under review, or to keep management informed of engagement progress when engagements extend over a long period. The use of interim reports does not diminish or eliminate the need for a final report.
A.A summary highlights engagement results; it is inappropriate while the engagement is still in process. B.A final written report is not required while the engagement is still in process. When a significant problem is discovered during the engagement, an oral or written interim report should be used to obtain immediate action. C.A questionnaire-type report is normally used within the internal audit activity. It has limited value.
7.In which of the following situations have the internal auditors appropriately transmitted their engagement communication? Situation 1 -- The engagement team is behind schedule so the in-charge internal auditor decides to present the final engagement communication orally to the area’s management in place of a written report. Situation 2 -- The area manager will be on vacation when the final engagement communication is expected to be issued. The in-charge internal auditor presents orally several items that need immediate corrective action. Situation 3 -- During inspection of inventory, an internal auditor observes water from a leaking section of the roof dripping on items stored beneath it. These items are susceptible to water damage. The internal auditor tells the plant manager who has the items moved and the roof repaired. The internal auditor does not mention this item in the final written engagement communication. Situation 4 -- The engagement team found only one minor problem during the engagement. This problem was pointed out to the manager of the area who took steps to correct it before the engagement was finished. The in-charge internal auditor decides that, because management need take no further corrective action, no written engagement communication for this engagement is necessary.
A.Situations 1 and 4. B.Situations 1 and 3. C.Situations 2 and 4. D.Situations 2 and 3.
Answer (D) is correct.
The handling of Situation 2 is appropriate because oral interim reports may be used to communicate information that requires immediate attention (the use of interim reports does not diminish the need for a final report). The handling of Situation 3 is appropriate because the condition does not exist at the date of the final communication.
A.No final written engagement communication was issued in either Situation 1 or 4. B.No final written engagement communication was issued in Situation 1. C.A written engagement communication stating that corrective action has been taken in Situation 4 is appropriate.
8.Fact Pattern: During an early phase of an extensive engagement to evaluate a manufacturer’s inventory management system, an internal auditor reviewed inventory levels. During this review, the internal auditor discovered that there had been recurring stockouts for some high demand items and that this had led to expensive expediting and work stoppages. Further investigation revealed that the purchasing department had regularly ordered these items based upon purchase orders produced automatically by the computerized inventory system. The quantity orders had been based on an economic order quantity (EOQ) model included in the computerized inventory system. The internal auditor determined that the EOQ model was properly designed and that the problem had resulted from failure to update data in the model concerning the time required for delivery.
Q:If the internal auditor decides that the situation warrants management’s immediate attention and the entire engagement will not be completed for several weeks, communication with management will probably take the form of a(n)
A.Summary written report to operating management. B.Oral report to senior management. C.Written interim report to operating management. D.Regular written report to operating management.
Answer (C) is correct. Interim reports are oral or written and may be transmitted formally or informally. Interim reports are used to communicate information that requires immediate attention, to communicate a change in engagement scope for the activity under review, or to keep management informed of engagement progress when engagements extend over a long period. An observation of this degree of importance should be in written format.
A.A summary report is addressed to senior management or the board B.Operating management should be given oral reports. D.A regular report would not be timely.
9.For a preliminary meeting with a client, the internal auditor has developed an agenda that includes, among other items, the topics for discussion listed below. Which is (are) appropriate for this meeting? 1.
The names of internal auditors present.
2.
The names of representatives of the audited function.
3.
An explanation of the analytical procedures the internal auditors will use to establish benchmarks for assessing activities.
4.
Review and sign-off of results to date.
A.1 only. B.1 and 4 only. C.1, 2, and 3 only. D.1, 2, and 4 only.
Answer (D) is correct. Sharing the names of representatives of internal auditing and the audited function is an appropriate topic to discuss at the preliminary meeting stage. The client also may be involved in reviewing and signing off on the results of testing (except when fraud is detected). However, it is not necessary to discuss with the client procedures to be performed by internal auditing, such as specific analytical procedures.
A.Sharing the names of representatives of the audited function and reviewing and signing off on results are appropriate at the preliminary meeting stage. B.Sharing the names of representatives of the audited function is also appropriate at the preliminary stage. C.Discussion of the procedures to be performed is inappropriate except to the extent the client’s cooperation is required.
10.With the final report on an operations audit due in three weeks, the internal auditor finds a violation of fire safety codes. Which of the following describes the best course of action the auditor could take?
A.Document the condition and plan to discuss it with management in the exit interview. B.Notify the local fire department. C.Report the finding immediately to the client’s maintenance department. D.Alert responsible management immediately in a written or an oral interim report.
Answer (D) is correct.
Problems, whether or not related to the engagement objectives, that require immediate action should be reported immediately to management in an interim report, which may be either oral or written. The workpapers and final report should document the communication and the evaluation of management’s response.
A.Problems that need immediate attention must be communicated in interim reports (oral or written), not documented and discussed during the exit interview. B.The internal auditor reports violations of regulations to external parties only if required by law or regulation. C.The internal auditor must notify management, not the maintenance department.
11.Which of the following are valid reasons to submit an interim report? 1)
Communicating a change in engagement scope.
2)
Updating management on progress during a long engagement.
3)
Informing management of significant matters, even if unrelated to the engagement.
4)
Addressing audit findings that will be excluded from the final report.
A.1 and 2 only. B.1, 2, and 3 only. C.3 and 4 only. D.1, 2, 3, and 4.
Answer (B) is correct. An interim report (oral or written) should be transmitted formally or informally to communicate (1) a change in the scope of the engagement, (2) the progress of a long-duration engagement, and (3) information needing immediate attention (even if not related to engagement objectives).
A.Informing management of significant matters, even if unrelated to the engagement, also is a valid reason for submitting an interim report. C.Addressing audit findings to be excluded from the final report is not a valid reason for submitting an interim report. Thus, some less significant matters resolved during the engagement may be excluded from the final report. But all matters should be documented in the workpapers. D.Addressing audit findings to be excluded from the final report is not a valid reason for submitting an interim report. Thus, some less significant matters resolved during the engagement may be excluded from the final report. But all matters should be documented in the workpapers.
12.Which of the following is not a major purpose of an engagement communication?
A.Inform.
B.Get results. C.Assign responsibility. D.Persuade.
Answer (C) is correct. According to Sawyer’s Internal Auditing (5th ed., p. 689), “Internal auditors should seek to inform (tell what they found), persuade (convince management of the worth and validity of the audit findings), and get results (move management toward change and improvement).”
A.Informing the board and senior management is a major purpose of an engagement communication. B.Getting results is a major purpose of an engagement communication. D.Persuading the board and senior management that certain conditions exist is a major purpose of an engagement communication.
13.A governmental agency, constrained by scarce internal audit and human resources, wishes to know the status of its program for licensing automobiles. In particular, management is concerned about the possibility of
A backlog in new license applications, and
Poor controls over the collection and processing of application fees.
The results of the preliminary survey and limited testing conducted by the internal audit activity revealed that the licensing process was operating as intended. No major deficiencies were noted. How should the internal audit activity proceed?
A.Perform no further work, issue a formal engagement communication with the survey results, and discuss the results with management. B.Perform no further work, discuss pertinent issues with management and the executive director, and prepare an engagement work program for future use so that another survey will not be necessary. C.Complete the engagement as scheduled to ensure that other issues do not exist that were not noted during the survey phase. D.Send a memorandum communication to the executive director and other concerned parties summarizing the preliminary survey results and indicating that the engagement has been canceled.
Answer (D) is correct. When preliminary surveys are effectively conducted, they provide very useful information regarding how well the organization (or surveyed process) is operating (Sawyer’s Internal Auditing, p. 184). When survey and preliminary testing results indicate “good systems, good controls, good surveillance, and good management . . .,” a decision may be made to perform no further engagement procedures. Accordingly, the internal auditor need only communicate this fact, along with summarized survey results, in a memorandum (an informal communication) to the executive director and other concerned parties.
A.Given that no further work was performed beyond the preliminary survey and limited testing, issuing a formal engagement communication discussing survey results with management would be inappropriate. B.No engagement work program should be prepared for the future. Because future events may alter existing circumstances, or compliance with policies and procedures may change, an engagement work program written now may be outdated for future use. Also, an engagement communication summarizing survey results should be prepared. C.An engagement may not be necessary if the survey and limited testing were conducted with due professional care. Given these results, the costs of an engagement may exceed the benefits.
14.Fact Pattern: During an early phase of an extensive engagement to evaluate a manufacturer’s inventory management system, an internal auditor reviewed inventory levels. During this review, the internal auditor discovered that there had been recurring stockouts for some high demand items and that this had led to expensive expediting and work stoppages. Further investigation revealed that the purchasing department had regularly ordered these items based upon purchase orders produced automatically by the computerized inventory system. The quantity orders had been based on an economic order quantity (EOQ) model included in the computerized inventory system. The internal auditor determined that the EOQ model was properly designed and that the problem had resulted from failure to update data in the model concerning the time required for delivery.
Q:The internal auditor should most likely conclude that these facts indicate a(n)
A.Breakdown in an operating system that the internal auditor should direct management to correct immediately. B.Important problem that discussion with operating management should easily resolve. C.Indication that the materials standards used in production planning should be scheduled for review. D.Important problem that should be included in an engagement communication.
Answer (D) is correct. The problems described clearly meet the materiality threshold for coverage in an engagement communication. The internal auditor should furnish recommendations for procedures to generate and enter the data necessary to update the model.
A.Internal auditors have no authority to compel management action. B.Informal discussion is not an appropriate way to approach a problem of such magnitude. C.The quantity available, not its quality, is at issue. 15.Fact Pattern:The internal audit activity has just completed an engagement to review loan processing and commercial loan account balances for a financial institution. Following are a few excerpts from the working papers indicating potential engagement observations.
The auditors took a statistical sample of 100 loan applications and determined that only 85 loans were granted. Of the 85 loans granted, the auditors noted that 4 loans should have been reviewed and approved by the loan committee but were not. Organizational policy states that all loans must be approved by the committee prior to funding. Each of the 4 loans, however, was approved by the vice president. The matter was discussed with the vice president, who indicated it was a competitive loan situation to a new customer and in the best interests of the financial institution to expedite the loan and establish a firm relationship with a growing customer. All of the other loans were formally approved by the loan committee. Of the 81 loans approved by the loan committee, the auditors found 7 in which the actual amount lent exceeded the approved amount. The auditors noted three instances in which loans were made to related groups of organizations without an analysis of the total amount of loans made to the controlling entity. There may be statutory limitations on the amount of loans that can be made to any individual controlling organization. Of the 81 loans approved by the loan committee, the auditors found that 14 contained either insufficient documentation or were not received by the committee in a timely fashion in advance of their meeting. The statistical sample was taken with a 95% confidence level using attribute sampling with a tolerable error limit of 4%. Assume that the sampling plan was implemented correctly.
Q:Regarding item D, which of the following is true? The deviation rate is under 4%; therefore, the observation need not be reported to management and the board. The internal auditor should review appropriate regulations and possibly obtain legal counsel’s opinion about the observation prior to including it in the final engagement communication. The internal auditor should report the observation to the vice president who approved the loans and ask for a follow-up communication during the engagement scheduled next year. No further action need be taken at this time. Review a plan by the loan committee to prevent such occurrences in the future and include a summary and analysis of the plan in the final engagement communication.
A.1 only. B.3 only. C.2 and 4. D.2 only.
Answer (C) is correct. Regarding item 2, the internal auditor should independently determine the significance of the observation and should consult an outside service provider (e.g., a legal specialist) if (s)he lacks the requisite expertise. Regarding item 4, the engagement communication should include recommendations for improvements, acknowledgments of satisfactory performance, and corrective actions.
A.The inclusion of an item in an engagement communication is based on the significance of the observation, not just the tolerable error rate. Furthermore, the upper error rate (not computed here) would be higher than the tolerable error rate. B.The loan approvals may represent significant violations of both governmental regulations and organizational policy. Waiting a full year for follow-up action without reaching a conclusion on the seriousness of the problem would not be appropriate. D.Statement 4 is also true
16.While performing an operational engagement involving the firm’s production cycle, an internal auditor discovers that, in the absence of specific guidelines, some engineers and buyers routinely accept vacation trips paid by certain of the firm’s vendors. Other engineers and buyers will not accept even a working lunch paid for by a vendor. Which of the following actions should the internal auditor take?
A.None. The engineers and buyers are professionals. An internal auditor should not inappropriately interfere in what is essentially a personal decision. B.Informally counsel the engineers and buyers who accept the vacation trips. This helps prevent the possibility of kickbacks, while preserving good internal auditor-engagement client relations. C.Formally recommend that the organization establish a code of ethics. Guidelines of acceptable conduct, within which individual decisions may be made, should be provided. D.Issue a formal engagement communication naming the personnel who accept vacations but make no recommendations. Corrective action is the responsibility of management.
Answer (C) is correct. The internal auditor may communicate recommendations for improvements, acknowledgments of satisfactory performance, and corrective actions. Recommendations are based on the internal auditor’s observations and conclusions. They call for action to correct existing conditions or improve operations and may suggest approaches to correcting or enhancing performance as a guide for management in achieving desired results. Recommendations can be general or specific. Accordingly, the internal auditor’s responsibility in these circumstances is to recommend adoption of a code of ethics.
A.Internal auditors are charged with the responsibility of evaluating what they examine and of making recommendations, if appropriate. B.Management is charged with the responsibility of making any corrections necessary within its department. D.Internal auditors should make recommendations if appropriate.
17.An engagement observation is worded as follows: The capital budget includes funds to purchase 11 new vehicles. Review of usage records showed that 10 vehicles in the fleet of 70 had been driven less than 2,500 miles during the past year. Vehicles have been assigned to different groups whose usage rates have varied greatly. There was no policy requiring rotation of vehicles between high and low usage groups. Lack of criteria for
assigning vehicles and a system for monitoring their usage could lead to purchasing unneeded vehicles. Based on the facts presented, it is appropriate to recommend that management
A.Establish a minimum of 2,500 miles per quarter as a criterion for assigning vehicles to user groups. B.Establish a system to rotate vehicles among users periodically. C.Delay the proposed vehicle purchases until the apparent excess capacity is adequately explained or absorbed. D.Withhold approval of the capital budget until other projects can be reviewed by internal auditing.
Answer (C) is correct. The internal auditor may communicate recommendations for improvements, acknowledgments of satisfactory performance, and corrective actions. Under some circumstances, the internal auditor may recommend a general course of action and specific suggestions for implementation. In other circumstances, the internal auditor may suggest further investigation or study.
A.Recommending specific criteria is not appropriate. B.Establishing a system to rotate vehicles is not an appropriate recommendation; the matter requires further analysis. D.Withholding approval of the capital budget is excessive given the results of the engagement just completed.
18.Fact Pattern:The following data were gathered during an internal auditor’s investigation of the reason for a material increase in bad debts expense. In preparing an engagement communication, each of the items might be classified as criteria, condition, cause, effect, or background information.
1. Very large orders require management’s approval of credit. 2. Engagement procedures showed that sales personnel regularly disregard credit guidelines when dealing with established customers. 3. A monthly report of write-offs is prepared but distributed only to the accounting department. 4. Credit reports are used only on new accounts. 5. Accounting department records suggest that uncollectible accounts could increase by 5% for the current year.
6. The bad debts loss increased by US $100,000 during the last fiscal year. 7. Even though procedures and criteria were changed to reduce the amount of bad-debt write-offs, the loss of commissions because of written-off accounts has increased for some sales personnel. 8. Credit department policy requires the review of credit references for all new accounts. 9. Current payment records are to be reviewed before extending additional credit to open accounts. 10. To reduce costs, the use of outside credit reports was suspended on several occasions. 11. Because several staff positions in the credit department were eliminated to reduce costs, some new accounts have received only cursory review. 12. According to the new credit manager, strict adherence to established credit policy is not necessary.
Q:The cause attribute is best illustrated by items numbered
A.2, 10, and 11. B.3, 4, and 12. C.5, 6, and 7. D.1, 8, and 9.
Answer (B) is correct. The cause attribute is the reason for the difference between the expected and actual conditions. Items 3, 4, and 12 explain why the deviation from the criteria occurred.
A.Items 2, 10, and 11 best illustrate the condition attribute. C.Items 5, 6, and 7 best illustrate the effect attribute. D.Items 1, 8, and 9 best illustrate the criteria attribute.
19.Fact Pattern:The following data were gathered during an internal auditor’s investigation of the reason for a material increase in bad debts expense. In preparing an engagement communication, each of the items might be classified as criteria, condition, cause, effect, or background information.
1. Very large orders require management’s approval of credit. 2. Engagement procedures showed that sales personnel regularly disregard credit guidelines when dealing with established customers. 3. A monthly report of write-offs is prepared but distributed only to the accounting department. 4. Credit reports are used only on new accounts.
5. Accounting department records suggest that uncollectible accounts could increase by 5% for the current year. 6. The bad debts loss increased by US $100,000 during the last fiscal year. 7. Even though procedures and criteria were changed to reduce the amount of bad-debt write-offs, the loss of commissions because of written-off accounts has increased for some sales personnel. 8. Credit department policy requires the review of credit references for all new accounts. 9. Current payment records are to be reviewed before extending additional credit to open accounts. 10. To reduce costs, the use of outside credit reports was suspended on several occasions. 11. Because several staff positions in the credit department were eliminated to reduce costs, some new accounts have received only cursory review. 12. According to the new credit manager, strict adherence to established credit policy is not necessary. Q:The effect attribute is best illustrated by items numbered
A.3, 4, and 12. B.5, 6, and 7. C.1, 8, and 9. D.2, 10, and 11.
Answer (B) is correct. The effect attribute is the risk or exposure the organization and/or others encounter because the condition is not consistent with the criteria (the impact of the difference). Items 5, 6, and 7 describe the impact of the difference.
A.Items 3, 4, and 12 best illustrate the cause attribute. C.Items 1, 8, and 9 best illustrate the criteria attribute. D.Items 2, 10, and 11 best illustrate the condition attribute.
20.As a result of an engagement performed at a bank, the internal auditor included the following observation in the final engagement communication:
The late charges were waived on an excessive number of delinquent installment loan payments at the Spring Street Branch. We were informed that late charge waivers are not approved by an officer. Approximately US $5,000 per year in revenues are being lost. In order to provide a better control over late charges waived and loss of income, we recommend that a lending officer be responsible for waiving late charges and that this approval be in writing.
Which of the following elements of an observation is not properly addressed?
A.Criteria or standards. B.Condition. C.Cause. D.Effect.
Answer (A) is correct. Criteria are the standards, measures, or expectations used in making an evaluation and/or verification (the correct state). The internal auditor has used the word “excessive” without defining what would constitute normal waived charges.
B.The condition is that excessive late charges are being waived. C.The cause is that approval by an officer is not required. D.The effect is the annual loss of $5,000.
21.Fact Pattern: The internal audit activity has just completed an engagement to review loan processing and commercial loan account balances for a financial institution. Following are a few excerpts from the working papers indicating potential engagement observations. The auditors took a statistical sample of 100 loan applications and determined that only 85 loans were granted. Of the 85 loans granted, the auditors noted that 4 loans should have been reviewed and approved by the loan committee but were not. Organizational policy states that all loans must be approved by the committee prior to funding. Each of the 4 loans, however, was approved by the vice president. The matter was discussed with the vice president, who indicated it was a competitive loan situation to a new customer and in the best interests of the financial institution to expedite the loan and establish a firm relationship with a growing customer. All of the other loans were formally approved by the loan committee. Of the 81 loans approved by the loan committee, the auditors found 7 in which the actual amount lent exceeded the approved amount. The auditors noted three instances in which loans were made to related groups of organizations without an analysis of the total amount of loans made to the controlling entity. There may be statutory limitations on the amount of loans that can be made to any individual controlling organization. Of the 81 loans approved by the loan committee, the auditors found that 14 contained either insufficient documentation or were not received by the committee in a timely fashion in advance of their meeting. The statistical sample was taken with a 95% confidence level using attribute sampling with a tolerable error limit of 4%. Assume that the sampling plan was implemented correctly.
Q:Assume with regard to item B, the vice president asks the loan committee to review the loans on an after-the-fact basis. Assume further, upon this subsequent review, the loan committee
approves the loans on the after-the-fact basis. Which of the following conclusions is true regarding the communication of the engagement observations? 1.
The sample deviation rate would drop to 0%.
2.
The item should still be reported in the audit report because it was not approved in a timely manner in accordance with organizational policies.
3.
The item should be reported as a nondeviation because subsequent action validated the vice president’s approach.
A.1 only. B.2 only. C.3 only. D.1, 2, and 3.
Answer (B) is correct. The loans were not timely approved prior to funding according to organizational policies and procedures. Thus, the condition attribute differs from the criteria attribute of the observation, and the loans should be reported as deviations. But the internal auditor should note that the loans were subsequently reviewed and approved by the loan committee.
A.Statement 1 is false. C.Statement 3 is false. D.Statements 1 and 3 are false.
22.Fact Pattern:The legislative auditing bureau of a country is required to perform compliance engagements involving organizations that are issued defense contracts on a cost-plus basis. Contracts are clearly written to define acceptable costs, including developmental research cost and appropriate overhead rates. During the past year, the government has engaged in extensive outsourcing of its activities. The outsourcing included contracts to run cafeterias, provide janitorial services, manage computer operations and systems development, and provide engineering of construction projects. The contracts were modeled after those used for years in the defense industry. The legislative internal auditors are being called upon to expand their efforts to include compliance engagements involving these contracts. Upon initial investigation of these outsourced areas, the internal auditor found many areas in which the outsourced management has apparently expanded its authority and responsibility. For example, the contractor that manages computer operations has developed a highly sophisticated security program that may represent the most advanced information security in the industry. The internal auditor reviews the contract and sees reference only to providing appropriate levels of computing security. The internal auditor suspects that the governmental agency may be incurring developmental costs that the outsourcer may use for competitive advantage in marketing services to other organizations.
Q:Regarding the engagement observation concerning an advanced computing security system, what is the most appropriate course of action by the internal auditor?
A.Estimate the amount of cost used to develop the advanced security system and inform the outsourcer that it will be a disallowed cost. B.Exclude the observation from the engagement communication because the contract was vague and the level of security is clearly acceptable. C.Estimate the added cost, report it to management, and suggest that management meet with its lawyers and the outsourcer to resolve differences. D.Compare the cost with previous costs incurred by governmental operations and inform the outsourcer that the difference will be a disallowed cost.
Answer (C) is correct. Observations and recommendations are based on the following attributes: criteria (the correct state), condition (the current state), cause (the reason for the difference), and effect (the impact of the difference). Stating the significance of the observation, the cause (vague contract), the potential impact, and the recommended action is consistent with these attributes.
A.The internal auditor does not have the authority to disallow the cost. The contract is vague, and differences should be reported to management for reconciliation. B.The internal auditor has a duty to report the purpose, scope, and results of the audit finding. The cost issue should be resolved by management. D.Previous costs may not be comparable, and the internal auditor is not authorized to disallow costs.
23.Fact Pattern:This information is to be included in a final communication made following an inventory control engagement for a tent and awning manufacturer. The issue relates to overstocked rope. 1)
The quantity on hand at the time of the engagement represented a 10-year supply based on normal usage.
2)
The organization had held an open house of its new factory 2 months prior to the engagement and had used the rope to provide safety corridors through the plant for visitors. This was not considered when placing the last purchase order.
3)
Rope is reordered when the inventory level reaches a 1-month supply and is based on usage during the previous 12 months.
4)
The quantity to be ordered should be adequate to cover expected usage for the next 6 months.
5)
The purchasing department should review inventory usage and inquire about any unusual fluctuations before placing an order.
6)
A public warehouse was required to store the rope.
7)
The purchasing agent receives an annual salary of US $59,000.
Q:Which of these statements should be in the criteria section of the communication?
A.2 only. B.3 only. C.3 and 4 only. D.5 only.
Answer (C) is correct. Criteria are the standards, measures, or expectations used in making an evaluation and/or verification (the correct state). Only statements 3 and 4 describe a situation as it ought to be.
A.Statement 2 should be included in the cause section. B.Statement 4 should be in the criteria section. D.Statement 5 should be in the recommendations section.
24.Fact Pattern:This information is to be included in a final communication made following an inventory control engagement for a tent and awning manufacturer. The issue relates to overstocked rope. The quantity on hand at the time of the engagement represented a 10-year supply based on normal usage. The organization had held an open house of its new factory 2 months prior to the engagement and had used the rope to provide safety corridors through the plant for visitors. This was not considered when placing the last purchase order. Rope is reordered when the inventory level reaches a 1-month supply and is based on usage during the previous 12 months. The quantity to be ordered should be adequate to cover expected usage for the next 6 months. The purchasing department should review inventory usage and inquire about any unusual fluctuations before placing an order. A public warehouse was required to store the rope. The purchasing agent receives an annual salary of US $59,000.
Q:Which of these statements should be in the condition section of the communication?
A.1 only. B.4 only.
C.6 only. D.7 only.
Answer (A) is correct. The condition attribute states the factual evidence that the internal auditor found in the course of the examination (the current state). Only statement 1 is a description of things as they are.
B.Statement 4 should be in the criteria section. C.Statement 6 should be in the effect section. D.Statement 7 should not be in the engagement communication. It is not relevant
25.Fact Pattern:This information is to be included in a final communication made following an inventory control engagement for a tent and awning manufacturer. The issue relates to overstocked rope. 1.
The quantity on hand at the time of the engagement represented a 10-year supply based on normal usage.
2.
The organization had held an open house of its new factory 2 months prior to the engagement and had used the rope to provide safety corridors through the plant for visitors. This was not considered when placing the last purchase order.
3.
Rope is reordered when the inventory level reaches a 1-month supply and is based on usage during the previous 12 months.
4.
The quantity to be ordered should be adequate to cover expected usage for the next 6 months.
5.
The purchasing department should review inventory usage and inquire about any unusual fluctuations before placing an order.
6.
A public warehouse was required to store the rope.
7.
The purchasing agent receives an annual salary of US $59,000.
Q:Which of these statements should be in the effect section of the communication?
A.2 only. B.3 only. C.5 only. D.6 only.
Answer (D) is correct.
The effect attribute states the risk or exposure the organization and/or others encounter because the condition is not consistent with the criteria (the impact of the difference). In determining the degree of risk or exposure, internal auditors consider the effect their engagement observations and recommendations may have on the organization’s operations and financial statements. Only statement 6 describes the negative results of the situation as it is.
A.Statement 2 should be in the cause section. B.Statement 3 should be in the criteria section. C.Statement 5 should be in the recommendations section.
26.A recommendation in a final engagement communication should address what attribute?
A.Cause. B.Statement of condition. C.Criteria. D.Effect.
Answer (A) is correct. A recommendation must address the cause attribute to describe the necessary corrective action.
B.The condition attribute simply describes “what is” to serve as a basis for comparison with given criteria. C.Criteria describe “what should be” and are compared with the statement of condition. D.The effect attribute addresses the importance of an observation.
27.Fact Pattern: Paragraph 1: The production department has the newest production equipment available because of a fire that required the replacement of all equipment. Paragraph 2: The members of the production department have become completely comfortable with the state-of-the-art technology over the past year and a half. As a result, the production department has become an industry leader in production efficiency and effectiveness. Paragraph 3: The production department produces an average of 25 units per worker per shift. The defect rate is 1%. Paragraph 4: The industry average productivity is 20 units per worker per shift. The industry defect rate is 3%.
Q:Which paragraph should be characterized as the attribute described in the Standards as “condition”?
A.1 B.2 C.3 D.4
Answer (C) is correct. Condition is defined as the factual evidence that the internal auditor found in the course of the examination (the current state). Paragraph 3 describes the actual productivity of the firm.
A.Paragraph 1 states the cause attribute of the observation. B.Paragraph 2 states the effect attribute of the observation. D.Paragraph 4 states the criteria attribute of the observation.
28.In beginning an engagement, an internal auditor reviews written procedures that detail segregations of responsibility adopted by management to strengthen internal controls. These written procedures should be viewed as which attribute of an observation?
A.Criteria. B.Condition. C.Cause. D.Effect.
Answer (A) is correct. Criteria are the standards, measures, or expectations used in making an evaluation and/or verification (the correct state). The written procedures represent the standards (criteria) against which an observation concerning segregation of responsibility should be measured.
B.The condition is the factual evidence that the internal auditor found in the course of the examination (the current state). C.The cause is the reason for the difference between the expected and actual conditions (why the difference exists). D.The effect is the risk or exposure that the organization or others encounter because the condition is not consistent with the criteria (the impact of the difference).
29.Fact Pattern: An excerpt from an engagement observation indicates that travel advances exceeded prescribed maximum amounts. Organizational policy provides travel funds to authorized employees for travel. Advances are not to exceed 45 days of anticipated expenses. Organizational procedures do not require justification for large travel advances. Employees can and do accumulate large, unneeded advances.
Q:The cause of the engagement observation is that
A.Advance procedures do not require specific justification. B.Organizational policy is to provide travel funds to authorized employees. C.Employees accumulate large travel advances. D.Travel advances have not been cleared in timely manner.
Answer (A) is correct. The cause is the reason for the difference between the expected and actual condition. Thus, the cause provides the answer to the question “Why?” and should be the basis for corrective action. The cause of the observation is that advance procedures do not require specific justification.
B.The policy provides for advances to authorized employees only. C.Accumulating large travel advances is an effect. D.Not clearing travel advances in a timely manner is an effect.
30.Recent criticism of an internal audit activity suggested that engagement coverage was not providing adequate feedback to senior management on the processes used in the organization’s key lines of business. The problem was further defined as lack of feedback on the recent implementation of automated support systems. Which two functions does the chief audit executive need to improve?
A.Staffing and communicating. B.Staffing and decision making. C.Planning and organizing. D.Planning and communicating.
Answer (D) is correct. The lack of feedback indicates the CAE has problems in planning and allocating internal audit resources to communicate necessary information to management. The CAE must establish risk-based plans to determine the priorities of the internal audit activity, consistent with the organization’s goals (Perf. Std. 2010). Furthermore, internal auditors must communicate engagement results (Perf. Std.
2400). In an assurance engagement, they must communicate applicable conclusions, recommendations, and action plans (Impl. Std. 2410.A1).
A.The facts do not indicate the existence of staffing problems. B.Decision making and staffing are not problems. C.Nothing indicates that the structure of the entity is a problem.
31.Which of the following should be identified as a deficiency by an engagement supervisor who is reviewing workpapers?
A.A memorandum recorded in the workpapers explained why the time budget for a part of the engagement was exceeded. B.A draft communication concerning an engagement observation recorded in the workpapers omitted the criteria used for evaluation. C.A memorandum recorded in the workpapers explained why an engagement work program step was omitted. D.A letter to the engagement client outlining the scope of the engagement was recorded in the workpapers. Answer (B) is correct. Observations are included in engagement communications. Observations have four attributes: criteria, condition, cause, and effect. Thus, omitting the criteria used in making an evaluation or verification results in a failure to support observations properly.
A.Reasons for exceeding a time budget are appropriate for inclusion in workpapers. C.An explanation of the omission of a work program step is appropriate for inclusion in workpapers. D.A letter outlining the scope of the engagement is appropriate for inclusion in workpapers.
32.An internal auditor performing a consulting engagement has observed employees routinely taking home office supplies with no attempt made at concealment. The auditor consulted the firm’s policies and procedures manual and found no reference to personal use of office supplies. The most appropriate response for the auditor is to
A.Discuss the matter with the employees’ supervisors but, because it is outside the scope of the engagement, not mention it in the final report. B.Do nothing because the organization has no policy that prohibits the observed actions, and the amounts involved are immaterial. C.Recommend adoption of a policy about personal use of office supplies. D.Immediately initiate a fraud engagement.
Answer (C) is correct. The auditor should document the observation and recommend in the final report that management adopt a formal policy about personal use of office supplies.
A.An internal auditor has a responsibility to alert management to conversion of organizational assets to personal use. B.An internal auditor has a responsibility to alert management to conversion of organizational assets to personal use. D.No formal policy regarding the personal use of office supplies exists. Thus, because the actions are routine, treating the situation as a red flag for fraud is premature.
33.An internal auditor has completed an engagement to review an organization’s activities and is ready to issue a final engagement communication. However, the engagement client disagrees with the internal auditor’s conclusions. The internal auditor should
A.Withhold the issuance of the final engagement communication until agreement on the issues is obtained. B.Perform more work, with the engagement client’s concurrence, to resolve areas of disagreement. Delay the issuance of the final engagement communication until agreement is reached. C.Issue the final engagement communication and indicate that the engagement client has provided a scope limitation that has led to a difference as to the conclusions. D.Issue the final engagement communication and state both the internal auditor and engagement client positions and the reasons for the disagreement.
Answer (D) is correct. As part of the internal auditor’s discussions with the engagement client, the internal auditor obtains agreement on the results of the engagement and on any necessary plan of action to improve operations. If the internal auditor and engagement client disagree about the engagement results, the engagement communications state both positions and the reasons for the disagreement. The engagement client’s written comments may be included as an appendix to the engagement report, in the body of the report, or in a cover letter.
A.If the engagement is complete, the final engagement communication should be issued in a timely manner. Moreover, agreement with the engagement client is not mandatory. B.If the internal auditor is satisfied with the conclusions drawn from the engagement, there is no reason to perform more work. C.The disagreement on conclusions is not a scope limitation.
34.Which of the following is the most appropriate method of reporting disagreement between the internal auditor and the engagement client concerning engagement observations and recommendations?
A.State the internal auditor’s position because the report is designed to provide the internal auditor’s independent view. B.State the engagement client’s position because management is ultimately responsible for the activities reported. C.State both positions and identify the reasons for the disagreement. D.State neither position. If the disagreement is ultimately resolved, there will be no reason to report the previous disagreement. If the disagreement is never resolved, the disagreement should not be reported because there is no mechanism to resolve it.
Answer (C) is correct. As part of the internal auditor’s discussions with the engagement client, the internal auditor obtains agreement on the results of the engagement and on any necessary plan of action to improve operations. If the internal auditor and engagement client disagree about the engagement results, the engagement communications state both positions and the reasons for the disagreement. The engagement client’s written comments may be included as an appendix to the engagement report in the body of the report or in a cover letter.
A.Both positions should be reported, and the reasons for the disagreement should be identified. B.Both positions should be reported, and the reasons for the disagreement should be identified. D.Both positions should be reported, and the reasons for the disagreement should be identified.
35.An internal auditor is preparing a final engagement communication to management. However, the internal auditor and the engagement client disagree about one observation that describes the client’s violation of the organization’s purchasing policy. The client believes the purchasing policy is open to interpretation and that no violation occurred. The internal auditor believes that the policy is clearly stated and that the client’s actions were a violation. In this circumstance, the internal auditor should
A.Delete the observation from the report. B.Present only those facts that support the observation and ignore those that detract from it. C.Present the internal auditor’s and client’s positions in the report. D.Not issue the report until the internal auditor and client agree on all observations and recommendations.
Answer (C) is correct. As part of the internal auditor’s discussions with the engagement client, the internal auditor obtains agreement on the results of the engagement and on any necessary plan of action to improve operations. If the internal auditor and engagement client disagree about the engagement results, the engagement communications state both positions and the reasons for the disagreement. The engagement client’s written comments may be included as an appendix to the engagement report in the body of the report or in a cover letter.
A.The internal auditor communicates those observations necessary to support or prevent misunderstanding of the internal auditor’s conclusions and recommendations. Deleting observations solely because of the engagement client’s disagreement suggests a lack of independence. B.Omitting material and relevant facts indicates a lack of objectivity. D.Waiting for resolution of the conflict may prevent the report’s timely issuance.
36.During the exit conference, the manager of the engagement client objected to a valid observation about a major control deficiency because the manager felt the observation was based upon a “biased sample and immaterial risk.” What step should the internal auditor take?
A.Let some neutral group coordinate the follow-up effort after the final engagement communication is issued. B.Include the engagement client’s comments in the report but recommend corrective action. C.Review the condition during the next annual engagement to determine whether the deficiency is major or minor. D.Research a compromise by modifying the wording of the conclusion.
Answer (B) is correct. As part of the internal auditor’s discussions with the engagement client, the internal auditor obtains agreement on the results of the engagement and on any necessary plan of action to improve operations. If the internal auditor and engagement client disagree about the engagement results, the engagement communications state both positions and the reasons for the disagreement. The engagement client’s comments may be included in the report.
A.The internal audit activity’s responsibility does not end with the issuance of a final engagement communication. Follow-up is required. C.Waiting a year is too long if a major deficiency is involved. D.The conclusion (opinion) may not be compromised.
37.According to the Standards, final engagement communications should be distributed to those members of the organization who are able to ensure that engagement results are given due consideration. For higher-level members of the organization, that requirement can usually be satisfied with
A.Interim reports. B.Summary reports. C.Oral reports. D.Final written reports only.
Answer (B) is correct. Summary reports highlighting engagement results are appropriate for levels of management above the engagement client and can be issued separately from or in conjunction with the final report. Thus, summary written reports are usually intended for senior management or the board.
A.Interim reports are used to communicate urgent information, changes in engagement scope, and engagement progress. C.Only interim reports may be oral. The final report must be written. D.Senior management is often too busy to read an entire report.
38.Which of the following is most appropriate for inclusion in the summary of a final engagement communication?
A.Engagement client responses to recommendations. B.A concise statement of engagement observations. C.Reference to areas not covered by the engagement. D.Discussion of recommendations given in prior years’ engagement communications.
Answer (B) is correct. A signed report is issued after the engagement’s completion. Summary reports highlighting engagement results are appropriate for levels of management above the engagement client.
A.Engagement client responses to recommendations are appropriately included in the body of the communication rather than in the summary. C.A reference to areas not covered by the engagement communications is appropriately included in the body of the communication rather than in the summary. D.A discussion of recommendations given in prior years’ engagement communications is appropriately included in the body of the communication rather than in the summary.
39.To enhance communications with top management, some internal audit activities include a summary report with each written engagement communication. What information should be included in such a summary report?
A.The same information as the written report but in diagram form. B.Highlights of the engagement results. C.The internal auditor’s assessment of the adequacy of internal controls.
D.Only that information needed to resolve the disagreements between the engagement clients and the internal auditors.
Answer (B) is correct. Summary reports highlighting engagement results are appropriate for levels of management above the engagement client and can be issued separately from or in conjunction with the final report.
A.A summary is a condensed version of the information in the full report. C.A summary is not limited to a particular engagement objective. D.A summary need not concern internal auditor-engagement client conflicts.
40.During a review of purchasing operations, an internal auditor finds that current procedures differ markedly from stated organizational procedures. However, the internal auditor concludes that the procedures currently used represent an increase in efficiency and a decrease in processing time, without a discernible decrease in control. The internal auditor should
A.Report the lack of adherence to documented procedures as an operational risk exposure. B.Develop a flowchart of the new procedures and include it in the report to management. C.Report the change and suggest that the change in procedures be documented. D.Suspend the completion of the engagement until the client documents the new procedures.
Answer (C) is correct. The internal auditor may communicate engagement client accomplishments, in terms of improvements since the last engagement or the establishment of a well-controlled operation. This information may be necessary to fairly represent the existing conditions and to provide proper perspective and balance to the engagement final communications.
A.The procedures do not represent a risk exposure. B.The internal auditor should not prepare documentation for the engagement client. D.The engagement should be completed.
41.According to the International Professional Practices Framework, which of the following is part of the minimum requirements for an engagement final communication?
1)
Background information.
2)
Purpose of the engagement.
3)
Engagement scope.
4)
Results of the engagement.
5)
Summaries.
A.1, 2, and 3 only. B.1, 3, and 5 only. C.2, 3, and 4 only. D.2, 4, and 5 only.
Answer (C) is correct. Although the format and content of the final engagement communications may vary by organization or type of engagement, they are to contain, at a minimum, the purpose, scope, and results of the engagement.
A.Background information is not required, but the results of the engagement are required. B.Background information and summaries are not required, but the purpose and results are required. D.Summaries are not required, but the scope is required.
42.The scope statement of an engagement communication should
A.Describe the engagement objectives and tell the reader why the engagement was conducted. B.Identify the activities reviewed and describe the nature and extent of work performed. C.Define the standards, measures, or expectations used in evaluating engagement observations. D.Communicate the internal auditor’s evaluation of the effect of the observations on the activities reviewed.
Answer (B) is correct. Scope statements identify the audited activities and may include supportive information such as time period reviewed and related activities not reviewed to delineate the boundaries of the engagement. They may describe the nature and extent of engagement work performed.
A.Engagement objectives and the reason for conducting the engagement are described in the purpose statement. C.This is the definition of criteria. D.The effect of the observations and recommendations on the activities reviewed is properly presented in the conclusions section of the engagement communication.
43.The scope section of an internal auditor’s final engagement communication should identify
A.The engagement techniques used. B.Any limitations imposed. C.The sampling methodology employed. D.Any unresolved differences with engagement clients.
Answer (B) is correct. Because limitations set the boundaries of the engagement, they must be identified in the scope section.
A.This subject is inappropriate for the scope section. C.This subject is inappropriate for the scope section. D.This subject is inappropriate for the scope section.
44.The content and format of engagement communications may vary. However, according to the Standards, a necessary element is statement of
A.Engagement objectives. B.The status of observations from prior engagement communications. C.Related activities not reviewed. D.Documentation of previous oral communications.
Answer (A) is correct. Communications must include the engagement’s objectives, scope, and results (Perf. Std. 2410).
B.The status of observations from prior engagement communications is an optional item in the final engagement communication. C.Related activities not reviewed is an optional item in the final engagement communication. D.Documentation of previous oral communications is an optional item in the final engagement communication.
45.Fact Pattern: An internal auditor has submitted a first draft of an engagement communication to an engagement client in preparation for an exit meeting. An excerpt is below. The engagement was performed to accomplish several objectives:
Verify the existence of unused machinery being stored in the warehouse.
Determine whether machinery had been damaged during storage.
Review the handling procedures being performed by personnel at the warehouse.
Determine whether proper accounting procedures are being followed for machinery kept in the warehouse.
Calculate the current fair value of warehouse inventories.
Compare the total value of the machinery with accounting records.
It was confirmed that, of the 30 machines selected from purchasing records for the sample, 13 were present on the warehouse floor and another five were on the loading dock ready for conveyance to the production facility. Twelve others had already been sent to the production facility at a previous time. An examination of the accounting procedures used at the warehouse revealed the failure by the warehouse accounting clerk to reconcile inventory records monthly, as required by policy. A sample of 25 machines was examined for possible damage, and all but one was in good condition. It was confirmed by the internal auditors that handling procedures outlined in the warehouse policy manual appear to be adequate, and warehouse personnel apparently were following those procedures, except for the examination of items being received for inventory.
Q:At a minimum, the following elements should be included in final engagement communications: purpose, scope, and results. Results include observations, conclusions (opinions), recommendations, and action plans. Which of the following describes all of the elements missing from the engagement communication?
A.Scope, conclusion, recommendation. B.Purpose, result, recommendation. C.Observations, conclusion, recommendation. D.Purpose, scope, recommendation.
Answer (A) is correct. Although a portion of the scope is discussed, the reader cannot determine the significance of the amount of machines selected without knowing the total amount of machines available and the value of the machinery. Also, the conclusion or opinion about the operation is not stated, and the engagement communication makes no recommendations.
B.The purpose of the engagement was clearly stated. C.The observations were given. D.The purpose of the engagement was clearly stated, and the conclusions were left out.
46.The internal auditors have completed an engagement in the purchasing department and are preparing their final report. Throughout the engagement, the auditors have shared results with the purchasing manager. Which of the following is not a goal of the final audit report?
A.Resolve conflicts. B.Describe the technical aspects of the methods used during the engagement. C.Assure agreement with the observations and recommendations. D.Improve relations between the internal audit activity and the purchasing department.
Answer (B) is correct. Internal auditors should communicate the engagement’s (1) objective and scope, (2) conclusions, (3) recommendations, and (4) action plans. Although the format and content of final communications may vary by organization or type of engagement, they should include at least the purpose, scope, and results of the engagement. Presentation of the final audit report improves relations with engagement clients. It involves them in the engagement process and ensures that misunderstandings or misinterpretations are avoided. Moreover, this presentation may increase client support for appropriate management action. But the technical aspects of the methods used during the engagement are not addressed in the report.
A.The auditors should be prepared to resolve conflicts and answer questions. C.The final report is an opportunity for the auditors and the client to understand and agree with the observations and recommendations. D.Improving relations between the internal audit activity and the purchasing department is a goal of the final audit report.
47.Which of the following activities would not be appropriate for a new internal auditor with minimal experience to perform during an audit engagement of a new system implementation?
A.Perform tests. B.Verify test results. C.Communicate test results to the audit client. D.Prepare supporting test documentation.
Answer (C) is correct. Internal auditors must communicate the results of engagements (Perf. Std. 2400). The CAE, auditor-in-charge of the engagement, or other auditor with sufficient experience communicates results to the engagement client. An internal auditor with minimal experience is not likely to be the auditor-in-charge and should not communicate test results to the audit client.
A.An internal auditor with minimal experience may perform procedures that are commensurate with his or her experience or that exceed his or her experience if properly supervised. B.An internal auditor with minimal experience may perform procedures that are commensurate with his or her experience or that exceed his or her experience if properly supervised. D.An internal auditor with minimal experience may prepare documentation.
48.An internal auditor found that employees in the maintenance department were not signing their time cards. This situation also existed during the last engagement. The internal auditor should
A.Include this observation in the current engagement communication. B.Ask the manager of the maintenance department to assume the resulting risk. C.Withhold conclusions about payroll internal control in the maintenance department. D.Instruct the employees to sign their time cards.
Answer (A) is correct. Internal auditors must communicate results of engagements. Results include observations, conclusions, opinions, recommendations, and action plans. Observations (findings) are relevant statements of fact, which include whether a condition (current state) complies with established criteria (correct state). Accordingly, the internal auditor should include the observation in the current engagement communication.
B.Asking the manager of the maintenance department to assume the resulting risk is not within the internal auditor’s authority, and it would not remedy the situation. However, the internal auditor should ascertain whether senior management has decided to assume the risk. C.The final engagement communication must contain conclusions about internal control of payroll in the maintenance department. D.The internal auditor should not supervise maintenance department employees.
49.Fact Pattern: An internal auditor has the following information available to write a memorandum on the progress of developing new engagement software for accounts receivable:
The programmers, who were to start on the sampling software last week, will not be able to start until next week.
The programmers want to purchase a commercially available software package.
The funds for the software are not in the budget.
By using the software, the programmers expect to complete their work on schedule.
The purchased software will reduce programming costs by substantially more than the cost of the software.
The programming of the sampling techniques is expected to be completed one week early.
The overall project is expected to be completed on time.
Except for the software package and the programming costs, the project is on budget.
Q:The most important message for the internal auditor to convey to senior management is
A.The development of the new software is behind schedule.
B.The programmers want to buy new software. C.The project is expected to be completed on time and within budget. D.The programming of the sampling techniques will be completed one week early.
Answer (C) is correct. Senior management is most concerned with achieving organizational objectives. The objective of the memorandum is to report on the progress of developing new software. Thus, an objective of the organization in question is to develop new software. Accordingly, the most important message (i.e., result) for the internal auditor to convey to senior management is the project is expected to be completed on time and within budget.
A.The project is expected to be completed on time. Senior management is concerned with the timeliness of the entire project. B.The new software purchase will reduce overall costs. Senior management is concerned about significant variances from the budget. D.The programming of the sampling techniques is a detail with which senior management is not concerned.
50.Fact Pattern: An internal auditor has the following information available to write a memorandum on the progress of developing new engagement software for accounts receivable:
The programmers, who were to start on the sampling software last week, will not be able to start until next week.
The programmers want to purchase a commercially available software package.
The funds for the software are not in the budget.
By using the software, the programmers expect to complete their work on schedule.
The purchased software will reduce programming costs by substantially more than the cost of the software.
The programming of the sampling techniques is expected to be completed one week early.
The overall project is expected to be completed on time.
Except for the software package and the programming costs, the project is on budget.
Q:Regarding the unbudgeted funds for the purchase of a software package, the internal auditor should
A.Disclose it with the expected reduction in programming costs to provide full disclosure.
B.Leave it out of the engagement communication because it is irrelevant. C.Emphasize it because it is outside the budget. D.Leave it out of the engagement communication to avoid criticism.
Answer (A) is correct. Communications must include results of engagements. Results include observations, conclusions, opinions, recommendations, and action plans. Observations are relevant statements of facts. The unbudgeted funds for the purchase of a software package should be disclosed because it is a relevant fact. This information justifies the expenditure and assures the recipient of the memorandum that the project will still be within budget. If both items are not disclosed, the memorandum will be misleading.
B.The unbudgeted expenditure is relevant. C.The expenditure is not important enough to be emphasized. D.Information should not be left out to avoid criticism. This information is important enough to warrant disclosure.
51.The internal audit activity for a chain of retail stores recently concluded an engagement to evaluate sales adjustments in all stores in the Southeast region. The engagement revealed that several stores are costing the organization substantial sums in duplicate credits to customers’ charge accounts. The final engagement communication published 8 weeks after the engagement was concluded incorporated the internal auditors’ recommendations to store management that should prevent duplicate credits to customers’ accounts. Which of the following standards has been disregarded?
A.The follow-up actions were not adequate. B.The internal auditors should have implemented appropriate corrective action as soon as the duplicate credits were discovered. C.Internal auditor recommendations should not be included in the final engagement communication. D.The final engagement communication was not timely.
Answer (D) is correct. Communications must be accurate, objective, clear, concise, constructive, complete, and timely (Perf. Std. 2420). Timely communications are opportune and expedient, depending on the significance of the issue, allowing management to take appropriate corrective action (Inter. Std. 2420). The report, which was not published until 8 weeks after the engagement was concluded, was not issued in a timely fashion, given the significance of the observations and the need for prompt, effective action.
A.Information is not sufficient to evaluate the effectiveness of follow-up. B.Internal auditors may properly make recommendations for potential improvements but should not implement corrective action.
C.Internal auditor recommendations are part of the results of the engagement. Final engagement communications include, at a minimum, the purpose, scope, and results of the engagement.
52.Fact Pattern: An internal auditor has submitted a first draft of an engagement communication to an engagement client in preparation for an exit meeting. An excerpt is below. The engagement was performed to accomplish several objectives:
Verify the existence of unused machinery being stored in the warehouse.
Determine whether machinery had been damaged during storage.
Review the handling procedures being performed by personnel at the warehouse.
Determine whether proper accounting procedures are being followed for machinery kept in the warehouse.
Calculate the current fair value of warehouse inventories.
Compare the total value of the machinery with accounting records.
It was confirmed that, of the 30 machines selected from purchasing records for the sample, 13 were present on the warehouse floor and another five were on the loading dock ready for conveyance to the production facility. Twelve others had already been sent to the production facility at a previous time. An examination of the accounting procedures used at the warehouse revealed the failure by the warehouse accounting clerk to reconcile inventory records monthly, as required by policy. A sample of 25 machines was examined for possible damage, and all but one was in good condition. It was confirmed by the internal auditors that handling procedures outlined in the warehouse policy manual appear to be adequate, and warehouse personnel apparently were following those procedures, except for the examination of items being received for inventory.
Q:When an internal auditor is communicating with engagement clients, both situational factors and message characteristics can damage the communication process. An internal auditor has only limited control over situational factors but has substantial control over message characteristics. Which of the following is a message characteristic that the internal auditor who prepared the engagement communication overlooked?
A.Sequence of message. B.Nature of the audience. C.Noise. D.Prior encounters with the engagement client.
Answer (A) is correct. Communications must be accurate, objective, clear, concise, constructive, complete, and timely (Perf. Std. 2420). Clear communications are easily understood and logical (Inter. Std. 2420). Because the information being communicated is complicated, the engagement communication’s content should be organized in logical succession to facilitate understanding and acceptance. The internal auditor neglected to organize the information in this communication.
B.The nature of an audience is a situational factor that is outside the control of the internal auditor. C.Noise is a situational factor that interferes with the effective communication of intended messages. D.The history of previous encounters is a situational factor that is outside the control of the internal auditor.
53.Fact Pattern: An internal auditor has submitted a first draft of an engagement communication to an engagement client in preparation for an exit meeting. An excerpt is below. The engagement was performed to accomplish several objectives: Verify the existence of unused machinery being stored in the warehouse. Determine whether machinery had been damaged during storage. Review the handling procedures being performed by personnel at the warehouse. Determine whether proper accounting procedures are being followed for machinery kept in the warehouse. Calculate the current fair value of warehouse inventories. Compare the total value of the machinery with accounting records. It was confirmed that, of the 30 machines selected from purchasing records for the sample, 13 were present on the warehouse floor and another five were on the loading dock ready for conveyance to the production facility. Twelve others had already been sent to the production facility at a previous time. An examination of the accounting procedures used at the warehouse revealed the failure by the warehouse accounting clerk to reconcile inventory records monthly, as required by policy. A sample of 25 machines was examined for possible damage, and all but one was in good condition. It was confirmed by the internal auditors that handling procedures outlined in the warehouse policy manual appear to be adequate, and warehouse personnel apparently were following those procedures, except for the examination of items being received for inventory.
Q:The objectives of an engagement communication are to inform and to influence. Whether these objectives are met depends on the clarity of the writing. Which of the following principles of communication clarity was violated in the engagement communication?
A.Appropriately organize the communication. B.Keep most sentences short and simple. C.Use active voice verbs. D.All of the answers are correct.
Answer (D) is correct. The communication should be well-organized so that the information is given appropriate attention. Also, effective organization enhances understanding by presenting information in an logical order that
clarifies the internal auditor’s reasoning. Keeping sentences as short and simple as possible likewise facilitates understanding. Also, active voice verbs are more vivid and concise than passive voice verbs.
A.An engagement communication should be appropriately organized B.An engagement communication should be concise C.An engagement communication should use active voice verbs.
54.According to IIA guidance, when an engagement final communication contains a significant error, the chief audit executive is required to do which of the following?
A.Issue a written report to individuals who can ensure that engagement results are given due consideration. B.Issue a written report to the audit committee and senior management. C.Communicate corrected information to all individuals who received the original communication. D.Communicate corrected information to all those who might have relied on the original communication.
Answer (C) is correct. If a final engagement communication contains a significant error or omission, the CAE must communicate corrected information to all who received the original communication (Perf. Std. 2421). Thus, the Standards do not require a written report.
A.The Standards do not require a written report, and the required correction should be communicated to the original distributees. B.The Standards do not require a written report, and the required correction should be communicated to the original distributees. D.The Standards do not require a written report, and the required correction should be communicated to the original distributees.
55.Avoiding unnecessary technical language is best associated with which quality of communication addressed in the Standards?
A.Accurate. B.Concise. C.Clear. D.Complete.
Answer (C) is correct.
Communications must be accurate, objective, clear, concise, constructive, complete, and timely (Perf. Std. 2420). Clear communications are easily understood and logical. Clarity can be improved by avoiding unnecessary technical language and providing all significant and relevant information (Inter. Std. 2420).
A.Accurate communications avoid errors and distortions. B.Concise communications avoid superfluous detail, redundancy, and wordiness. D.Complete communications lack nothing that is essential to the target audience and include all significant and relevant information and observations to support recommendations and conclusions.
56.Word selection can have an impact on the recipient when presenting an engagement communication in either oral or written form. In a oral or written presentation in which the internal auditor’s objective is to persuade an individual to accept the recommendations, using words with strong or emotional connotation rather than words with low connotation
A.May move the recipient deliberately in the direction of the internal auditor’s recommendation. B.May misfire quickly, moving the recipient away from the internal auditor’s recommendation. C.Will cause the recipient to accept the internal auditor’s recommendations quickly with no reservations. D.Will have no effect whatsoever on the recipient.
Answer (B) is correct. Words that are connotation-rich have strong but unpredictable effects. Using too strong a word or a word inappropriate for the particular recipient may induce an unwanted response. Thus, high connotation language should be chosen carefully to appeal to the specific recipient.
A.Use of emotion-laden words may have unintended consequences. C.Words rich in emotional content may induce quick acceptance but not without reservations. D.Words that are connotation-rich have strong, unpredictable effects.
57.When making a presentation to management, the internal auditor wants to report observations, conclusions, and recommendations and to stimulate action. These objectives are best accomplished by
A.Delivering a lecture on the engagement results. B.Showing a series of slides or overheads, which graphically depict the engagement results; limit verbal commentary. C.Using slides/overheads to support a discussion of major points. D.Handing out copies of the final engagement communication, asking the participants to read it, and asking for questions.
Answer (C) is correct. Using audiovisual aids to support a discussion of major points results in the greatest retention of information and will best stimulate action.
A.Delivering a lecture only does not best stimulate action. B.Limiting verbal commentary does not best stimulate action. D.The internal auditor should lead a discussion, not discuss only what is asked. 58.Successful communication between the internal auditor and the engagement client partially depends on achieving appropriate emphasis so that both parties are aware of the most important points in their discussion. Which of the following approaches provides the most emphasis in an engagement communication?
A.Graphics, repetition, and itemization. B.Solid paragraphs and detailed appendices. C.Calm discussion in a conversational tone. D.Key points embedded in discussion.
Answer (A) is correct. Graphic illustrations (e.g., pictures, charts, or graphs), oral and written repetition such as summaries, and itemized lists (bulleted or numbered) are good ways of emphasizing information
B.Long paragraphs may bury important information. Appendices hide important information because readers may not use them. C.Vocal emphasis comes from raising or lowering the projection of the voice to attract attention to the idea being stated, not from keeping the voice even. D.Embedding ideas subordinates rather than emphasizes them.
59.The manner in which data and evidence is gathered, evaluated, and summarized for presentation should be done with care and precision. Which quality of communications does this statement best describe?
A.Objective. B.Accurate. C.Timely. D.Constructive.
Answer (B) is correct.
Communications should be accurate, objective, clear, concise, constructive, complete, and timely (Perf. Std. 2420). Accurate communications are free from errors and distortions and are faithful to the underlying facts (Inter. Std. 2420).
A.Objective communications concern observations, conclusions, and recommendations that should be derived and expressed without prejudice, partisanship, personal interests, and the undue influence of others. C.Timely communications concern the timing of the presentation of engagement results, which should be set without undue delay and with a degree of urgency and so as to enable prompt, effective action. D.Constructive communications concern the contents and tone of the presentation, which should be useful, positive, and well-meaning and contribute to the objectives of the organization.
60.Fact Pattern:The following information is extracted from a draft of an engagement communication prepared upon the completion of an engagement to review the inventory warehousing procedures for a division.
Observations and Recommendations
[#5] We performed extensive tests of inventory recordkeeping and quantities on hand. Based on our tests, we have concluded that the division carries a large quantity of excess inventory, particularly in the area of component parts. We expect this is due to the conservatism of local management that does not want to risk shutting down production if the goods are not on hand. However, as noted earlier in this engagement communication, the excess inventory has led to a higher-than-average level of obsolete inventory write-downs at this division. We recommend that production forecasts be established, along with lead times for various products, and used in conjunction with economic order quantity concepts to order and maintain appropriate inventory levels. [#6] We noted that receiving reports were not filled out when the receiving department became busy. Instead, the receiving manager would fill out the reports after work and forward them to accounts payable. There is a risk that all items received might not be recorded, or that failing to record them initially might result in some items being diverted to other places. During our tests, we discovered many instances in which accounts payable had to call receiving to obtain a receiving report. We recommend that receiving reports be prepared. [#7] Inventory is messy. We recommend that management communicate the importance of orderly inventory management techniques to warehouse personnel to avoid the problems noted earlier about (1) locating inventory when needed for production and (2) incurring unusually large amounts of inventory write-offs because of obsolescence. [#8] We appreciate the cooperation of divisional management. We intend to discuss our observations with them and follow up by communicating your reaction to those recommendations included within this engagement communication. Given additional time for analysis, we feel that
substantial opportunities are available for significant cost savings, and we are proud to be a part of the process.
Q:A major deficiency in paragraph #5 related to the completeness of the engagement communication is that
A.There is no indication of the potential cause of the problem. B.It does not contain criteria by which the concept of “excessive inventory” is judged. C.It does not adequately describe the potential effect of the conditions noted. D.The recommendations are not required and are not appropriate given the nature of the problem identified.
Answer (B) is correct. Observations and recommendations are based on the attributes of criteria, conditions, cause, and effect. Paragraph #5 is silent on the criteria the internal auditor used in determining that the division had excessive levels of inventory.
A.The cause of the problem is attributed to divisional management’s conservatism regarding the risk of shutdowns. C.The engagement communication states that excess inventory has led to write-downs as a result of obsolescence. D.The recommendations are logically derived from the observations and represent an approach that should be considered by management. Recommendations should be included in engagement communications.
61.Fact Pattern: The following information is extracted from a draft of an engagement communication prepared upon the completion of an engagement to review the inventory warehousing procedures for a division.
Observations and Recommendations [#5] We performed extensive tests of inventory recordkeeping and quantities on hand. Based on our tests, we have concluded that the division carries a large quantity of excess inventory, particularly in the area of component parts. We expect this is due to the conservatism of local management that does not want to risk shutting down production if the goods are not on hand. However, as noted earlier in this engagement communication, the excess inventory has led to a higher-than-average level of obsolete inventory write-downs at this division. We recommend that production forecasts be established, along with lead times for various products, and used in conjunction with economic order quantity concepts to order and maintain appropriate inventory levels. [#6]
We noted that receiving reports were not filled out when the receiving department became busy. Instead, the receiving manager would fill out the reports after work and forward them to accounts payable. There is a risk that all items received might not be recorded, or that failing to record them initially might result in some items being diverted to other places. During our tests, we discovered many instances in which accounts payable had to call receiving to obtain a receiving report. We recommend that receiving reports be prepared. [#7] Inventory is messy. We recommend that management communicate the importance of orderly inventory management techniques to warehouse personnel to avoid the problems noted earlier about (1) locating inventory when needed for production and (2) incurring unusually large amounts of inventory write-offs because of obsolescence. [#8] We appreciate the cooperation of divisional management. We intend to discuss our observations with them and follow up by communicating your reaction to those recommendations included within this engagement communication. Given additional time for analysis, we feel that substantial opportunities are available for significant cost savings, and we are proud to be a part of the process.
Q:A major deficiency in paragraph #6 related to the completeness of the engagement communication is that the
A.Factual support for the observation is not given. B.Cause of the problem is not defined. C.Risk is presented in an overdramatic fashion. D.Recommendation is incomplete.
Answer (D) is correct. Receiving reports are being prepared but not on a timely basis or concurrently with the receipt of the goods. The recommendation needs to be more detailed.
A.Factual support comes from the internal auditors’ visual inspection. B.The cause of the problem (or at least the excuse given) is that concurrent receiving reports are not prepared when the department is busy. C.The internal auditor describes factually the result that might occur if the control deficiency is not adequately addressed.
62.Fact Pattern: The following information is extracted from a draft of an engagement communication prepared upon the completion of an engagement to review the inventory warehousing procedures for a division.
Observations and Recommendations
[#5] We performed extensive tests of inventory recordkeeping and quantities on hand. Based on our tests, we have concluded that the division carries a large quantity of excess inventory, particularly in the area of component parts. We expect this is due to the conservatism of local management that does not want to risk shutting down production if the goods are not on hand. However, as noted earlier in this engagement communication, the excess inventory has led to a higher-than-average level of obsolete inventory write-downs at this division. We recommend that production forecasts be established, along with lead times for various products, and used in conjunction with economic order quantity concepts to order and maintain appropriate inventory levels. [#6] We noted that receiving reports were not filled out when the receiving department became busy. Instead, the receiving manager would fill out the reports after work and forward them to accounts payable. There is a risk that all items received might not be recorded, or that failing to record them initially might result in some items being diverted to other places. During our tests, we discovered many instances in which accounts payable had to call receiving to obtain a receiving report. We recommend that receiving reports be prepared. [#7] Inventory is messy. We recommend that management communicate the importance of orderly inventory management techniques to warehouse personnel to avoid the problems noted earlier about (1) locating inventory when needed for production and (2) incurring unusually large amounts of inventory write-offs because of obsolescence.
[#8] We appreciate the cooperation of divisional management. We intend to discuss our observations with them and follow up by communicating your reaction to those recommendations included within this engagement communication. Given additional time for analysis, we feel that substantial opportunities are available for significant cost savings, and we are proud to be a part of the process.
Q:A major deficiency in paragraph #8 is that
A.The nature of the follow-up action is inappropriate. B.The observations were not discussed with division management before being presented to upper management. C.The cost savings mentioned are not supported in the engagement communication. D.All of the answers are correct.
Answer (D) is correct. The follow-up is insufficient. Following up entails ascertaining that the engagement client has taken appropriate action or that senior management or the board has assumed the risk of not taking corrective
action. Moreover, conclusions and recommendations should be discussed at appropriate levels of management before issuing final engagement communications, and interim engagement communications may be transmitted formally or informally. Finally, the statement about opportunities for cost savings is not wholly supported.
A.Not discussing the observations with management and not supporting the claim about cost savings are also deficiencies. B.The inappropriate nature of the follow-up action and not supporting the claim about cost savings are also deficiencies. C.Not discussing the observations with management and the inappropriate nature of the follow-up action are also deficiencies.
63.Fact Pattern:The following information is extracted from a draft of an engagement communication prepared upon the completion of an engagement to review the inventory warehousing procedures for a division.
Observations and Recommendations [#5] We performed extensive tests of inventory recordkeeping and quantities on hand. Based on our tests, we have concluded that the division carries a large quantity of excess inventory, particularly in the area of component parts. We expect this is due to the conservatism of local management that does not want to risk shutting down production if the goods are not on hand. However, as noted earlier in this engagement communication, the excess inventory has led to a higher-than-average level of obsolete inventory write-downs at this division. We recommend that production forecasts be established, along with lead times for various products, and used in conjunction with economic order quantity concepts to order and maintain appropriate inventory levels. [#6] We noted that receiving reports were not filled out when the receiving department became busy. Instead, the receiving manager would fill out the reports after work and forward them to accounts payable. There is a risk that all items received might not be recorded, or that failing to record them initially might result in some items being diverted to other places. During our tests, we discovered many instances in which accounts payable had to call receiving to obtain a receiving report. We recommend that receiving reports be prepared. [#7] Inventory is messy. We recommend that management communicate the importance of orderly inventory management techniques to warehouse personnel to avoid the problems noted earlier about (1) locating inventory when needed for production and (2) incurring unusually large amounts of inventory write-offs because of obsolescence.
[#8] We appreciate the cooperation of divisional management. We intend to discuss our observations with them and follow up by communicating your reaction to those recommendations included
within this engagement communication. Given additional time for analysis, we feel that substantial opportunities are available for significant cost savings, and we are proud to be a part of the process.
Q:A major writing problem in paragraph #5 is
A.The use of potentially emotional words such as “conservatism” of local management. B.The presentation of observations before recommendations. The engagement communication would have more impact if recommendations are made before the observations are discussed. C.The specific identification of “component parts” may be offensive to the personnel responsible for those parts and may reflect negatively on them. D.The reference to other parts of the engagement communication citing excessive inventory write-downs for obsolescence is not appropriate. If there is a problem, it should all be discussed within the context of the specific engagement observation.
Answer (A) is correct. The internal auditor should avoid using emotionally charged words because they might provoke an unexpected, negative reaction from the engagement client. The actions of divisional management could have been described adequately in neutral terms.
B.The excerpt is from the observations and recommendations section of the engagement communication, not the management executive summary. Thus, it is appropriate to present the observations and their basis before presenting the recommendations. C.The term “component parts” is not commonly regarded as having a negative connotation. D.The problem of excessive inventory has been noted in relationship to this observation. As long as the amounts of excessive write-downs have been noted earlier in the communication, it is appropriate to refer to that section for more detail.
64.Fact Pattern: The following information is extracted from a draft of an engagement communication prepared upon the completion of an engagement to review the inventory warehousing procedures for a division.
Observations and Recommendations [#5] We performed extensive tests of inventory recordkeeping and quantities on hand. Based on our tests, we have concluded that the division carries a large quantity of excess inventory, particularly in the area of component parts. We expect this is due to the conservatism of local management that does not want to risk shutting down production if the goods are not on hand. However, as noted earlier in this engagement communication, the excess inventory has led to a higher-than-average level of obsolete inventory write-downs at this division. We recommend that production forecasts be established, along with lead times for various products, and used in conjunction with economic order quantity concepts to order and maintain appropriate inventory levels.
[#6] We noted that receiving reports were not filled out when the receiving department became busy. Instead, the receiving manager would fill out the reports after work and forward them to accounts payable. There is a risk that all items received might not be recorded, or that failing to record them initially might result in some items being diverted to other places. During our tests, we discovered many instances in which accounts payable had to call receiving to obtain a receiving report. We recommend that receiving reports be prepared. [#7] Inventory is messy. We recommend that management communicate the importance of orderly inventory management techniques to warehouse personnel to avoid the problems noted earlier about (1) locating inventory when needed for production and (2) incurring unusually large amounts of inventory write-offs because of obsolescence.
[#8] We appreciate the cooperation of divisional management. We intend to discuss our observations with them and follow up by communicating your reaction to those recommendations included within this engagement communication. Given additional time for analysis, we feel that substantial opportunities are available for significant cost savings, and we are proud to be a part of the process.
Q:A major deficiency in paragraph #7 related to the completeness of the engagement communication is
A.No separate section adequately discusses the risks associated with the observation. B.The recommendation does not follow from the observation. The recommendation could have been reached without any observation. C.The condition for the observation is not clearly explained. D.The reference to other parts of the engagement communication citing excessive inventory write-downs for obsolescence is not appropriate. If there is a problem, it should all be discussed within the context of the specific observation.
Answer (C) is correct. The condition is that inventory is “messy.” However, “messy” is a word that does not completely, specifically, and factually describe what the internal auditor found during the engagement.
A.The risks are described in some detail. B.The recommendation is logically presented. The problem is that the author has mixed a condition and a cause. D.The problem of excessive inventory has been noted in relationship to this observation. As long as the amounts of excessive write-downs have been noted earlier in the communication, it is appropriate to refer to that section for more detail.
65.Which of the following is a possible disadvantage when the draft engagement communication is provided to local management for review and comment?
A.The engagement client may take corrective action before the final communication is issued. B.The engagement client will have an opportunity to rebut observations and recommendations. C.Genuine consideration for the engagement client will be demonstrated. D.Discussion of the report might center unduly on words rather than on the substantive issues.
Answer (D) is correct. The internal auditor should be prepared for conflicts and questions and possibly time-consuming disagreement over semantic matters. While showing flexibility on matters not affecting the report’s substance, the internal auditor’s response to these conflicts should never be to negotiate the engagement conclusions.
A.The possibility of early corrective action is an advantage. B.The possibility of rebuttal is an advantage. C.Demonstrating consideration for the engagement client is an advantage.
66.The internal audit activity customarily has a dual relationship with management and the audit committee. This means that
A.Management should help the internal audit activity by revising and forwarding engagement communications to the audit committee. B.The internal audit activity should report directly to the audit committee, without corroborating engagement communications with management. C.The accuracy of engagement communications should be verified with management, and the internal audit activity should then report to management and the audit committee. D.Ideally, the internal audit activity works under the audit committee but reports to the chief operating officer on all engagements relating to operations.
Answer (C) is correct. Internal auditors discuss conclusions and recommendations with appropriate levels of management before the chief audit executive (CAE) issues the final engagement communications. These discussions and reviews help avoid misunderstandings or misinterpretations of fact.
A.The internal audit activity should revise and forward engagement communications to the audit committee. B.Engagement communications should be discussed with the client management.
D.The ideal arrangement is to send all engagement communications to the audit committee.
67.Which of the following combinations of participants is most appropriate to attend an exit meeting?
A.The responsible internal auditor and representatives from management who are knowledgeable about detailed operations and who can authorize implementation of corrective action. B.The chief audit executive and the executive in charge of the activity or function reviewed. C.Staff internal auditors who conducted the field work and operating personnel in charge of the daily performance of the activity or function reviewed. D.Staff auditors who conducted the field work and the executive in charge of the activity or function reviewed.
Answer (A) is correct. The level of participants in the discussions and reviews may vary by organization and nature of the report; they generally include those individuals who are knowledgeable of detailed operations and who can authorize the implementation of corrective action.
B.The CAE and the executive in charge of the activity reviewed might not be knowledgeable about the details. C.Staff auditors and operating personnel might not have the necessary perspectives or authority. D.The staff auditors might lack the proper perspective and authority.
68.One purpose of the exit meeting is for the internal auditor to
A.Require corrective action. B.Review and verify the appropriateness of the engagement communication based upon client input. C.Review the performance of internal auditors assigned to the engagement. D.Present the final engagement communication to management.
Answer (B) is correct. The primary purpose of an exit meeting is to ensure the accuracy of the information used by the internal auditor. Accordingly, client input is solicited to verify the appropriateness of the engagement communication. A.Only management can require corrective action. C.Internal auditor performance is reviewed in private with the individual employee, not at the exit meeting.
D.The exit meeting is normally based on draft communications. The final engagement communication is subject to modification based on the results of the exit meeting.
69.The effectiveness of an internal auditing engagement is related to the results and the action taken on those results. Which of the following activities contributes to engagement effectiveness?
A.Conducting an exit meeting with engagement clients. B.Adhering to a time budget. C.Preparing weekly time reports. D.Having budget revisions approved by the project supervisor.
Answer (A) is correct. An exit meeting (post-engagement meeting) is an opportunity for discussion of engagement results, i.e., observations, conclusions, and recommendations. The effectiveness of an engagement is enhanced by the exit meeting because it provides the engagement client an opportunity to clarify specific items and to express views of the observations, conclusions, and recommendations.
B.Adhering to a time budget contributes to efficiency, not effectiveness. C.Preparing weekly time reports contributes to efficiency, not effectiveness. D.Having budget revisions approved by the project supervisor contributes to efficiency, not effectiveness.
70.Which of the following best describes the primary purpose of exit conferences?
A.To validate audit findings and conclusions. B.To elicit audit client concerns. C.To preview the audit report. D.To present audit results.
Answer (D) is correct. Internal auditors must communicate engagement results to appropriate parties (Perf. Std. 2400 and Perf. Std. 2440). Accordingly, the primary purpose of exit conferences is to present audit results to audit clients
A.Validating audit findings and conclusions is a secondary purpose. B.Eliciting audit client concerns is a secondary purpose. C.Previewing the audit report is a secondary purpose.
71.An engagement performed at an organization’s payroll department has revealed various control weaknesses. These weaknesses, along with recommendations for corrective actions, were addressed in the final engagement communication. This communication should be most useful to the organization’s
A.Purchasing manager. B.Audit committee of the board of directors. C.Payroll manager. D.President.
Answer (C) is correct. The CAE distributes the final engagement communication to the management of the audited activity and to those persons in the organization who can ensure engagement results are given due consideration and take corrective action or ensure that corrective action is taken. A communication on control weaknesses in the payroll function should be most useful to the payroll manager because (s)he is in a position to take corrective action.
A.The purchasing manager is not responsible for the payroll department. B.The audit committee is not in operational control of the department. D.The president is not in operational control of the department.
72.The chief audit executive (CAE) or a designee is required to decide to whom the final engagement communication will be distributed. Observations concerning significant internal control weakness are included in an engagement communication on the accounts payable system of an organization whose securities are publicly traded. Which of the following is the most likely reason that the CAE has chosen to send copies of this engagement communication to the board and the external auditor?
A.The board and external auditor are normally sent copies of all internal audit engagement communications as a courtesy. B.The board and external auditor will need to take corrective action based on the observations. C.The activities of the board and external auditor may be affected because of the potential for misstated financial statements. D.A regulatory agency’s guidelines require such distribution.
Answer (C) is correct.
The CAE distributes the final engagement communication to the management of the audited activity and to those persons in the organization who can ensure engagement results are given due consideration and take corrective action or ensure that corrective action is taken. The potential for misstated financial statements created by the internal control weaknesses should be of interest to the board and the external auditor.
A.Normal distribution is to management of the activity under review and others in a position to take corrective action or ensure that corrective action is taken. B.Operating management is responsible for taking corrective action. D.Such a requirement is unlikely.
73.Several levels of management are interested in the results of an engagement performed in the marketing department. What is the best method of communicating the results of the engagement?
A.Write detailed communications for each level of management. B.Write a communication to the marketing management and give summary communications to other management levels. C.Discuss results with marketing management and issue a summary communication to senior management. D.Discuss results with all levels of management.
Answer (B) is correct. The CAE distributes the final engagement communication to the management of the audited activity and to those members of the organization who can ensure engagement results are given due consideration and take corrective action or to ensure that corrective action is taken. Where required by the internal audit charter or organizational policy, the CAE also communicates to other interested or affected parties, such as external auditors and the board. A.Each level of management does not need a detailed communication. C.A formal, detailed, written communication should be addressed to marketing management if that is the level of management able to act on the engagement results. D.Observations, conclusions, and recommendations should be discussed with the appropriate levels of management, but an engagement communication should still be issued.
74.An internal auditor has uncovered illegal acts committed by a member of senior management. Such information
A.Should be excluded from the internal auditor’s engagement communication and discussed orally with the senior manager. B.Must be immediately reported to the appropriate government authorities. C.May be disclosed in a separate communication and distributed to all senior management.
D.May be disclosed in a separate communication and distributed to the board.
Answer (D) is correct. Certain information is not appropriate for disclosure to all report recipients because it is privileged, proprietary, or related to improper or illegal acts. Disclose such information in a separate report. Distribute the report to the board if the conditions being reported involve senior management.
A.Although improper or illegal acts may be disclosed in a separate communication, the internal auditor should not discuss such information with individuals who have committed such acts. B.In general, internal auditors are responsible to their organization’s management rather than outside agencies. In the case of fraud, statutory filings with regulatory agencies may be required. C.Such information should be communicated to individuals to whom senior managers report.
75.An internal audit activity’s evaluation of sales contracts revealed that a bribe had been paid to secure a major contract. The strong possibility existed that a senior executive had authorized the bribe. Which of the following best describes the proper distribution of the completed final engagement communication?
A.The report should be distributed to the chief executive officer and the appropriate regulatory agency. B.The report should be distributed to the board, the chief executive officer, and the independent external auditor. C.The chief audit executive should provide the board a copy of the report and decide whether further distribution is appropriate. D.The report should be distributed to the board, the appropriate law enforcement agency, and the appropriate regulatory agency.
Answer (C) is correct. Certain information is not appropriate for disclosure to all report recipients because it is privileged, proprietary, or related to improper or illegal acts. Disclose such information in a separate report. Distribute the report to the board if the conditions being reported involve senior management.
A.Outside distribution conflicts with the internal auditors’ ethical obligations, and the CEO may be involved in the illegality. B.Outside distribution conflicts with the internal auditors’ ethical obligations, and the CEO may be involved in the illegality. D.Outside distribution conflicts with the internal auditors’ ethical obligations, and the CEO may be involved in the illegality.
76.Which of the following should not be one of the primary reasons why an internal auditor may communicate sensitive information outside the normal chain of command?
A.The desire to stop the wrongful, harmful, or improper activity. B.Legal advice indicates that the internal auditor should disclose the sensitive information to an outside party. C.A professional obligation requires disclosure of the activity to an outside party. D.The internal auditor does not agree with how the board or directors or management may correct the problem.
Answer (D) is correct. An internal auditor who communicates sensitive information outside the chain of command should be motivated by the desire to stop the wrongful, harmful, or improper activity; legal advice; or a professional obligation. A personal disagreement is the least satisfactory reason.
A.The primary motive of outside disclosure to get management or the board of directors to stop the activity they are engaged in. B.The internal auditor will often consult legal counsel before deciding what course of action to take with regard to the activity. C.A professional obligation often forces the internal auditor to disclose to outside parties. The IIA’s Code of Ethics requires IIA members and certified internal auditors to adhere to the disclosure requirements of illegal or unethical acts.
77.An internal auditor has a professional duty to do each of the following with regard to sensitive information except
A.Consider the duty of confidentiality. B.Disclose sensitive information that the internal auditor has a legal obligation to disclose. C.Consider whether further action is needed to protect the interests of the organization, the community, or the institutions of society. D.Seek the advice of legal counsel or other experts.
Answer (D) is correct. Although the advice of legal counsel or other experts is recommended, the internal auditor does not have a professional duty to seek such advice. Discussing the information with lawyers or experts may help provide a different perspective on the circumstances as well as offer opinions about various actions.
A.The internal auditor is supposed to respect the value and ownership of information and avoid disclosing it without appropriate authority. B.An internal auditor must disclose information that (s)he is legally or professionally required to disclose.
C.The internal auditor has a professional duty and an ethical responsibility to evaluate the sensitive evidence and decide whether further action is needed to protect the interests of parties that may be adversely affected.
78.For which situation should the internal auditor consider communicating sensitive information outside the organization’s governance structure?
A.The internal auditor believes the corporation does not have the resources to address the problem efficiently. B.Action by management may take longer than the internal auditor believes is necessary to correct the problem. C.The internal auditor believes that the problem will not be properly investigated by management. D.An outside agency may be able to help the corporation correct the problem faster than the corporation could on its own.
Answer (C) is correct. In most cases of whistleblowing, whistleblowers will disclose sensitive information internally, even if not within the normal chain of command, if they trust the policies and mechanisms of the organization to investigate the problem. If the whistleblower doubts the problem will be properly investigated by the corporation, (s)he may consider di