Snippet of CIA Part 1 Test Bank Questions 2022 [PDF]

Zitiervorschau

Let’s Connect with Each Other Web: www.zainacademy.us Web: www.mzain.org Email: [email protected] Email: [email protected] WhatsApp (Messaging & Call): +92 311 222 4261 International Call: +92 311 222 4261 US & Canada Call: +1 646 979 0865 Facebook: https://www.facebook.com/zainacademy YouTube: https://www.youtube.com/c/zainacademy LinkedIn: https://www.linkedin.com/in/mzainhabib/ Twitter: https://twitter.com/mzaincpacmacia Instagram: https://www.instagram.com/mzain.cpa.cma.cia/ Pinterest: https://www.pinterest.com/mzainhabib/ Amazon: https://www.amazon.com/MUHAMMAD-ZAIN/e/B07K2G2R8M Telegram: https://t.me/ZainAcademy Tumblr: https://zainacademy.tumblr.com/ Medium: https://medium.com/@muhammad_zain_cpa_cma_cia

2

INDEX Preface………………………………………………………………………………………………………………..4 Certified Internal Auditor (CIA) – US Basic Information………………………………………..5 Letter from Muhammad Zain…………………………………………..………………………………..18 Section A – Foundation of Internal Auditing…………………..………………………………….22 Section B – Independence and Objectivity…………………………………………………..….143 Section C – Proficiency and Due Professional Care……………………………………….....230 Section D – Quality Assurance and Improvement Program……………………………...513 Section E – Governance, Risk Management and Controls………………………………..763 Section F – Fraud Risks……………………………………………………………………………….…1,241 Books Written By Muhammad Zain……………………………………………………………….1,580 Quotes That Will Change Your Life………………………………………………………………..1,588 About the Mentor………………………………………………………………………………..……….1,596

PREFACE All the knowledge possessed by me is a gift from Almighty Allah. The Creator of the Heavens and the earth blessed me with the success of passing Certified Public Accountant (CPA), Certified Management Accountant (CMA), Certified Internal Auditor (CIA), and Masters of Business Administration (MBA) exams in 1st attempt. I am profoundly grateful to my family for providing all the resources and time at their disposal for my enrichment morally, physically, and spiritually. I am also thankful to my teachers, who delivered their knowledge, wisdom, and experience. The knowledge, resources, views, facts, and information presented in this book are a voice from my heart bestowed by Allah and my experience gained during my entire lifetime. I capitalized hours searching the Internet, Blogs, Social media, and Wikipedia to update my knowledge and notebook as part of my continuous learning objective. I am highly indebted to contributors to Google, Blogs, Social Media, and Wikipedia for presenting me with the ocean of knowledge and insights. The more I dived deep into the ocean, the more I concluded that we human beings are only given limited knowledge, which is unexplored and undiscovered entirely to this date. This curiosity of mankind is bringing innovations, discoveries, and ideas. Any resemblance to any copyrighted material available on the planet is purely coincidental and unintentional. I allow the readers of this book to use it for any related educational purpose and reproduce the contents as long as the original text in this book is unaltered. I give reasonable assurance that the information provided in this book is correct according to my knowledge and belief. There may be circumstances where potential readers challenge the information presented. I welcome these challenges to correct me for future updates. May the Lord, Master of the day of Judgement and to whom the sovereignty belongs, bless me more and my readers in this world and in particular in life hereafter (Ameen). 4

CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION Certified Internal Auditor (CIA) certification is offered by the Institute of Internal Auditors (IIA), US. It is a premium internal auditing qualification having a global presence. CIA is a symbol of excellence in compliance reporting, risk management, and consultancy. CIA has three parts. Part 1 is known as Essentials of Internal Auditing, Part 2 is known as Practice of Internal Auditing, and Part 3 is known as Business Knowledge for Internal Auditing. Zain Academy’s purpose is to create the best CIA Exam Prep materials at affordable pricing. The IIA releases the profession's primary guidance, such as the International Professional Practices Framework (IPPF), Code of Ethics, International Standards for the Professional Practice of Internal Auditing. Membership with IIA is not required to earn a CIA designation. Candidates can save their earned money by not choosing the membership.

Chapters and affiliated institutes hold regular meetings, seminars, and conferences to develop networking, contacts, and social bonding. It is advisable to attend these types of events to learn about the current practices in internal auditing. Why Choose CIA The Certified Internal Auditor (CIA) credential offers many benefits. CIA certification can help you move forward in a focused direction. CIA certification gives a message that you are a proficient internal auditor who can bring valuable insights and experience. CIA holders can be entrusted with significant responsibility. CIA also helps in increasing accounting knowledge and skill. CIA holders earning potential is excellent as compared to non-certified peers. Companies retain talented individuals by giving them market-based remuneration, bonuses, perks, fringe benefits, vacations. Qualified individuals earning is multiplied if he/she opens consultancy, compliance or internal auditing firm. CIA certified deserves the respect of the peers. 5

CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION Way To Achieve CIA Credential The candidates must meet the four Es requirements, i.e., Education, Ethics, Examination, and Experience for achieving the CIA designation. Three years is provided by the Institute to get certified. However, the candidates can apply for one of the three types of 1-year eligibility extension, i.e., hardship, non-hardship, and exam eligibility. Each type of extension has its procedures and fees. Please refer to the CIA Candidate Handbook as available from the IIA website. Education – At least a Bachelor’s degree from an accredited college or university. If the candidates do not have a bachelor’s degree, then a verifiable seven years of internal auditing experience can be accepted. Ethics – Reflect high moral and professional character and agree to abide by the IIA’s Code of Ethics. Submit a Character Reference Form signed by a CIA certified or supervisor or professor. Examination – This is the most important of all the requirements. Candidates spend considerable time clearing the three parts of the CIA exam. Experience – Bachelor's degree holder has to demonstrate two years of working experience. However, the requirement is reduced to one year if the candidate is a Master's degree holder. The candidates can fulfill experience requirements even after passing the CIA exams. The experience gained can be in the accounting, finance, or internal audit department. 6

CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION CIA Examination Candidates have to pass three parts to become certified. If a candidate cannot pass all three parts within three years’ time period, then the candidate will lose the credit for any part passed and will have to apply again to the Institute. The table is necessary to become familiar with the CIA structure. Part 1 2 3

Title Essentials of Internal Auditing Practice of Internal Auditing Business Knowledge for Internal Auditing

MCQs 125 100 100

Time 2.5 hours (150 mins) 2 hours (120 mins) 2 hours (120 mins)

IIA Retired Questions Test Bank Questions available with all the publishers are retired questions by IIA. 75% of the questions are the same with every publisher. The rest, 25%, is their creativity. REMEMBER that actual CIA exam questions are non-disclosed and are not available to anyone. 7

CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION CIA Exam Scoring The CIA exam is computer-graded. The candidate will receive the result within five minutes of finishing the exam. Scores are determined by the difficulty level of questions asked and converting the value of questions answered correctly to a scale that ranges between 250 to 750. A score of at least 600 is required to pass the exam, i.e., 80%. If the questions are of higher IQ level, the passing score can go below 600, but if the items tested are easy, then passing criteria can go up from 600. Whether the questions being asked are easy or difficult, I suggest you target achieving an overall 85% in exams by accurately attempting the 107 correct questions out of 125 questions in CIA Part 1. The trend analysis for several years of CIA exam passing ratio is between 40% to 44%. CIA Exam Dates CIA exam can be taken at any day and time of your choice subject to two conditions: The day must be a normal working day except for weekends and public holidays; and The time of the exam must be within regular working hours. It is highly recommended to select your exam date and time as early as possible to get the preferred appointment. 8

CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION Documents Required By IIA The following documents are required by the Institute when a candidate makes a profile at the Certification Candidate Management System (CCMS): A soft copy of an unexpired official passport or national candidate ID card; A soft copy of degree and transcripts; A soft copy of the character reference form duly attested;

A soft copy of the experience reference form verified by a CIA or supervisor. Once the candidate registers for an exam part and gets the authorization to test email from IIA, he has 180 days to schedule and sit for the exam. This email from IIA must be printed and carried by the candidate when he takes his exam. Pearson VUE www.pearsonvue.com/iia conducts CIA examinations globally. Select the testing center location that is easily reachable for you.

9

CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION Investment in CIA Investment in the CIA is one time if the candidates pass all three parts in the first attempt. Investment in the CIA is advantageous throughout life. CIA exam fee is presented in the following table. S.No 1. 1. 1. 1.

Description Application fee Part 1 fee Part 2 fee Part 3 fee

Member Non-Member Student $ 115 $ 230 $ 65 $ 280 $ 395 $ 230 $ 230 $ 345 $ 180 $ 230 $ 345 $ 180 TOTAL $ 855 $ 1,315 $ 655

I highly recommend the candidates pay their dues through DEBIT CARD only. This way, you will be free from all claims of the bank and will be much relieved. The target must be to clear the exams in 1st Attempt so that the examination fee is paid only once, and benefits of opportunity costs can be derived. Investment in study materials, test bank questions, and learning videos are separate and vary according to the candidate’s preferences and study methods. REMEMBER to subscribe to the study materials and test bank questions that are economical, comprehensive, updated, and excellent. ALSO, REMEMBER to subscribe for each part separately to get the time benefit. 10

CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION CIA Parts Selection Order I recommend the candidates to begin their preparation with Part 1 first and then moving to Part 2 and Part 3. The candidates can pass all three parts easily in seven months. Difficulty Level of CIA Part 1 CIA Part 1 is the foundation of all three parts. CIA Part 1 exam can be passed quickly if the candidates can exhibit the traits of Excellency, Creativity, Passionate, and Patience in their preparation and, in particular, on exam day. The Candidates must have a clear vision of their future. They must be able to define their purpose of life. The will to win, the desire to succeed, the urge to reach full potential – these are the keys that will unlock the door of CIA certification. The reason that many candidates find it difficult to achieve the CIA is that they are not able to define their goals or ever seriously consider them as believable or achievable. Champions can tell you where they are going, what they plan to do along the way, and with whom they will be sharing their adventure. Keep looking for creativity, and don’t settle for the less. You have that potential. It is just a matter of time that you explore and discover yourself. Once you find yourself and your capability, you will never be the same again. CIA Part 1 – Syllabus There are six sections in CIA Part 1. a. Section A – Foundations of Internal Auditing – 15% weightage b. Section B – Independence and Objectivity – 15% weightage c. Section C – Proficiency and Due Professional Care – 18% weightage d. Section D – Quality Assurance and Improvement Program – 7% weightage e. Section E – Governance, Risk Management and Control – 35%

f. Section F – Fraud Risks – 10% weightage

11

CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION CIA Part 1 Preparation Time It is generally observed that many of the CIA candidates are working executives. They have to allocate time for work, family, studies, and personal leisure. The candidates are ready for Part 1 exam if they can allocate at least 3 hours on weekdays and at least 6 hours on weekends for two months continuously. The candidates must follow the steps to understand the concepts being part of the syllabus of CIA Part 1. Read a whole particular section from the study book first with the questioning mind approach. Mark or highlight only the important paras or sentences in the book.

Attempt the True / False Questions of that particular section presented in the book to bring clarity on the already read topics. Attempt the Multiple Choice Questions of that particular section from the Test Bank without any time constraints. Focus must be on selecting the right answers in the first place. If you attempt any question correctly, proceed to the next question. These questions do not need to be reviewed ever again because a question once attempted successfully will always be correct in the future. If any question attempted is wrong in the 1st place, then mark or highlight or flag those questions. Furthermore, there might be instances in which you have selected the right answer, but you are in doubt about the outcome of the result if attempted later. These questions also need to be marked or highlighted. These marked questions will form the basis of review, revision, and rehearsal at a later stage.

12

CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION CIA Part 1 Preparation Time……(continued) Read the explanation of the incorrect answers selected and try to understand the logic of the question and correct answer explanation. As you complete 80% of the total questions of a particular section, move to the next section, and repeat the steps from (a) to (d). Revision of the already learned topics every week is warranted. Dedicate a particular day in a week in which you will only revise the already learned topics. Read only those paras from the book which have been highlighted. Attempt only those questions from Test Bank Questions, which have been marked or highlighted. Time Management must come into effect while re-attempting the questions. Each MCQ has to be attempted in 1.2 minutes. This way you will revise the entire section smartly and anxiety level will decrease. As you complete all the sections of the CIA Part 1, then focus on completing the 100% of the MCQs from the Test Bank Questions. REMEMBER that each topic has an equal chance of selection in the exam. So you have to be prepared for every concept. ALSO REMEMBER that CIA Exams are of continuous 2.5 hour duration. Train your mind to be active for at least 3 hours during MCQs preparation. 13

CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION The candidates must have updated study materials and test bank questions. The study materials must be simple, concise, and easy to understand. The majority of finance graduates and working executives prefer self-studies. Select test bank questions of any comprehensive publisher. Subscribing for more than one publisher’s test bank questions will not help as most of the questions will be repetitive. Video Lectures are of great aid. They increase the retention power of the candidates by at least 25%. Furthermore, the candidates can view them later at their ease and convenience. Many of the candidates prefer live classes or online interactive sessions. This can also increase the odds in your favor exponentially. Recommended Study Approach CIA exams are computer-based. It is recommended that all your preparation, highlighting, and practice must be on the computer or laptop. The candidates must avoid the traditional method of studying and making notes via pen and paper. Pen and paper shall be used only for calculation-related purposes while attempting the test bank questions. The candidates can study at any time of day or night, but my preferable time is an early morning daily at 4:30 am. This is the time where the human brain is at a high energy level. This is also the time of great silence. You will be provided with earplugs in the center and must use them to avoid distractions from other candidates' noise. Silence also has its voice, which you will agree with me on your exam day. Your mind needs to be accustomed to it. Therefore, use good quality foam-based earplugs from day 1 of your preparation. You can find these earplugs from your local pharmacy. You will be provided with black pens at the center and two sheets. Start using a black pen from day 1. Your mind must be able to recognize and work in a black pen. Please become familiar with the MCQ screens and navigation of the Pearson VUE Testing Environment before the exams. The tour can be arranged from your computer. This will make you comfortable on your exam day. 14

CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION How to Answer the MCQs in preparation and exams? My preferable way of approaching any MCQ is provided below. Ask yourself three bold phrases in every MCQ. What are the requirements of the question? The requirements of the question are generally presented in the second last or last line of the question. Read it thoroughly and then reread the whole question to filter out the extra information. What is the answer? Read twice the answer choices carefully and then select the best answer. Numerical questions require double-checking of formulas and calculations. If you do not know the answer, make an educated guess. The educated guess is a technique in which you can filter out the two options out of four based on your insights. Now the two options left to be paid attention to. Read the requirements of the question again and then the remaining two answer choices. Select the best one. This way you will increase your odds in favor by 50%. Attempt all the questions in exams even if the testlet is harder, and time management is crucial. You will not be penalized for any incorrect choices being made. Your score is determined out of correct questions only. Mark or Flag all those questions which you want to review in end if the time allows.

15

CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION Pearson VUE Testing Site Visit After you schedule your appointment with Pearson VUE, visit the center at least three days before the exam to become familiar with the location. If the center is in a building, make yourself familiar with the security perimeters of the building as well. Make contingency plans to reach the exam center in case of any unexpected circumstances. Double-check the weather conditions in advance of the exam day. Day Before Exam Day This day is also vital in the candidate’s life. Leave all the review, revisions, or attempting the test bank questions at least 24 hours before the exam day. CIA is a professional paper and the candidate has to be ready at any time. You have done enough preparation. Trust in Allah and have confidence in your abilities. You have done enough training. It is now time to showcase your talent. You will be intimidated to see the materials or revise the test bank questions or watch the lecture videos. Keep aside all these urges. Divert your mind to the most enjoyable activity. That enjoyable activity can be praying, meditating, walking in the garden, or even watching a good movie. Arrange all the required documents, clothes, shoes, calculators, funds, and other items in advance. Charge your cell phone if you plan to travel and navigate by Apps. Mobile Data Connection package must be active. Sleep for at least 10 hours at night before the exam day. 16

CERTIFIED INTERNAL AUDITOR (CIA) - US BASIC INFORMATION Activities on Exam Day Take a good shower and wear comfortable clothing according to the weather conditions. Have a comprehensive meal that is easily digestible and consume any necessary medicines. Bring printouts of Authorization Letter / Confirmation Letter / Notice to Schedule received through email from Pearson VUE and Institute, mentioning candidate’s name, section part, exam date, time, and venue. Two original forms of non-expired identification with photograph and signature are required. Therefore, bring an unexpired and signed passport and national identity card / driver’s license along with you. Reach the exam center at least 60 minutes’ prior of your appointment time. Drink coffee or tea before the exam so that you are charged enough.

Visit the washroom before the start of exam. The mobile phone has to be switched off and placed in a locker along with wallets. You will not be given any complimentary breaks during the 2.5 hour exam. However, you can take one for taking a slight break for recharging yourself, visiting the washroom and having water. However, the clock will continue to run. Do not make noise or stand up from the seat without permission. Raise your hand first. The invigilator will visit you, and then you can ask for pens, extra sheets for working, or taking a break or any malfunction encountered in exams. Once you finish your exam, review the mark or flagged questions and try to attempt in the remaining time period. Your score is based on the number of questions you answer correctly. You are not penalized for selecting the wrong answer. Make sure to submit your exam and watch for the incoming message from the system for acknowledging your submitted questions.

What To Do after Passing CIA Exams

Hats off to you for passing all three parts. Meet all other program requirements and complete the Certificate Order Form by logging into CCMS to get17your certificate.

LETTER FROM MUHAMMAD ZAIN 16 August 2021 Dear CIA, May Peace, Blessings, and Mercy of Allah be upon you, to all the Messengers of Allah and, in particular, on the Noble and Final Messenger Prophet Muhammad (Peace Be Upon Him), his Family, and his Companions. Be a symbol of excellence in your life. Always dream big and think beyond the dimensions of the Universe. Man is made to conquer the seven Heavens. Explore the purpose of your existence and discover the enormous potential that is within oneself. Having faith and trust in Creator will give you the light in the darkness and unchartered territories. There is always a silver lining beneath the dark skies. A creative mindset makes life simple. Work on your passion by synchronizing your soul, heart, and mind. We all will die one day, but only a few dare to live the life they wish for. The Creator has created the entire Universe in six days. There is a great potential to discover the magnificent beauty that remains unexplored to date. This is only possible by seeking knowledge and applying them in our daily lives. We are living in end times and witnessing a moment that humanity has not ever experienced before. This is the digital transformation age. Artificial Intelligence, Blockchain Technology, Cryptocurrency, Business Intelligence, and Big Data are business norms. All the information is available in the blink of an eye. Whatever we think in mind comes in front of our screens. These advancements will change the dynamics of the whole world we live in today. All the traditional and so-called “modern” methods of doing work will be replaced by cloud computing. The work of accountants, doctors, engineers, pilots will no longer exist. The irredeemable paper money will be replaced by electronic money. Central Governments will only exist in name only. Universal Government and a unified taxation system will emerge. Virtual reality will be ordinary. Blind will be able to see, deaf will be able to hear, without limbs persons will be able to run, and mentally disabled people will utilize the 18 maximum brain capacity through mental chip implants. Teleportation of humans will be done in a blink of an eye.

LETTER FROM MUHAMMAD ZAIN My advice to all readers around the world is to focus on entrepreneurship after the certification. This is the only way of survival. Only those businesses are operational who have inelastic demand for their products or services and who are on cloud computing / virtual workplaces. Furthermore, invest surplus funds in real assets such as Gold, Silver, and property. They are the effective hedges against inflation and devaluation. They generate positive returns even in times of economic distress. I highly recommend that my potential readers pay their interest-bearing debt at the earliest to avoid the debt trap and never go for this easy money for the foreseeable future, even in the form of credit cards. Housing loans are the bloodsucking predator. These are all the means to enslave the human race to limit their thinking and imagination capability. Always spend out of your realized income. Save some funds for your family as a contingency measure. Allow me the opportunity to present to you the 2022 edition of CIA Part 1 Test Bank Questions. This Test Bank contains the 700+ MCQs with explanation to the correct and incorrect choices to help you prepare for CIA exams conducted by IIA. This CIA Exam Prep is ideal for all persons working in internal auditing, risk management and compliance reporting positions. It also equally suitable for those candidates who wish to learn the concepts and principles of Internal Audit. Aspiring entrepreneurs can also benefit from this CIA review course. Study with complete dedication and commitment. Make the goal of learning something new and different each day. Replace your fear with curiosity.

19

LETTER FROM MUHAMMAD ZAIN Let’s work together towards the common goal of earning a Certified Internal Auditor (CIA) credential. My support and guidance will be with you TILL YOU PASS THE EXAMS. Furthermore, you can ask as many questions as you wish to either through WhatsApp (+92 311 222 4261) or email ([email protected] and [email protected]), and I will answer to the best of my ability. Your work is going to fill a large part of your life and the only way to be truly satisfied is to do what you believe is great work. The only way to do great work is to love what you do. If you haven’t found it yet, keep looking. Don’t settle. As with all matters of the heart, you will know when you find it. Have the courage to follow your heart and intuition. They somehow already know what you truly want to become. Everything else is secondary. Your imagination is everything. It is the preview of life’s coming attractions. Only those who believe anything is possible can achieve things most would consider impossible. Don’t let the noise of others’ opinions drown out your own inner voice. Remembering that you are going to die is the best way I know to avoid the trap of thinking you have something to lose. You are already naked. There is no reason not to follow your heart.

20

LETTER FROM MUHAMMAD ZAIN Your time is limited, so don’t waste it living someone else’s life. I dedicate this work to the Prophet Muhammad (Peace Be Upon Him), Mercy to all the Creation, who has been the source of inspiration and guidance to humanity. May the Knowledge delivered by me shall be a continuing blessing for me in the Life Hereafter (Ameen). With Love and Care,

Muhammad Zain

21

22

Section A – Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 1 Today’s internal auditor will often encounter a wide range of potential ethical dilemmas, not all of which are explicitly addressed by The IIA’s Code of Ethics. If the internal auditor encounters such a dilemma, the internal auditor should always A. Seek the counsel of the board before deciding on an action B. Act consistently with the code of ethics adopted by the organization even if such action is not consistent with The IIA's Code of Ethics. C. Seek counsel from an independent attorney to determine the personal consequences of potential actions. D. Apply and uphold the principles embodied in The IIA Code of Ethics. 23

Section A – Foundations of Internal Auditing ANSWER TO QUESTION NO. 1 CORRECT ANSWER IS D . Its Explanation is The internal auditor should always apply and uphold the principles of The IIA Code of Ethics. The core principles of the Code are integrity, objectivity, confidentiality, and competency.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

The internal auditor should always apply and uphold the principles of The IIA Code of Ethics. It does not seem practical for the internal auditor to seek counsel of the board concerning all ethical issues. Explanation for Choice B: The internal auditor should always apply and uphold the principles of The IIA Code of Ethics. If the standards of the organization are not consistent with the profession’s standards, the internal auditor will first be held to the standards of the profession. Explanation for Choice C: The internal auditor should always apply and uphold the principles of The IIA Code of Ethics. It does not seem practical for the internal auditor to seek counsel from an independent attorney concerning all ethical issues. 24

Section A – Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 3 The proper organizational role of internal auditing is to

A. Serve as the investigative arm of the board of directors. B. Perform studies to assist in the attainment of more efficient operations. C. Assist the external auditor in order to reduce external audit fees. D. Serve as an appraisal function to examine and evaluate activities as a service to the organization. 27

Section A – Foundations of Internal Auditing ANSWER TO QUESTION NO. 3 CORRECT ANSWER IS D . Its Explanation is The primary role of the internal audit activity is to assist the management of a company in its responsibility of maintaining effective controls by evaluating the effectiveness of those controls. In this role, it serves as an appraisal function that adds value to operations.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

The role of internal auditing is not limited to serving as the investigative arm of the board. The internal audit activity assists the management of a company in its responsibility of maintaining effective controls by evaluating the effectiveness of those controls. Explanation for Choice B: One of the roles of internal auditing is the performance of studies to assist in the attainment of more efficient operations. However, primary role of internal auditing is much more than this. Explanation for Choice C: Although external audit fees may be reduced as a result of the internal auditing activities, this is not the primary role of internal auditing. 28

Section A – Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 5 The benefits from internal auditing include all of the following except

A. Employees benefit because the internal audit activity can help them effectively perform their jobs. B. Management benefits because the internal audit activity is able to help them identify and minimize risks. C. The external auditor benefits because the internal audit activity is able to provide an opinion about the accuracy and completeness of the annual financial statements. D. Society benefits from internal auditing because the internal auditor promotes the efficient and effective use of resources. 31

Section A – Foundations of Internal Auditing ANSWER TO QUESTION NO. 5 CORRECT ANSWER IS C . Its Explanation is Internal auditors are not able to provide an opinion about the accuracy and completeness of the annual financial statement. This is solely the responsibility of the external auditor. INCORRECT CHOICES EXPLANATION Explanation for Choice A: This is a true statement about the benefit of internal auditing. Explanation for Choice B: This is a true statement about the benefit of internal auditing. Explanation for Choice D: This is a true statement about the benefit of internal auditing. 32

Section A – Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 7 The authority of the internal audit activity is limited to that granted by

A. The audit committee and the chief financial officer. B. Management and the board. C. Senior management and the Standards. D. The board and the controller.

35

Section A – Foundations of Internal Auditing ANSWER TO QUESTION NO. 7 CORRECT ANSWER IS B . Its Explanation is

Management and the board of directors grant authority to the internal audit activity by means of the internal audit activity's charter. INCORRECT CHOICES EXPLANATION Explanation for Choice A: No single officer and no single committee grant authority to the internal audit activity. Explanation for Choice C: The Standards do not grant authority to the internal audit activity. Explanation for Choice D: No single manager grants authority to the internal audit activity. 36

Section A – Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 9 To avoid being the apparent cause of conflict between an organization's senior management and the audit committee, the chief audit executive (CAE) should A. Discuss all reports to senior management with the audit committee first. B. Strengthen the independence of the internal audit activity through organizational status. C. Request board approval of policies that include internal audit activity relationships with the audit committee. D. Communicate all engagement results to both senior management and the audit committee. 39

Section A – Foundations of Internal Auditing ANSWER TO QUESTION NO. 9 CORRECT ANSWER IS C . Its Explanation is The purpose, authority and responsibility of the internal audit activity should be defined in the charter. The charter should establish the internal audit activity's position within the organization.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

The audit committee provides an oversight role, not an operational. Explanation for Choice B: Strengthening the independence of the internal audit activity would not necessarily eliminate a conflict between senior management and audit committee. Explanation for Choice D: Communicating all engagement results to both senior management and the audit committee is not necessary 40 and would be inefficient.

Section A – Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 11 Internal auditors should be prudent in their relationships with persons and organizations external to their employers. Which of the following activities will most likely not adversely affect internal auditors’ ethical behavior? A. Discussing engagement plans or results with external parties. B. Serving as consultants to competitor organizations. C. Accepting compensation from professional organizations for consulting work. D. Serving as consultants to suppliers. 43

Section A – Foundations of Internal Auditing ANSWER TO QUESTION NO. 11 CORRECT ANSWER IS C . Its Explanation is Accepting compensation from professional organizations for consulting work is not likely to impair, or be presumed to impair the internal auditors’ professional judgment.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: Rule of Conduct 3.1 states that internal auditors shall be prudent in the use and protection of information in the course of their duties. Explanation for Choice B: Serving as consultants to competitor organizations might create a conflict of interest. Explanation for Choice D: Serving as consultants to suppliers might create a conflict of interest. 44

Section A – Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 51 Which of the following is an element of authority that should be included in the internal audit activity's charter? A. Access to the external auditors' engagement records. B. Access to records, personnel, and physical properties relevant to the performance of engagements. C. Identification of the organizational units in which engagements are to be performed. D. Samples of the types of disclosures that should be made to the audit committee. 123

Section A – Foundations of Internal Auditing ANSWER TO QUESTION NO. 51 CORRECT ANSWER IS B . Its Explanation is

This would be included in the internal audit activity's charter.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: This would not be included in the internal audit activity's charter. Explanation for Choice C: This would not be included in the internal audit activity's charter. Explanation for Choice D: This would not be included in the internal audit activity's charter.

124

Section A – Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 53 According to the IIA Code of Ethics, which of the following are four principles relevant to the professional care that internal auditors should apply in their practice of internal auditing? A. Judgment, interest, authority, and experience. B. Trust, communication, value, and performance. C. Integrity, objectivity, confidentiality, and competency. D. Reliance, evaluation, information, and service.

127

Section A – Foundations of Internal Auditing ANSWER TO QUESTION NO. 53 CORRECT ANSWER IS C . Its Explanation is

These are the four principles that are included in the IIA's Code of Ethics.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: These are not the four principles that are included in the IIA's Code of Ethics. Explanation for Choice B: These are not the four principles that are included in the IIA's Code of Ethics. Explanation for Choice D: These are not the four principles that are included in the IIA's Code of Ethics.

128

Section A – Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 55 According to the IIA Code of Ethics, the principle of integrity requires internal auditors to do which of the following? A. Be prudent in the use and protection of the information acquired in the course of their duties. B. Respect and contribute to the legitimate and ethical objectives of the organization. C. Continually improve their proficiency, effectiveness, and quality of services. D. Not accept anything that may impair or be presumed to impair their professional judgment. 131

Section A – Foundations of Internal Auditing ANSWER TO QUESTION NO. 55 CORRECT ANSWER IS B . Its Explanation is

This is a requirement of the principle of Integrity.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

This is a requirement of the principle of Confidentiality. Explanation for Choice C: This is a requirement of the principle of Competency. Explanation for Choice D: This is a requirement of the principle of Objectivity 132

Section A – Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 57 An internal auditor who encounters an ethical dilemma not explicitly addressed by The IIA’s Code of Ethics should always: A. Seek the counsel of the audit committee before deciding on an action. B. Act consistently with the employing organization’s code of ethics, even if such action would not be consistent with The IIA’s Code of Ethics. C. Take action consistent with the principles embodied in The IIA’s Code of Ethics. D. Seek counsel from an independent attorney to determine the personal consequences of potential actions. 135

Section A – Foundations of Internal Auditing ANSWER TO QUESTION NO. 57 CORRECT ANSWER IS C . Its Explanation is This is consistent with the concepts embodied in The IIA’s Code of Ethics.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

It would not be practical to seek the audit committee’s advice for all potential dilemmas. Further, the advice might not be consistent with the profession’s standards. Explanation for Choice B: If the organization’s standards are not consistent with, or as high as, the profession’s standards, the professional internal auditor should abide by the standards of the profession. Explanation for Choice D: The auditor must act consistently with the spirit embodied in The IIA’s Code of Ethics. It would not be practical to seek the 136 advice of legal counsel for all ethical decisions. Ethics is a moral and professional concept, not just a legal concept.

Section A – Foundations of Internal Auditing MULTIPLE CHOICE QUESTION NO. 59 The function of internal auditing, as related to internal financial reports, would be to: A. Identify inadequate controls that increase the likelihood of unauthorized expenditures. B. Determine if there are any employees expending funds without authorization. C. Review the expenditure items and match each item with the expenses incurred. D. Ensure compliance with reporting procedures.

139

Section A – Foundations of Internal Auditing ANSWER TO QUESTION NO. 59 CORRECT ANSWER IS A . Its Explanation is

Internal auditors are responsible for identifying inadequate controls.

INCORRECT CHOICES EXPLANATION Explanation for Choice B:

This would be a function of the personnel and/or finance departments. Explanation for Choice C: There is no expected match of funds flows with expense items in a single time period. Explanation for Choice D: The Standards do not require internal auditors to ensure compliance with reporting procedures. 140

143

Section B – Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 1 An appropriate internal auditing role in a feasibility study is to

A. Ascertain if the feasibility study addresses cost-benefit relationships. B. Participate in the drafting of recommendations for the computer acquisition and implementation. C. Serve on the task force for the preliminary survey. D. Determine the requirements for preparing a manual of specifications.

144

Section B – Independence and Objectivity ANSWER TO QUESTION NO. 1 CORRECT ANSWER IS A . Its Explanation is Internal auditors must consider standards of control and review procedures before implementation. But objectivity would be considered to be impaired if they would design, install, draft procedures, or operate systems (PA 1120-1). Therefore, ascertaining if the feasibility study addresses cost-benefit relationships would be an appropriate role for the internal auditor.

INCORRECT CHOICES EXPLANATION Explanation for Choice B:

It would be most appropriate for this task to be assigned to a trained technician. Explanation for Choice C: Serving on a task force for a preliminary survey would be an appropriate role for management. Explanation for Choice D: Determining the requirements for preparing a manual of specifications would be a task for 145 management.

Section B – Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 3 In which of the following situations does an internal auditor potentially lack objectivity?

A. An internal auditor recommends standards of control and performance measures for a contract with a service organization for the processing of payroll and employee benefits. B. An internal auditor reviews the procedures for a new electronic data interchange (EDI) connection to a major customer before it is implemented. C. A payroll accounting employee assists an internal auditor in verifying the physical inventory of small motors. D. A former purchasing assistant performs a review of internal controls over purchasing 4 months after being transferred to the internal auditing activity. 148

Section B – Independence and Objectivity ANSWER TO QUESTION NO. 3 CORRECT ANSWER IS D . Its Explanation is Persons transferred to, or temporarily engaged by, the internal audit activity should not be assigned to audit those activities they previously performed or for which they had management responsibility until at least one year has elapsed. Such assignments are presumed to impair objectivity, and additional consideration should be exercised when supervising the engagement work and communicating engagement results (PA 1130.A1-1).

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

Objectivity is not impaired when the internal auditor recommends standards of control and performance standards for systems. Explanation for Choice B: In this situation objectivity is not affected when the internal auditor reviews the procedures before they are implemented. Explanation for Choice C: It is acceptable for the internal auditor to be assisted by staff that does not work in areas where the engagement is being performed. 149

Section B – Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 5 The organizational status of the internal audit activity

A. Is guaranteed when the charter specifically defines its independence. B. Requires the board's annual approval of the engagement work schedule, staffing plan, and financial budget. C. Should be sufficient to permit the accomplishment of its responsibilities. D. Is best when the reporting relationship is direct to the board of directors. 152

Section B – Independence and Objectivity ANSWER TO QUESTION NO. 5 CORRECT ANSWER IS C . Its Explanation is

The IAA should be independent, and internal auditors must be objective in performing their work.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

The charter outlines the reporting structure, but it does not guarantee independence. Explanation for Choice B: Senior management will approve the IIA's work schedule, staffing plan, and financial budget. The board will play a support and oversight role. Explanation for Choice D: The IAA will still need to report to management. Ideally, the CAE should administratively report to the CEO. 153

Section B – Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 7 Which of the following activities would not be presumed to impair the independence of an internal auditor? I. Recommending standards of control for a new computer application. II. Drafting procedures for running a new computer application to ensure that proper controls are installed. III. Performing reviews of procedures for a new computer application before it is installed. A. I only. B. II only. C. I and III. D. III only. 156

Section B – Independence and Objectivity ANSWER TO QUESTION NO. 7 CORRECT ANSWER IS C . Its Explanation is These activities (I and III) are presumed not to impair independence. However, designing, installing, and operating systems are not audit functions and should not be done by internal auditors. In addition, the drafting of procedures for systems is not an audit function. Performing such activities is presumed to impair audit objectivity.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

See the correct answer for the explanation. Explanation for Choice B: See the correct answer for the explanation. Explanation for Choice D: See the correct answer for the explanation.

157

Section B – Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 9 A service organization is currently experiencing a significant downsizing and process reengineering. Its board of directors has redefined the business goals and established initiatives using in-house developed technology to meet these goals. As a result, a more decentralized approach has been adopted to run the business functions by empowering the business branch managers to make decisions and perform functions traditionally done at a higher level. The internal auditing staff is made up of the chief audit executive (CAE), two managers, and five staff auditors, all with financial background. In the past, the primary focus of successful internal audit activities (IAA) has been the service branches and the six regional division headquarters, which support the branches. These division headquarters are the primary targets for possible elimination. The support functions such as human resources, accounting, and purchasing will be brought into the national headquarters, and technology will be enhanced to enable and augment these operations. Up to this point, the IAA has reported to the chief operating officer. Due to the significant changes, there has been some discussion as to changing this reporting relationship. What would be the best reporting relationship? A. Administratively to the chief financial officer and functionally to the president. B. Administratively and functionally to the president. C. Administratively to the president, functionally to the board. D. Administratively and functionally to the chief operating officer.

160

Section B – Independence and Objectivity ANSWER TO QUESTION NO. 9 CORRECT ANSWER IS C . Its Explanation is The CAE should report to a level within the organization that allows the IAA to fulfill its responsibility. Ideally, the CAE should report administratively the chief executive officer and functionally to the audit committee, board of directors, or other equivalent governing authority. This reporting system is best to ensure the independence of the IAA.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: The CAE should communicate directly with the audit committee, board of directors, or other governing authority. Explanation for Choice B: The CAE should communicate directly with the audit committee, board of directors, or other governing authority. Explanation for Choice D: This type of reporting system may impair independence of the IAA. The CAE should communicate directly with the audit committee, board of directors, or other governing authority. 161

Section B – Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 11 Which of the following statements is an appropriate reason for the internal audit activity not to participate in the systems development process? A. Participation will affect independence, and the internal auditors will not be able to perform an objective evaluation after the system is implemented. B. Participation will cause the internal auditors to be labeled as partial owners of the application, and they will then have to share the blame for any problems that remain in the system. C. Participation will delay implementation of the project. D. None of the answers are correct. 164

Section B – Independence and Objectivity ANSWER TO QUESTION NO. 11 CORRECT ANSWER IS D . Its Explanation is Objectivity is not impaired as long as participation is restricted to recommending standards of control, or reviewing procedures. The auditor's objectivity is considered to be impaired if the auditor designs, installs, or drafts procedures for, or operates such systems (PA 1120-1). INCORRECT CHOICES EXPLANATION Explanation for Choice A:

The IAA is able to recommend standards of control or review procedures during systems development. Objectivity would be impaired if the IAA were to design, install or operate the system. Explanation for Choice B: The IAA is able to participate in system's development as long as this participation is not involved in the design, installation or systems operations. Explanation for Choice C: IAA's participation in the project would not delay the implementation.

165

Section B – Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 31 The internal audit activity (IAA) of an organization has been in existence for 10 years, but the board has not yet approved its charter. However, the board is chaired by the chief executive officer (CEO) and includes the controller and one outside board member. The chief audit executive (CAE) reports directly to the controller who approves the IAA's work schedule. Thus, the IAA has never felt the need to push for a formal approval of the charter. The organization is publicly held and has nine major divisions. The previous CAE was recently dismissed following a dispute between the CAE and a major engagement client. A new CAE with significant experience in both public accounting and internal auditing has just been hired. Within the first month, the new CAE encountered substantial resistance from an engagement client regarding the nature of the work and the IAA's access to records. Moreover, the CEO accused the CAE of not operating "in the best interests of the organization." From the perspective of the internal audit activity, which of the following facts, by themselves, could contribute to a lack of independence? I. The CEO accused the new director of not operating "in the best interests of the organization." II. The majority of audit committee members come from within the organization. III. The IAA's charter has not been approved by the board. A. II and III only. B. I only. C. I, II, and III. D. II only.

204

Section B – Independence and Objectivity ANSWER TO QUESTION NO. 31 CORRECT ANSWER IS C . Its Explanation is The statement of the CEO indicates a lack of support of the IAA position. Also, the lack of audit committee members from the outside could contribute to a loss of independence. The charter enhances the independence of the IAA because it specifies the purpose, authority and responsibility of the IAA.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

Any one of the three instances could contribute to a lack of independence. Explanation for Choice B: Any one of the three instances could contribute to a lack of independence. Explanation for Choice D: Any one of the three instances could contribute to a lack of independence. 205

Section B – Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 33 The audit committee may serve several important purposes, some of which directly benefit the internal audit activity. The most significant benefit provided by the audit committee to the internal audit activity is A. Reviewing copies of the procedures manuals for selected organizational operations and meeting with organizational officials to discuss them. B. Protecting the independence of the internal audit activity from undue management influence. C. Reviewing annual engagement work schedules and monitoring engagement results. D. Approving engagement work schedules, scheduling, staffing, and meeting with the internal auditors as needed. 208

Section B – Independence and Objectivity ANSWER TO QUESTION NO. 33 CORRECT ANSWER IS B . Its Explanation is The most important function of the audit committee is to protect the independence of the internal audit activity from undue management influence.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

None of the mentioned activities is as important as protecting the independence of the internal audit activity. Explanation for Choice C: None of the mentioned activities is as important as protecting the independence of the internal audit activity. Explanation for Choice D: None of the mentioned activities is as important as protecting the independence of the internal audit activity. 209

Section B – Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 35 Organizational independence exists if the CAE reports [Blank A] to the CEO or similar level of the organization as long as the internal audit activity [Blank B] without interference A. Blank A: functionally; Blank B: controls the scope and performance of work and reporting of results. B. Blank A: functionally; Blank B: approves the internal audit budget and risk-based internal audit plan. C. Blank A: administratively; Blank B: controls the scope and performance of work and reporting of results. D. Blank A: administratively; Blank B: approved the internal audit budget and risk-based internal audit plan. 212

Section B – Independence and Objectivity ANSWER TO QUESTION NO. 35 CORRECT ANSWER IS C . Its Explanation is IIA Standard 1110 states that the CAE “must confirm to the board, at least annually, the organizational independence of the internal audit activity.” Organizational independence exists if the CAE: Reports functionally to the board, has direct and unrestricted access to the board, reports administratively to the CEO or a similar head of the organization, or reports administratively to some other organizational level so long as the internal audit activity controls the scope of work, performance of the work, and the reporting of results without interference.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

See the correct answer for an explanation. Explanation for Choice B: See the correct answer for an explanation. Explanation for Choice D: See the correct answer for an explanation.

213

Section B – Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 37 The independence of the internal audit department may be impaired in which of the following situations? A. The CAE reports functionally to the board of directors. B. The CAE has an established reporting relationship with the audit committee. C. The internal audit department has responsibility for the organization’s risk and compliance areas. D. The internal audit department has unrestricted access to information, people, and records throughout the organization. 216

Section B – Independence and Objectivity ANSWER TO QUESTION NO. 37 CORRECT ANSWER IS C . Its Explanation is The interpretation of Standard 1112 notes that organizational independence may be impaired or appear to be impaired if the CAE assumes roles/responsibilities outside of internal auditing. Standard 1112 states that if this occurs, safeguards must be in place to limit impairments to independence or objectivity.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

Standard 1110 interpretation states: “Organizational independence is effectively achieved when the CAE reports functionally to the board.” Explanation for Choice B: According to IIA Practice Guide, Independence and Objectivity, direct and unrestricted access to the governing body allows the internal activity to be insulated form possible threats to independence. Explanation for Choice D: This would not impair the independence of the internal audit department.

217

Section B – Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 39 An internal auditor assigned to audit a vendor’s compliance with product quality standards is the brother of the vendor’s controller. The auditor should: A. Notify the CAE of the potential conflict of interest. B. Accept the assignment, but disclose the relationship in the engagement final communication. C. Notify the vendor of the potential conflict of interest. D. Accept the assignment, but avoid contact with the controller during fieldwork.

220

Section B – Independence and Objectivity ANSWER TO QUESTION NO. 39 CORRECT ANSWER IS A . Its Explanation is Practice Advisory 1130-1 states that internal auditors should report to the CAE any situations in which a conflict of interest or bias is present or may reasonably be inferred.

INCORRECT CHOICES EXPLANATION Explanation for Choice B:

Situations of potential conflict of interest or bias should be avoided, not merely disclosed. Explanation for Choice C: Conflicts of interest should be reported to the CAE, not the vendor or engagement client. Explanation for Choice D: Even if the auditor avoided contact with the controller, there would still be the appearance of conflict of interest. 221

Section B – Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 41 In which of the following situations does the internal auditor potentially lack objectivity? A. An internal auditor recommends standards of control and performance measures for contracting with a service organization. B. Four months after being transferred to the internal audit activity, a former purchasing assistant performs a review of internal controls over purchasing. C. A payroll accounting employee assists an internal auditor in verifying the physical inventory of small motors. D. An internal auditor reviews the procedures for a new electronic data interchange connection for a customer before itis implemented. 224

Section B – Independence and Objectivity ANSWER TO QUESTION NO. 41 CORRECT ANSWER IS B . Its Explanation is In order to maintain objectivity, an internal auditor should not be involved in an engagement in an area where they have worked in the past 12 months. In this situation, the internal auditor's objectivity would be impaired in respect to the purchasing department.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: This is not a potential impairment to the objectivity of the internal auditor. Explanation for Choice C: This is not a potential impairment to the objectivity of the internal auditor. Explanation for Choice D: This is not a potential impairment to the objectivity of the internal auditor.

225

Section B – Independence and Objectivity MULTIPLE CHOICE QUESTION NO. 43 According to the International Professional Practices Framework, the independence of the internal audit activity is achieved through: A. Human relations and communications. B. Organizational status and objectivity. C. Staffing and supervision. D. Continuing professional development and due professional care.

228

Section B – Independence and Objectivity ANSWER TO QUESTION NO. 43 CORRECT ANSWER IS B . Its Explanation is According to Practice Advisory 1110-1, organizational status and objectivity permit members of the internal audit activity to render the impartial and unbiased judgments essential to the proper conduct of engagements.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

Human relations and communications relate to the professional proficiency of the internal auditor. Explanation for Choice C: Staffing and supervision relate to the professional proficiency of the internal audit activity. Explanation for Choice D: Continuing professional development and due professional care relate to the professional proficiency of the internal auditor.

229

230

Section C – Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 1 If a review of the working papers of the last audit of cash operations revealed that a recently discovered fraudulent transaction was not included in a properly designed statistical sample of transactions tested, which of the following is a valid conclusion? A. Extraordinary care is required in the performance of a cash operations audit and the auditor should be held responsible for the oversight. B. Since cash operations are a high-risk area, a test of all transactions should have been performed. C. The audit was performed with due professional care since an appropriate statistical sample of material transactions was tested. D. Fraud should not have gone undetected in a recently audited area. 231

Section C – Proficiency and Due Professional Care ANSWER TO QUESTION NO. 1 CORRECT ANSWER IS C . Its Explanation is

Due professional care implies reasonable care and competence, not infallibility.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: Due care implies reasonable care and competence, not infallibility or extraordinary performance. Explanation for Choice B: Due professional care requires the auditor to conduct examinations and verifications to a reasonable extent, but does not require detailed audits of all transactions. Explanation for Choice D: Internal auditors cannot give absolute assurance that noncompliance or irregularities do not exist. 232

Section C – Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 3 What is the most appropriate solution to resolve staff communication problems with engagement clients? A. Avoid unnecessary communication with engagement clients. B. Provide staff with sufficient training to enhance communication skills. C. Meet with engagement clients to resolve communication problems. D. Discuss communication problems with staff auditors.

235

Section C – Proficiency and Due Professional Care ANSWER TO QUESTION NO. 3 CORRECT ANSWER IS B . Its Explanation is Internal auditors must have skills in oral and written communications so that they can clearly and effectively convey such matters as engagement objectives, evaluations, conclusions, and recommendations (PA 1210-1). In this case the CAE should provide staff with sufficient training to enhance communication skills.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

The issue is with quality of communication, rather than quantity of communication. Explanation for Choice C: Poor staff communication skills can be resolved with training, not by meeting with the engagement clients. Explanation for Choice D: Staff communication problems can be resolved with training.

236

Section C – Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 5 A chief audit executive (CAE) has reviewed credentials, checked references, and interviewed a candidate for a staff position. The CAE concludes that the candidate has a thorough understanding of internal auditing techniques, accounting, and finance. However, the candidate has limited knowledge of economics and information technology. Which action is most appropriate? A. Encourage the candidate to obtain additional training in economics and information technology and then reapply. B. Reject the candidate because of the lack of knowledge required by the Standards. C. Offer the candidate a position despite lack of knowledge in certain essential areas.

D. Offer the candidate a position if other staff members possess sufficient knowledge in economics and information technology. 239

Section C – Proficiency and Due Professional Care ANSWER TO QUESTION NO. 5 CORRECT ANSWER IS D . Its Explanation is It is not necessary for each member of the IAA to be qualified in all areas as long as they collectively possess or obtain the knowledge, skills, and other competencies needed to perform its responsibilities.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: Encouraging the candidate to obtain additional training will not fulfill the current staffing needs. Explanation for Choice B: The Standards do not require that the internal auditor possess all knowledge on all subjects. Explanation for Choice C: The needs of the department may not be adequately fulfilled. 240

Section C – Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 7 An internal auditor is assigned to perform an engagement to evaluate the organization's insurance program, including the appropriateness of the approach to minimizing risks. The organization selfinsures against large casualty losses and health benefits provided for all its employees. It is a large national entity with over 15,000 employees located in various parts of the country. It uses an outside claims processor to administer its health care program. The organization's medical costs have been rising by approximately 8% per year for the past five years, and management is concerned with controlling these costs. When the engagement was assigned, management asked the internal auditor to evaluate the appropriateness of using self-insurance to minimize risk to the organization. Given the scope of the engagement requested by management, should the internal auditor engage an actuarial consultant to assist in the engagement if these skills do not exist on staff? A. Yes. An actuary is essential to determine whether the health care costs are reasonable. B. No. It is a normal internal auditor function to assess risk; this engagement is therefore not unique. C. Yes. The actuary has skills, not usually found among internal auditors, to identify and quantify selfinsurance risks. D. No. The internal audit activity is skilled in assessing controls, and the insurance control concepts are not distinctly different from other control concepts. 243

Section C – Proficiency and Due Professional Care ANSWER TO QUESTION NO. 7 CORRECT ANSWER IS C . Its Explanation is It would be appropriate to engage the services of an actuary, since these skills are generally outside the scope of the IAA. External service providers include actuaries, accountants, appraisers, culture or language experts, environmental specialists, fraud investigators, lawyers, engineers, geologists, security specialists, statisticians, informational technology specialists, the organization's external auditors, and other audit organizations. An external service provider may be engaged by the board, senior management, or the chief audit executive (CAE) (PA 1210.A1-1).

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

The function of the actuary would be to assess risk and cost, not determine if health care costs are reasonable. The internal auditor might be able to determine if health care costs are reasonable. Explanation for Choice B: Assessing risk related to self-insurance is generally outside the scope of the IAA. Therefore, an actuary may need to be engaged. Explanation for Choice D: Assessing risk related to self-insurance is generally outside the scope of the IAA. Therefore, an actuary may need to be engaged. 244

Section C – Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 9 An internal auditor has some suspicion of, but no information about, of potential misstatement of financial statements. The internal auditor has failed to exercise due professional care if he or she A. Did not test for possible misstatement because the engagement work program had already been approved by engagement management. B. Identified potential ways in which a misstatement could occur and ranked the items for investigation. C. Expanded the engagement work program, without the engagement client's approval, to address the highest ranked ways in which a misstatement may have occurred. D. Informed the engagement manager of the suspicions and asked for advice on how 247 to proceed.

Section C – Proficiency and Due Professional Care ANSWER TO QUESTION NO. 9 CORRECT ANSWER IS A . Its Explanation is It is expected that engagement work programs can be modified if changes in the work environment have changed. Thus, the internal auditor would not be exercising due professional care if he or she failed to investigate a possible misstatement based on the fact that the work program had already been approved.

INCORRECT CHOICES EXPLANATION Explanation for Choice B: Identifying potential ways in which a misstatement could occur and ranking them is exercising due professional care on part of the internal auditor. Explanation for Choice C: Approval from the engagement client is not needed in this case. Explanation for Choice D: Asking for advice is exercising due professional care. 248

Section C – Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 11 Use of outside service providers with expertise in health care benefits is appropriate when the internal audit activity is A. Training its staff to conduct an audit of health care costs in a major division of the organization. B. All of the answers are correct. C. Evaluating the organization's estimate of its liability for postretirement benefits, which include health care benefits. D. Comparing the cost of the organization's health care program with other programs offered in the industry. 251

Section C – Proficiency and Due Professional Care ANSWER TO QUESTION NO. 11 CORRECT ANSWER IS B . Its Explanation is Calculating health care benefits can be very complex, and the internal auditor may not possess all of the necessary knowledge or skills to adequately complete the engagement. In this case, it would be appropriate to employ an outside consulting service company who has the necessary skills to perform all or some of the engagement.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

Due to the complexity of calculating health care costs an outside consulting service may be required to assist the internal auditor perform all or some of the engagement. Explanation for Choice C: Due to the complexity of calculating health care costs an outside consulting service may be required to assist the internal auditor perform all or some of the engagement. Explanation for Choice D: Due to the complexity of calculating health care costs an outside consulting service may be required to assist the internal auditor perform all or some of the engagement. 252

Section C – Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 125 Which of the following most likely constitutes a violation of The IIA’s Code of Ethics? A. Auditor D discovered an internal financial fraud during the year. The books were adjusted to properly reflect the loss associated with the fraud. Auditor D discussed the fraud with the external auditor when the external auditor reviewed working papers detailing the incident. B. Auditor A has accepted an assignment to perform an engagement at the electronics manufacturing division. Auditor A has recently joined the internal audit activity. But Auditor A was senior auditor for the external audit of that division and has audited many electronics organizations during the past 2 years. C. Auditor B has been assigned to perform an engagement at the warehousing function 6 months from now. Auditor B has no expertise in that area but accepted the assignment anyway. Auditor B has signed up for continuing professional education courses in warehousing that will be completed before the assignment begins.

D. Auditor C is content as an internal auditor and has come to look at it as a regular 9-to-5 job. Auditor C has not engaged in continuing professional education or other activities to improve

477

Section C – Proficiency and Due Professional Care ANSWER TO QUESTION NO. 125 CORRECT ANSWER IS D . Its Explanation is Rule of Conduct 4.3 under the competency principle states, “Internal auditors shall continually improve their proficiency and the effectiveness and quality of their services.”

INCORRECT CHOICES EXPLANATION Explanation for Choice A: The information was disclosed as part of the normal process of cooperation between the internal and external auditor. Because the books were adjusted, the external auditor was expected to inquire as to the nature of the adjustment. Explanation for Choice B: No professional conflict of interest exists per se, especially given that the internal auditor was previously in public accounting. However, the internal auditor should be aware of potential conflicts.

Explanation for Choice C: An internal auditor must possess the necessary knowledge, skills, and competencies at the time an engagement is conducted, not the time it is accepted. 478

Section C – Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 127 Under The IIA’s Code of Ethics, an entity that provides internal auditing services is specifically required to A. Maintain certain predetermined staffing requirements for engagements. B. Comply with the International Standards for the Professional Practice of Internal Auditing. C. Participate in a formal continuing education program. D. Comply with organizational policy.

481

Section C – Proficiency and Due Professional Care ANSWER TO QUESTION NO. 127 CORRECT ANSWER IS B . Its Explanation is The IIA’s Code of Ethics applies not only to individuals but also to entities that provide internal auditing services. Rule of Conduct 4.2 under the competency principle states, “Internal auditors shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing.”

INCORRECT CHOICES EXPLANATION Explanation for Choice A: Staffing requirements must be determined based on the circumstances of each engagement. Explanation for Choice C: The Code requires compliance with the Standards, and the Standards require internal auditors to enhance their knowledge, skills, and other competencies through continuing professional development, but neither the Code nor the Standards require formal continuing education. Explanation for Choice D: The Code requires internal auditors to respect and contribute to the legitimate and ethical objectives of the organization and not engage in acts discreditable to the organization. However, the Code does not specifically 482 mention compliance with organizational policy.

Section C – Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 129 The chief audit executive meets with the members of the internal audit activity at scheduled staff meetings. Which of the following is the most appropriate function of such a staff meeting? A. Revising travel, promotion, and compensation policies. B. Explaining administrative policies and obtaining suggestions from the staff. C. Developing long-range training programs that will meet the staff’s needs. D. Developing the engagement work schedule.

485

Section C – Proficiency and Due Professional Care ANSWER TO QUESTION NO. 129 CORRECT ANSWER IS B . Its Explanation is One reason for staff meetings is to explain routine administrative matters, to teach new techniques, and even to let off steam. For example, staff members should be able to raise questions about ineffective procedures, promotions, salaries, or other problems.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

Management of the internal audit activity should revise travel, promotion, and compensation policies. Explanation for Choice C: Developing long-range training programs that will meet the staff’s needs should be done by management of the internal audit activity. Explanation for Choice D: Management of the internal audit activity should develop engagement work schedules.

486

Section C – Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 131 Which one of the following is not included in the internal audit charter?

A. Risk assessment of the internal audit activity. B. Authority of the internal audit activity. C. Responsibility of the internal audit activity. D. Purpose of the internal audit activity.

489

Section C – Proficiency and Due Professional Care ANSWER TO QUESTION NO. 131 CORRECT ANSWER IS A . Its Explanation is

A risk assessment is not appropriate for inclusion in the internal audit charter. INCORRECT CHOICES EXPLANATION Explanation for Choice B: The appropriate contents of the internal audit charter are the purpose, authority, and responsibility of the internal audit activity. Explanation for Choice C: The appropriate contents of the internal audit charter are the purpose, authority, and responsibility of the internal audit activity. Explanation for Choice D: The appropriate contents of the internal audit charter are the purpose, authority, and responsibility of the internal audit activity. 490

Section C – Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 133 The internal audit charter includes all of the following except

A. The nature of the chief audit executive’s relationship with the board. B. The internal auditor’s responsibility to provide assurance and consulting services. C. The organization’s core values, mission, and vision statements. D. A formal definition of the purpose, authority, and responsibility of the internal audit activity.

493

Section C – Proficiency and Due Professional Care ANSWER TO QUESTION NO. 133 CORRECT ANSWER IS C . Its Explanation is The core values, mission, and vision statements of the organization are not included in the internal audit charter. The interpretation of Standard 1000, defines the internal audit charter as “a formal document that defines the internal audit activity’s purpose, authority, and responsibility. The internal audit charter establishes the internal audit activity’s position within the organization, including the nature of the chief audit executive’s functional reporting relationship with the board; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities. Final approval of the internal audit charter resides with the board.”

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

The nature of the chief audit executive’s functional reporting relationship with the board is defined in the internal audit charter. This includes the CAE’s functional and administrative reporting lines and the level of authority required for the internal audit activity to perform engagements and fulfill its agreed-upon objectives and responsibilities. Explanation for Choice B: The internal audit charter for the internal audit activity defines the internal audit activity’s purpose, authority, and responsibility. The internal audit activity’s responsibility to provide the organization with assurance and consulting services is defined in the internal audit charter. Explanation for Choice D: The internal audit charter includes a formal definition of the purpose, authority, and responsibility of the internal audit activity. 494 The internal audit charter should be discussed among the CAE, senior management, and the board to mutually agree upon (1) the internal

Section C – Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 135 Which of the following is not appropriate for inclusion in the internal audit charter? A. The nature of the chief audit executive’s functional reporting relationship with the board. B. Authorization of internal audit access to records, personnel, and physical properties. C. Authorization of the board to approve the charter. D. Definition of the scope of internal audit activities. 497

Section C – Proficiency and Due Professional Care ANSWER TO QUESTION NO. 135 CORRECT ANSWER IS C . Its Explanation is

Final approval of the internal audit charter resides with the board. The board has this power inherently. INCORRECT CHOICES EXPLANATION Explanation for Choice A: The nature of the chief audit executive’s functional reporting relationship with the board is one of the elements to be included in the internal audit charter. Explanation for Choice B:

Authorization of internal audit access to records, personnel, and physical properties is one of the elements to be included in the internal audit charter. Explanation for Choice D: Definition of the scope of internal audit activities is one of the elements to be included in the internal audit 498 charter.

Section C – Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 137 Which one of the following must be included in the internal audit charter?

A. Number of full-time internal audit employees deemed to be the necessary minimum. B. Internal audit responsibility. C. Internal audit objectivity. D. Chief audit executive’s compensation plan.

501

Section C – Proficiency and Due Professional Care ANSWER TO QUESTION NO. 137 CORRECT ANSWER IS B . Its Explanation is The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

The staffing of the internal audit activity is determined by the CAE and the board; it is not an appropriate matter to include in the internal audit charter. Explanation for Choice C: Objectivity is an attribute of individual auditors and is not included in the internal audit charter. Explanation for Choice D: The CAE’s compensation plan is not an appropriate matter to include in the internal audit charter.

502

Section C – Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 139 Internal auditing has planned an engagement to evaluate the effectiveness of the quality assurance function as it affects the receipt of goods, the transfer of the goods into production, and the scrap costs related to defective items. The engagement client argues that such an engagement is not within the scope of the internal audit activity and should come under the purview of the quality assurance department only. What is the most appropriate response? A. Because quality assurance is a new function, seek the approval of management as a mediator to set the scope of the engagement. B. Terminate the engagement because it will not be productive without the client’s cooperation. C. Indicate that the engagement will evaluate the function only in accordance with the standards set by, and approved by, the quality assurance function before beginning the engagement.

D. Refer to the internal audit activity’s charter and the approved engagement plan that includes the area designated for evaluation in the current time period. 505

Section C – Proficiency and Due Professional Care ANSWER TO QUESTION NO. 139 CORRECT ANSWER IS D . Its Explanation is

The written charter, approved by the board, defines the scope of internal audit activities. INCORRECT CHOICES EXPLANATION Explanation for Choice A: The engagement client does not determine the scope of this type of assurance engagement. A scope limitation imposed by the client might prevent the internal audit activity from achieving its objectives. Explanation for Choice B: The internal auditors must conduct the engagement and communicate any scope limitations to management and the board. Explanation for Choice C: Other objectives may be established by management and the internal auditors. The engagement is not limited to the specific standards set by the quality assurance department. It considers such standards in the development of the engagement program. 506

Section C – Proficiency and Due Professional Care MULTIPLE CHOICE QUESTION NO. 141 The transportation department of a publicly held company has asked the internal audit activity to review the design specifications for a proposed new warehouse and repair facility. The best reason for the internal audit activity to decline the request is A. The CEO and the head of the transportation department are neighbors and belong to the same social clubs. B. The transportation department’s budget is immaterial to the organization’s total budget. C. Such a review does not fall within the authority granted in the internal audit charter. D. The internal audit activity performed a thorough review of the transportation department the previous year. 509

Section C – Proficiency and Due Professional Care ANSWER TO QUESTION NO. 141 CORRECT ANSWER IS C . Its Explanation is The internal audit activity’s purpose, authority, and responsibility are specifically granted in the form of a written charter approved by the board.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

An attitude of independence is required for internal auditors, not for auditees and management. Explanation for Choice B: Internal audit engagements are scheduled based on a risk assessment, only one of the elements of which is monetary materiality. Explanation for Choice D: Internal audit engagements are scheduled based on a risk assessment, not simply time elapsed since the last engagement. 510

513

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 1 An internal audit activity (IAA) is currently undergoing its first external quality assurance review since its formation three years ago. From interviews, the review team is informed of certain internal auditor activities over the past year. Which of the following activities could affect the quality assurance review team's evaluation of the objectivity of the internal auditors? A. One internal auditor told the review team that, during an engagement to review the payroll function, he was approached by the payroll manager. The manager indicated he was looking for an accountant to prepare his financial statements for his part-time business. The internal auditor agreed to perform this work for a reduced fee during non-work hours. B. An internal auditor's participation was requested on a task force to reduce the organization's inventory losses from theft and shrinkage. This is the first consulting assignment undertaken by the internal audit activity. The internal auditor's role is to advise the task force on appropriate control techniques. C. During an engagement to review the construction of a building addition to the organization's headquarters, the vice president of facilities management gave the internal auditor a commemorative mug with the organization's logo. These mugs were distributed to all employees present at the ground-breaking ceremony. D. After reviewing the installation of a data processing system, the internal auditor made recommendations on standards of control. Three months after completion of the engagement, the engagement client requested the internal auditor's review of certain procedures for adequacy. The internal auditor agreed and performed this review. 514

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 1 CORRECT ANSWER IS A . Its Explanation is It is unethical for an internal auditor to accept a fee or gift from an employee, client, customer, supplier, or business associate. Accepting a fee or gift may create the appearance that the auditor's objectivity has been impaired. The appearance that objectivity has been impaired may apply to current and future engagements conducted by the auditor.

INCORRECT CHOICES EXPLANATION Explanation for Choice B:

As long as the internal auditor does not take on operating responsibility it is acceptable to recommend standards of control or review procedures before implementation. Explanation for Choice C: The receipt of the mug would not be considered an impairment to objectivity. Explanation for Choice D: Recommending standards of control or reviewing procedures before implementation will not impair 515 objectivity.

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 3 A quality assurance program of a company's internal audit activity (IAA) provides reasonable assurance that audit work conforms with applicable standards. Which of the following activities are designed to provide feedback on the effectiveness of the IAA? I. Proper supervision. II. Proper training. III. Internal assessments. IV. External assessments. A. I, II, III, IV. B. II, III, IV. C. I, III, IV. D. I, II, III. 518

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 3 CORRECT ANSWER IS C . Its Explanation is The purpose of a quality assurance program is to evaluate the operations of the IAA. The CAE is responsible to implementing processes designed to provide reasonable assurance to the various stakeholders that that the IAA: Performs in accordance with the IAA charter, which is consistent with the Definition of Internal Auditing, the Code of Ethics, and the Standards. Operates in an effective and efficient manner. Is perceived by those stakeholders as adding value and improving the organization's operations. These processes include appropriate supervision, periodic internal assessments and ongoing monitoring of quality assurance, and periodic external assessments (PA 1300-1.2).

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

Proper training is an important component in maintaining current staff, but it does not provide feedback. Explanation for Choice B: Proper training is an important component of maintaining current staff, but it does not provide feedback. Explanation for Choice D: Proper training is an important component of maintaining current staff, but does not provide feedback. 519

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 5 Periodic external assessments of an internal audit activity's quality assurance and improvement program (QAIP) should be undertaken. On completion of such an assessment, a formal report or other communication should be issued expressing an opinion as to the A. Adequacy of internal control. B. Internal audit activity's compliance with the Standards. C. Effectiveness of the internal audit coverage. D. Conformance with the internal audit activity's charter. 522

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 5 CORRECT ANSWER IS B . Its Explanation is External assessments of the IAA should be performed to appraise and express an opinion on the IAA's compliance with the Standards and, as appropriate, should include recommendations for improvement. The CAE must communicate the results of the assessment to senior management and the board.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

An external or internal assessment assesses the overall effectiveness of the quality program, not the adequacy of the organization's controls. Explanation for Choice C: The scope of an external assessment embraces more than the effectiveness of the internal audit coverage. Explanation for Choice D: An opinion should be expressed on compliance with the Standards.

523

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 7 Ordinarily, those conducting internal quality program assessments should report to A. The chief audit executive. B. The internal auditing staff. C. Senior management. D. The board.

526

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 7 CORRECT ANSWER IS A . Its Explanation is The CAE establishes a structure for reporting results of internal assessments that maintains appropriate creditability and objectivity. Generally, those assigned responsibility for conducting ongoing and periodic reviews, report to the CAE while performing the reviews and communicates results directly to the CAE (PA 1311-1)

INCORRECT CHOICES EXPLANATION Explanation for Choice B:

The CAE should share the results of internal assessment and necessary action plans with appropriate persons outside the activity, such as senior management, the board, and external auditors. Explanation for Choice C: The CAE should share the results of internal assessment and necessary action plans with appropriate persons outside the activity, such as senior management, the board, and external auditors. Explanation for Choice D: The CAE should share the results of internal assessment and necessary action plans with appropriate persons outside the activity, such as senior management, the board, and external auditors. 527

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 9 Of the following statements, which are true concerning the reporting of the internal audit activity's (IAA) quality assurance and improvement program (QAIP). I. The QAIP report should evaluate compliance with the Definition of Internal Auditing, the Code of Ethics and the Standards. II. The QAIP report should address compliance with the internal audit activity's charter. III. The QAIP report should include contribution to the organization's governance, risk management and control processes. IV. The QAIP report should be addressed to all members of the internal audit activity. A. I, III and IV only. B. All of the above are true. C. I and II only. D. I, II and III only. 530

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 9 CORRECT ANSWER IS D . Its Explanation is All three items are correct. The IAA's QAIP report should evaluate: Compliance with the Definition of Internal Auditing, the Code of Ethics and the Standards. Adequacy of the IAA's charter, goals, objectives, policies, and procedures. Contribution to the organization's governance, risk management and control processes. Compliance with applicable laws, regulations, and other governmental or industry standards. Effectiveness of continuous improvement activities and adoption of best practices. The extent to which the IAA adds value and improves the organization's operations.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: Items I and III are true concerning the IAA's quality program. However, item IV is not true. The QAIP report should be addressed to those requesting the assessment, which is normally senior management and the board. Explanation for Choice B: Items I, II and III are true. However, item IV is not true. The QAIP report should be addressed to the people who requested the assessment, which are normally senior management and the board. Explanation for Choice C: Items I and II are true. In addition, the report should include how the internal audit activity contributed to the organization's governance, risk management and control processes.

531

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 11 Why should a chief audit executive recommend that the results of an external quality assessment be shared with the board? A. To increase communications between the IAA and the audit committee. B. To provide accountability and transparency for the IAA's operations. C. To emphasize the importance of the IAA's charter. D. To motivate staff in the internal audit activity (IAA) to accept the need for external assessment. 534

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 11 CORRECT ANSWER IS B . Its Explanation is By sharing the results of an external quality assessment be shared with the board the CAE is showing the accountability of the IAA to the board and being transparent about the results and effectiveness of the IAA as a whole.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

Increasing communication between the IAA and the audit committee is not a reason to share the results of an external quality assessment be shared with the board? Explanation for Choice C: Sharing the results of the external quality assessment will not emphasize the importance of the IAA's charter. Explanation for Choice D: Sharing the results of the external quality assessment will not motivate staff to accept the need for external assessment. 535

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 101 Internal assessments of the internal audit activity consist of all of the following except A. Evaluation of the establishment and achievement of key performance indicators. B. An independent assessment team identifies areas for improvement. C. Evaluation of the quality and supervision of the audit work performed. D. Evaluation of conformance with the mandatory elements of the IPPF.

717

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 101 CORRECT ANSWER IS B . Its Explanation is According to Implementation Guide 1310, “Internal assessments consist of ongoing monitoring and periodic self-assessments . . . , which evaluate the internal audit activity’s conformance with the mandatory elements of the IPPF, the quality and supervision of audit work performed, the adequacy of internal audit policies and procedures, the value the internal audit activity adds to the organization, and the establishment and achievement of key performance indicators.” External assessments provide an opportunity for an independent assessment team to identify areas for improvement for the internal audit activity.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

Internal assessments by the internal audit activity consist of ongoing monitoring and periodic self assessments that evaluate the establishment and achievement of key performance indicators. Explanation for Choice C: Internal assessments by the internal audit activity consist of ongoing monitoring and periodic self assessments that evaluate the internal audit activity’s quality and supervision of the audit work performed. Explanation for Choice D: Internal assessments by the internal audit activity consist of ongoing monitoring and periodic self assessments that 718 evaluate the internal audit activity’s conformance with the mandatory elements of the IPPF.

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 103 Which of the following is an example of the "Act” step in the Deming Cycle?

A. Undertaking improvement initiatives and documenting lessons learned. B. Assessing and reviewing product or process quality. C. Developing activities to define quality and build staff awareness of standards and expectations. D. Formally documenting standards and expected practices.

721

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 103 CORRECT ANSWER IS A . Its Explanation is The Deming Cycle is a continuous improvement model that can be used to establish a quality assurance and improvement program. The Deming Cycle consists of four steps: Plan, Do, Check, and Act. “Act” provides feedback by identifying and implementing improvements to the process. Undertaking improvement initiatives and documenting lessons learned is an example of the “Act” step in the Deming Cycle.

INCORRECT CHOICES EXPLANATION Explanation for Choice B: The “Check” step compares actual results with expected results and analyzes the difference. Various forms of assessment and review to measure product or process quality is an example of the “Check” step in the Deming Cycle. Explanation for Choice C: The “Do” step of the Deming Cycle executes the process and collects data for further analysis in the following steps. Developing activities to define quality and build staff awareness of standards and expectations is an example of the “Do” step. Explanation for Choice D: The “Plan” step establishes standards and expectations for operating a process to meet goals. Formal documentation of standards and expected practices is an example of the “Plan” step in the Deming Cycle. 722

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 105 What are the four key steps of the Deming Cycle?

A. Perform, Design, Act, and Review. B. Examine, Act, Check, and Verify. C. Plan, Do, Check, and Act. D. Perform, Diagnose, Calculate, and Act.

725

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 105 CORRECT ANSWER IS C . Its Explanation is Plan, Do, Check, and Act are the four key steps of the Deming Cycle that operate in an interactive manner. The Deming Cycle can be used to establish an organization’s quality assurance and improvement program (QAIP) in a planned and methodological manner. The steps are (1) Plan, establish standards and expectations for operating a process to meet goals; (2) Do, execute the process and collect data for further analysis in the latter steps; (3) Check, compare actual results with expected results and analyze the difference; and (4) Act, provide feedback by identifying and implementing improvements to the process.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: Perform, Design, Act, and Review are not the four key steps of the Deming Cycle. Explanation for Choice B: Examine, Act, Check, and Verify are not the four key steps of the Deming Cycle. Explanation for Choice D: Perform, Diagnose, Calculate, and Act are not the four key steps of the Deming Cycle. 726

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 107 The internal audit activity’s quality assurance and improvement program is the responsibility of A. External auditors. B. The board. C. The chief audit executive. D. The audit committee.

729

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 107 CORRECT ANSWER IS C . Its Explanation is The chief audit executive must develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

External auditors may perform an external assessment, but the CAE is responsible for it. Explanation for Choice B: The CAE may report results to the board, but the program is the CAE’s responsibility. Explanation for Choice D: The CAE may report results to the audit committee, but the program is the CAE’s responsibility. 730

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 109 According to The IIA’s International Professional Practices Framework, when may a self-assessment be performed in lieu of a full external assessment?

A. When the internal audit activity has conducted an external assessment within the past two years. B. A self-assessment may not be performed in lieu of a full external assessment of the internal audit activity’s conformance with the Standards. C. When ongoing monitoring of the internal audit activity has not identified any weaknesses or areas in need of improvement. D. When the self-assessment has been validated by a qualified, independent, competent, and professional external assessor. 733

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 109 CORRECT ANSWER IS D . Its Explanation is Implementation Guide 1310 states, “External assessments provide an opportunity for an independent assessor or assessment team to conclude as to the internal audit activity’s conformance with the Standards and whether internal auditors apply the Code of Ethics and to identify areas for improvement. The CAE is responsible for ensuring that the internal audit activity conducts an external assessment at least once every five years. A self-assessment may be performed in lieu of a full external assessment, provided it is validated by a qualified, independent, competent, and professional external assessor.”

INCORRECT CHOICES EXPLANATION Explanation for Choice A: Completion of an external assessment within the past two years is not a criterion for performance of a self-assessment. Explanation for Choice B: A self-assessment may be performed in lieu of a full external assessment when certain criteria are met. Explanation for Choice C: Ongoing monitoring is an internal assessment and is achieved primarily through continuous activities such as engagement planning and supervision, standardized work practices, work paper procedures and signoffs, report reviews, as well as identification of any weaknesses or areas in need of improvement and action plans to address them (Implementation Guide 1310). External assessments are still required even if the internal audit activity has not identified any weaknesses or areas in need of improvement.

734

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 111 As a part of a quality program, internal assessment teams most likely will examine which of the following to evaluate the quality of engagement planning and documentation for individual engagements? A. The long-range engagement work schedule. B. Project assignment documentation. C. Measures of project budgets and audit plan completion. D. Weekly status reports.

737

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 111 CORRECT ANSWER IS C . Its Explanation is Internal assessments must include ongoing monitoring of the performance of the internal audit activity and periodic self-assessments or assessments by other persons within the organization with sufficient knowledge of internal auditing practices (Attr. Std. 1311). The processes and tools used in ongoing internal assessments include, among other things, measures of project budgets, timekeeping systems, and audit plan completion. These may help to determine whether the appropriate amount of time was spent on all parts of the engagement (IG 1311).

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

The long-range engagement work schedule does not relate to planning and documentation for individual engagements. Explanation for Choice B: Project assignment documentation contains less relevant information for assessment purposes than work programs. Explanation for Choice D: Status reports do not bear directly on planning. 738

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 113 Quality program assessments may be performed internally or externally. A distinguishing feature of an external assessment is its objective to A. Determine whether internal audit services meet professional standards. B. Set forth the recommendations for improvement. C. Provide independent assurance. D. Identify tasks that can be performed better.

741

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 113 CORRECT ANSWER IS C . Its Explanation is External assessments must be conducted at least once every 5 years by a qualified, independent reviewer or review team from outside the organization. Individuals who perform the external assessment are free of any obligation to, or interest in, the organization whose internal audit activity is assessed.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

An internal assessment will determine whether internal audit services meet professional standards. Explanation for Choice B: An internal assessment will set forth recommendations for improvement. Explanation for Choice D: An internal assessment will identify tasks that can be performed better. 742

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 115 An external assessment of an internal audit activity contains an expressed opinion. The opinion may apply to A. Only to the effectiveness of the internal auditing coverage. B. Only to the internal audit activity’s conformance with the Standards. C. Only to the adequacy of internal control. D. Conformance with the Standards and an assessment for each standard.

745

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 115 CORRECT ANSWER IS D . Its Explanation is External assessments of an internal audit activity contain an expressed opinion or conclusion on overall conformance with the Standards and possibly an assessment for each standard or series of standards. An external assessment also includes, as appropriate, recommendations (corrective action plans) for improvement.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

The scope of an external assessment extends to more than the effectiveness of the internal auditing coverage. Explanation for Choice B: An opinion may be expressed on the Standards and an assessment may be made for each standard or series of standards. Explanation for Choice C: An external assessment addresses the internal audit activity, not the adequacy of the organization’s controls. 746

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 117 The interpretation related to quality assurance given by the Standards is that

A. External assessments can provide senior management and the board with independent assurance about the quality of the internal audit activity. B. Appropriate follow-up to an external assessment is the responsibility of the chief audit executive’s immediate supervisor. C. Supervision is limited to the planning, examination, evaluation, communication, and follow-up process. D. The internal audit activity is primarily measured against The IIA’s Code of Ethics.

749

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 117 CORRECT ANSWER IS A . Its Explanation is

External assessments provide an independent and objective evaluation of the internal audit activity’s compliance with the Standards and Code of Ethics.

INCORRECT CHOICES EXPLANATION Explanation for Choice B:

The communication of final results of an external assessment should include the CAE’s responses. These include corrective action plans. Explanation for Choice C: Supervision begins with planning and continues throughout the engagement. Explanation for Choice D: The external assessment considers the internal audit activity’s conformance with the Standards and the Code of Ethics. 750

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 119 Following an external assessment of the internal audit activity, who is (are) responsible for communicating the results to the board? A. Chief audit executive. B. Audit committee. C. External auditors. D. Internal auditors.

753

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 119 CORRECT ANSWER IS A . Its Explanation is

The chief audit executive must communicate the results of the QAIP to senior management and the board INCORRECT CHOICES EXPLANATION Explanation for Choice B: The chief audit executive (not the audit committee) is responsible for communicating the results of external assessments to the board. Explanation for Choice C: The chief audit executive (not external auditors) is responsible for communicating the results of external assessments to the board. Explanation for Choice D: The chief audit executive (not internal auditors) is responsible for communicating the results of external 754 assessments to the board.

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 121 Internal auditors may include in their audit report that their activities conform with The IIA Standards. They may use this statement only if A. An independent external assessment of the internal audit activity is conducted annually. B. Senior management or the board is accountable for implementing a quality program. C. External assessments of the internal audit activity are made by external auditors. D. It is supported by the results of the quality program. 757

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 121 CORRECT ANSWER IS D . Its Explanation is The chief audit executive may state that the internal audit activity conforms with the International Standards for the Professional Practice of Internal Auditing only if the results of the quality assurance and improvement program support this statement.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: An independent external assessment of the internal audit activity must be conducted at least once every 5 years. Explanation for Choice B: The CAE must develop and maintain a QAIP that covers all aspects of the internal audit activity. Explanation for Choice C: Assessments also may be made by others who are (1) independent, (2) qualified, and (3) from outside the organization.

758

Section D – Quality Assurance and Improvement Program MULTIPLE CHOICE QUESTION NO. 123 Which of the following would demonstrate that the internal audit activity is in compliance with IIA practices?

A. The results of periodic internal assessments are communicated at least twice a year. B. The results of external assessments are communicated upon their completion. C. The chief audit executive determines the form and content of the results communicated. D. The results of ongoing monitoring are communicated upon their completion.

761

Section D – Quality Assurance and Improvement Program ANSWER TO QUESTION NO. 123 CORRECT ANSWER IS B . Its Explanation is “To demonstrate conformance with the Definition of Internal Auditing and the Standards, and application of the Code of Ethics, the results of external and periodic internal assessments are communicated upon completion of such assessments and the results of ongoing monitoring are communicated at least annually. The results include the assessor’s or assessment team’s evaluation with respect to the degree of conformance”.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

The results of periodic internal assessments are communicated upon their completion. Explanation for Choice C: The form, content, and frequency of communicating the results of the quality assurance and improvement program is established through discussions with senior management and the board and considers the responsibilities of the internal audit activity and chief audit executive as contained in the internal audit charter. Explanation for Choice D: The results of ongoing monitoring are communicated at least annually.

762

763

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 1 A payroll computer system automatically initiated scheduled pay raises for some employees who failed to meet required performance levels. To prevent this situation in the future A. Scheduled pay raises should be initiated by the payroll department B. The payroll register should be compared to the employee master file. C. Scheduled pay raises should be delayed pending explicit approval by appropriate supervisors D. The payroll master file should be compared to the employee master file.

764

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 1 CORRECT ANSWER IS C . Its Explanation is After initiation by the personnel department, the functional department should have approval authority.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: The personnel department should initiate scheduled pay raises. Explanation for Choice B: This procedure would not prevent or even detect the problem. Explanation for Choice D: This procedure would not prevent or even detect the problem. 765

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 3 An organization manufactures mirror frames. Scrap is adequately accounted for at the point of generation. The scrap is sorted and sold frequently to the organization's regular buyer at a price negotiated between the scrap manager and buyer. An exposure caused by these procedures is that A. The collection of amounts receivable from the scrap buyer is questionable. B. The production of scrap indicates inefficiencies in production. C. The price received for scrap may be inadequate. D. Excessive scrap has been generated. 768

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 3 CORRECT ANSWER IS C . Its Explanation is There are various problems that arise from this situation. For example, there may be collusion between the scrap manager and buyer to establish an inadequate price, or the scrap manager may not be an expert negotiator, or some other factors that lead to an inadequate price.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

There is nothing that indicates that the scrap buyer is unreliable. Explanation for Choice B: There is nothing that indicates that the production process in inefficient. Explanation for Choice D: There is nothing that indicates that the production process is inefficient.

769

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 5 What is the appropriate source of information for determining if all goods shipped are billed to the customer? A. Accounts receivable files. B. Pre-numbered customer invoices. C. Customer purchase orders. D. Pre-numbered shipping documents.

772

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 5 CORRECT ANSWER IS D . Its Explanation is

This will allow matching all recorded shipments to related billings.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: Accounts receivable are established by billings. Explanation for Choice B: Invoices constitute bills; therefore, this is the wrong direction for a test to accomplish this objective. Explanation for Choice C: Cash receipts from customers may be traceable to shipments, but this is the wrong direction for a test to accomplish this audit objective. 773

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 7 Which of the following is not a component of the enterprise risk management framework as defined by COSO in its 2017 publication, Enterprise Risk Management: Integrating with Strategy and Performance? A. Review and revision. B. The control environment. C. Governance and culture. D. Information, communication, and reporting.

776

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 7 CORRECT ANSWER IS B . Its Explanation is The control environment is not a component of the enterprise risk management framework as it is defined by the 2017 COSO document, Internal Control: Integrating with Strategy and Performance. The control environment is a component of the internal control framework as defined by COSO in the document Internal Control – Integrated Framework.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: Review and revision is a component of the enterprise risk management framework as defined by COSO in its 2017 publication, Internal Control: Integrating with Strategy and Performance. Management needs to continually assess changes that may affect its strategy and achievement of its business objectives, review the organization’s performance and risks, and strive to improve its enterprise risk management. Explanation for Choice C: Governance and culture is a component of the enterprise risk management framework as defined by COSO in its 2017 publication, Enterprise Risk Management: Integrating with Strategy and Performance. Governance sets the organization’s tone and establishes the oversight responsibilities for enterprise risk management. Culture encompasses the ethical values, desired behaviors, and understanding of risk in the organization. Explanation for Choice D: Information, communication, and reporting is a component of the enterprise risk management framework as defined by the 2017 COSO publication. The organization should make use of its information and technology systems, and information from both internal and external sources should continually be obtained and shared. Reporting on risk, culture, and performance should take place at multiple levels and across the organization. The communications should flow up, down, and across the organization as necessary to support enterprise risk management.

777

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 9 An employee should not be able to visit the organization's safety deposit box containing investment securities without being accompanied by another employee. What would be a possible consequence of an employee's being able to visit the safety deposit box unaccompanied? A. It would be impossible to obtain a fidelity bond on the employee. B. The employee could pledge organizational investments as security for a short-term personal bank loan. C. There would be no record of when organizational personnel visited the safety deposit box.

D. The employee could steal securities and the theft would never be discovered. 780

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 9 CORRECT ANSWER IS B . Its Explanation is If an employee were able to visit the organizations safety deposit box containing investment securities then it would be possible for this employee to use the securities as collateral for a short term personal bank loan.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

Obtaining a fidelity bond on the employee would depend on the character of the employee, not having to do with control of the safety deposit box. Explanation for Choice C: The bank would have records of when organizational personnel visited the safety deposit box. Explanation for Choice D: The theft of security investments would eventually be uncovered.

781

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 11 Which of the following activities performed by a payroll clerk is a control weakness rather than a control strength? A. Has custody of the check signature stamp machine. B. Draws the paychecks on a separate payroll checking account. C. Forwards the payroll register to the chief accountant for approval. D. Prepares the payroll register.

784

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 201 Which of the following are characteristics of a company’s Enterprise Risk Management (ERM) framework? I.ERM considers risks individually, not as a portfolio of events. II.ERM is a process for developing a more bottom-up view of the key risks facing the organization. III.ERM attempts to get organizations to coordinate their risk identification, assessment, and management processes. IV.ERM attempts to embed risk awareness within the organization. A.III and IV only B.I and IV only C.I and II only D.II and III only 1165

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 201 CORRECT ANSWER IS A . Its Explanation is ERM is about getting organizations to embed a risk awareness within the organization so that employees better understand risks and their responsibility towards managing risks. ERM also attempts to get organizations to coordinate their risk identification, assessment, and management processes.

INCORRECT CHOICES EXPLANATION Explanation for Choice B: See the correct answer for an explanation. Explanation for Choice C: See the correct answer for an explanation. Explanation for Choice D: See the correct answer for an explanation

1166

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 203 When conducting risk assessment in engagement planning and management has already created an assessment of risk as part of an enterprise risk management (ERM) framework, internal auditors should do which of the following related to this management assessment? A. Adopt it without reservations to avoid duplication of effort. B. Assess its reliability prior to adopting it. C. Avoid using it because adopting it would hinder independence and objectivity. D. Avoid using it because its objectives differ significantly from that of an audit risk assessment. 1169

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 203 CORRECT ANSWER IS B . Its Explanation is Practice Advisory 2210.A1-1, Risk Assessment in Engagement Planning, states that, “Internal auditors consider management’s assessment of risks relevant to the activity under review. The internal auditor also considers the reliability of management’s assessment of risk…” INCORRECT CHOICES EXPLANATION Explanation for Choice A:

See the correct answer for an explanation. Explanation for Choice C: See the correct answer for an explanation. Explanation for Choice D: See the correct answer for an explanation. 1170

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 205 An internal auditor is conducting an evaluation of significant risks that could keep the organization from achieving its objectives. Which of the following are potential techniques used by the internal auditor to identify significant risks? I. The internal auditor compiles a listing of the most common risks facing the company. II. The internal auditor consults with an outside expert to get an opinion on the marketability of a new product. III. The internal auditor conducts interviews and surveys management on potential risks. IV. The internal auditor puts on a workshop for key managers on identifying risks. A.I and II only B.I, II and III only C.I, II, III and IV D.II, III and IV only 1173

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 205 CORRECT ANSWER IS C . Its Explanation is

All of the items listed are potential ways that the internal auditor could identify significant risks.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: See the correct answer for an explanation. Explanation for Choice B: See the correct answer for an explanation. Explanation for Choice D: See the correct answer for an explanation.

1174

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 207 Which of the following best describes the internal audit activity's role in supporting the board in enterprise-wide risk assessment? A. Oversee risk management processes to determine whether they are adequate and effective. B. Examine, evaluate, report on, and recommend improvements on the adequacy and effectiveness of risk processes. C. Implement risk management methodologies and controls to address risks identified. D. Ensure that sound risk management processes are in place and functioning. 1177

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 207 CORRECT ANSWER IS B . Its Explanation is

These are activities that the IAA should perform to support the board in ERM.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

It is not the role of the IAA to oversee the risk management process. That is a responsibility of management. Explanation for Choice C: It is not the role of the IAA to implement the risk management methodologies. Explanation for Choice D: This is part of the what the IAA may do in supporting the board in ERM, but this is not the best description of what the IAA should do. 1178

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 209 An internal auditor conducted an audit of the credit-lending process. During the audit, the internal auditor found that there was a lack of segregation of duties within the credit-lending process. The internal auditor discovered that sales personnel have, on occasion, extended credit to customers without proper authorization. Evaluating and assessing the credit-lending process would include all of the following except: A. Determining whether the cost of segregating the functions is more than the benefits. B. Understanding the impact that the control deficiency has on bad debts. C. Understanding the level of residual risk, even if functions are segregated. D. Requiring proper authorization for all credit sales. 1181

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 209 CORRECT ANSWER IS D . Its Explanation is Requiring proper authorization for all credit sales is a recommendation. Before recommending, the internal auditor should assess the impact of the risk on bad debts, determine the cost of segregating the functions, and assess the residual risk, even if functions are segregated. Only then would the internal auditor decide how to respond to the risk.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: See the correct answer for an explanation. Explanation for Choice B: See the correct answer for an explanation. Explanation for Choice C: See the correct answer for an explanation.

1182

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 211 As part of a manufacturing company’s environmental, health, and safety (EHS) self-inspection program, inspections are conducted by a member of the EHS staff and the operational manager for a given work area or building. If a deficiency cannot be immediately corrected, the EHS staff member enters it into a tracking database that is accessible to all departments via a local area network. The EHS manager uses the database to provide senior management with quarterly activity reports regarding corrective action. During review of the self-inspection program, an auditor notes that the operational manager enters the closure information and affirms that corrective action is complete. What change in the control system would compensate for this potential conflict of interest? A. After closure is entered into the system, review by the EHS staff member of the original inspection team should be required to verify closure. B. No additional control is needed because the quarterly report is reviewed by senior management, providing adequate oversight in this situation. C. The EHS department secretary should be responsible for entering all information into the tracking system based on memos from the operational manager. D. No additional control is needed because those implementing a corrective action are in the best position to evaluate the adequacy and completion of that action. 1185

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 211 CORRECT ANSWER IS A . Its Explanation is If there is a step in the process at which someone independent of the area being inspected can evaluate the adequacy and completeness of corrective action, the potential for closure fraud is minimized.

INCORRECT CHOICES EXPLANATION Explanation for Choice B: Although senior management can use the report to question why certain corrective actions may be behind schedule, they have no way of knowing whether the corrective actions shown as complete were actually completed. Explanation for Choice C: There is nothing inappropriate about the environmental, health, and safety staff entering the initial inspection results. Having the secretary enter closure data does not improve controls because there is still no independent review. It is also less efficient and timely than having the data entered directly in the field. Explanation for Choice D: While the operational managers may in fact be the most knowledgeable about the corrective action, independent verification is preferable.

1186

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 213 According to the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) enterprise risk management (ERM)model, the governance and culture of the company is the basis for all other components of ERM. All of the following are elements of an organization’s governance and culture except: A. Having predominantly independent directors on the board. B. Setting organizational objectives. C. Establishing risk appetite. D. Assigning authority and responsibility. 1189

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 213 CORRECT ANSWER IS B . Its Explanation is Objective setting is one of the components of the five interrelated components of the COSO ERM Model. The other components include:1) Governance and culture, 2) Performance, 3) Review and Revision, and 4) Information, Communication, and Reporting. INCORRECT CHOICES EXPLANATION Explanation for Choice A: This is part of the governance and culture of the company. Explanation for Choice C: This is part of the governance and culture of the company. Explanation for Choice D: This is part of the governance and culture of the company.

1190

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 215 The marketing department for a major retailer assigns separate product managers for each product line. Product managers are responsible for ordering products and determining retail pricing. Each product manager’s purchasing budget is set by the marketing manager. Products are delivered to a central distribution center where goods are segregated for distribution to the company’s 52department stores. Because receipts are recorded at the distribution center, the company does not maintain a receiving function at each store. Product managers are evaluated on a combination of sales and gross profit generated from their product lines. Many products are seasonal and individual store managers can require that seasonal products be removed to make space for the next season’s products. Requests for purchases beyond those initially budgeted must be approved by the marketing manager. This procedure: I. Should provide for the most efficient allocation of scarce organizational resources. II. Is a detective control procedure. III. Is unnecessary because each product manager is evaluated on profit generated. A. II and III only. B. I, II, and III. C. I only. D. III only. 1193

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 215 CORRECT ANSWER IS C . Its Explanation is I. Correct. The organization has two scarce resources to allocate (a) its purchasing budget (constrained by financing ability) and (b)space available in retail stores. Thus, there is a need for a mechanism to allocate these two scarce resources to maximize the overall return to the organization. This is the proper mechanism. II. Incorrect. This is a preventive control, not a detective control. III. Incorrect. The gross profit evaluation is effective in evaluating the manager but does not address the two major constraints identified in statement I.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

See the correct answer for an explanation. Explanation for Choice B: See the correct answer for an explanation. Explanation for Choice D: See the correct answer for an explanation. 1194

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 217 All of the following would be part of a factory’s control system to prevent release of wastewater that does not meet discharge standards except: A. Specifying (by policy, training, and advisory signs) which substances may be disposed of via sinks and floor drains within the factory. B. Periodically flushing sinks and floor drains with a large volume of clean water to ensure pollutants are sufficiently diluted. C. Performing chemical analysis of the water before discharge for components specified in the permit. D. Establishing a preventive maintenance program for the factory’s pretreatment system. 1197

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 217 CORRECT ANSWER IS B . Its Explanation is Periodic dilution may not always prevent the release of pollutants that exceed the discharge limits. INCORRECT CHOICES EXPLANATION Explanation for Choice A: Each of these individual controls, and probably others as well, help management achieve its objective of preventing the release of wastewater that does not meet permit limits or other conditions. These three controls each approach the risk in different ways. Analytical results are the criteria for the decision to discharge; keeping pollutants out of the wastewater will help reduce concentrations and the degree of pretreatment needed; and equipment breakdown is less likely to occur if a preventive maintenance program is in place. Explanation for Choice C: Each of these individual controls, and probably others as well, help management achieve its objective of preventing the release of wastewater that does not meet permit limits or other conditions. These three controls each approach the risk indifferent ways. Analytical results are the criteria for the decision to discharge; keeping pollutants out of the wastewater will help reduce concentrations and the degree of pretreatment needed; and equipment breakdown is less likely to occur if a preventive maintenance program is in place. Explanation for Choice D: Each of these individual controls, and probably others as well, help management achieve its objective of preventing the release of wastewater that does not meet permit limits or other conditions. These three controls each approach the risk indifferent ways. Analytical results are the criteria for the decision to discharge; keeping pollutants out of the wastewater will help reduce concentrations and the degree of pretreatment needed; and equipment breakdown is less 1198 likely to occur if a preventive maintenance program is in place.

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 219 An internal auditor found that employee time cards in one department are not properly approved by the supervisor. Which of the following could result? A. The wrong hourly rate could be used to calculate gross pay. B. Duplicate paychecks might be issued. C. Payroll checks might not be distributed to the appropriate payees. D. Employees might be paid for hours they did not work.

1201

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 219 CORRECT ANSWER IS D . Its Explanation is

The approval of the supervisor on time cards of employees supervised should prevent employees being paid for hours they did not work.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: The wrong hourly rate would not be used to calculate gross pay as a result of the supervisor failing to approve employee time cards. Explanation for Choice B: Duplicate paychecks would not be issued as a result of the supervisor failing to approve employee time cards. Explanation for Choice C: Payroll checks would not be distributed to the wrong employees as a result of the supervisor failing to approve employee timecards. 1202

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 221 The marketing department for a major retailer assigns separate product managers for each product line. Product managers are responsible for ordering products and determining retail pricing. Each product manager’s purchasing budget is set by the marketing manager. Products are delivered to a central distribution center where goods are segregated for distribution to the company’s 52department stores. Because receipts are recorded at the distribution center, the company does not maintain a receiving function at each store. Product managers are evaluated on a combination of sales and gross profit generated from their product lines. Many products are seasonal and individual store managers can require that seasonal products be removed to make space for the next season’s products. Which of the following is a control deficiency in this situation? A. The product manager negotiates the purchase price and sets the selling price. B. Evaluating product managers by total gross profit generated by product line will lead to dysfunctional behavior. C. The store manager can require items to be removed, thus affecting the potential performance evaluation of individual product managers. D. There is no receiving function located at individual stores. 1205

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 221 CORRECT ANSWER IS D . Its Explanation is There is the possibility that goods could be diverted from the distribution center and not delivered to the appropriate retail store.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: The product manager is evaluated based on sales and gross profit; thus, there is no conflict with performing both of these duties. Explanation for Choice B: Evaluating the product managers on gross profit and budgeted sales attaches responsibility to the manager. Explanation for Choice C: Goods are seasonal and store space is limited. This is a constraint that is consistent with maximizing revenue and profitability for the organization. 1206

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 223 The Three Lines Model provides an effective way to enhance communications on risk management and control by clarifying essential roles and duties. According to this model, which of the following would be considered to be in a first line role? A. Risk management function. B. Internal audit activity. C. Senior management. D. Operating management. 1209

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 223 CORRECT ANSWER IS D . Its Explanation is

According to the Three Lines Model, operational management is in the first line roles. The first line roles are related to the provision of products and services and managing risk. INCORRECT CHOICES EXPLANATION Explanation for Choice A: The risk management and compliance functions operate in the second line roles. The responsibility of this line is to provide expertise, support, monitoring and challenge on risk-related matters. Explanation for Choice B: The internal audit activity is in the third line roles of providing comprehensive assurance to the governing body and senior management based on the highest level of independence and objectivity within the organization. Explanation for Choice C: Senior management would usually be part of the governing body. 1210

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 225 Which of the following goals sets risk management strategies at the optimum level? A. Minimize losses. B. Minimize costs. C. Maximize shareholder value. D. Maximize market share.

1213

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 225 CORRECT ANSWER IS C . Its Explanation is

This is a comprehensive approach and will relate to risk management strategies across the enterprise. INCORRECT CHOICES EXPLANATION Explanation for Choice A: This is not a comprehensive approach to risk management. Explanation for Choice B: This is not a comprehensive approach to risk management. Explanation for Choice D: This is not a comprehensive approach to risk management. 1214

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 227 Which of the following are examples of financial risks? I. The risk that a company’s database will be hacked. II. The risk of default due to increases in the level of a company’s debt. III. The risk that the value of a company’s investment will decrease due to moves in market factors. IV. The risk that the reputation of the company will be damaged by selling products considered unsafe to the public. A.I and IV only B.II only C.II, III and IV only D.II and III only 1217

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 227 CORRECT ANSWER IS D . Its Explanation is Financial risks are connected to the financial health of the company. Examples include volatility of foreign currencies, volatility of interest rates, volatility of commodity prices, credit risk, liquidity risk, and market risk. Item (II) is a financial risk because the more debt a company takes on, the greater the risk of default. Item (III) is a financial risk because the value of the company’s investment decreased due to movements in the market.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: See the correct answer for an explanation. Explanation for Choice B: See the correct answer for an explanation. Explanation for Choice C: See the correct answer for an explanation.

1218

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 229 It is not uncommon for organizations to develop a formal risk appetite statement. Which of the following would not be included in the statement? A. Management compensation packages are regularly reviewed by the board’s remuneration committee before being approved by the board. B. The company will use derivative instruments only for hedging purposes. C. The company will not give additional trade credit to creditors whose accounts are more than 40 days past due. D. The company may not keep more than 20% of its cash in a single bank. 1221

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 229 CORRECT ANSWER IS A . Its Explanation is

Formalizing risk appetite means putting it in writing so that there is little confusion about the board and management’s attitude toward risk. Determining the level of management remuneration is a function of the company’s remuneration committee. INCORRECT CHOICES EXPLANATION Explanation for Choice B: See the correct answer for an explanation. Explanation for Choice C: See the correct answer for an explanation. Explanation for Choice D: See the correct answer for an explanation.

1222

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 231 Many organizations use electronic funds transfer to pay their suppliers instead of issuing checks. Regarding the risks associated with issuing checks, which of the following risk management techniques does this represent? A. Transferring. B. Controlling. C. Accepting. D. Avoiding.

1225

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 231 CORRECT ANSWER IS D . Its Explanation is

By eliminating checks, the organization avoids all risk associated with them.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: Risk is not transferred to anyone else; it is eliminated. Explanation for Choice B: Eliminating checks does not represent an ongoing control. Explanation for Choice C: Eliminating checks avoids instead of accepts the associated risk. 1226

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 233 Which of the following enterprise risk management (ERM) components influences the risk consciousness of an organization's people and is the basis for all other ERM components? A. Governance and culture. B. Information and communication. C. Performance. D. Objective setting.

1229

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 233 CORRECT ANSWER IS A . Its Explanation is

The governance and culture of the organization is what sets the organization's tone in respect to risk management. INCORRECT CHOICES EXPLANATION Explanation for Choice B:

Information and communication is not the component of ERM that influences the risk consciousness of the organization. Explanation for Choice C: Performance is not the component of ERM that influences the risk consciousness of the organization. Explanation for Choice D: Objective setting is not the component of ERM that influences the risk consciousness of the organization.

1230

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 235 Which of the following would be a preventive control?

A. Comparing a bank deposit slip with the total cash received as noted on a prelisting sheet prepared in the mail room. B. Approving customer credit prior to shipping merchandise. C. Reviewing the sequence of pre-numbered documents. D. Scanning the general ledger for accounts with unusually high or low balances.

1233

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 235 CORRECT ANSWER IS B . Its Explanation is

Approving a customer before shipping merchandise is a preventive control as it should prevent shipping merchandise to customers who will not be able to pay.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: Comparing a bank deposit slip with the total cash received as noted on a prelisting sheet prepared in the mail room is not a preventive control. Explanation for Choice C: Reviewing the sequence of pre-numbered is not a preventive control. Explanation for Choice D: Scanning the general ledger for accounts with unusually high or low balances is detective control, not a preventive control. 1234

Section E – Governance, Risk Management and Controls MULTIPLE CHOICE QUESTION NO. 237 Several years ago a senior member in the accounting area developed a software application that automates a simple, yet time-saving task. Over time, the application has been adopted by other users in accounting, and these other users have encouraged the original author to maintain the application, adapting it as needed when new systems are introduced. Which of the following controls for this situation would be most effective and efficient? A. Recommend policy changes that freeze further adoption and work on the software. B. Recommend that the application be replaced by a commercially developed product. C. Analyze the application to ensure that it is, in fact, the most efficient solution to the work problem. D. Ensure complete, accurate, and updated documentation of the application. 1237

Section E – Governance, Risk Management and Controls ANSWER TO QUESTION NO. 237 CORRECT ANSWER IS D . Its Explanation is The application appears to do the task well, so limiting its use, verifying its effectiveness, and replacing it are probably not the most effective and efficient controls. Ensuring that the application’s design and subsequent modifications are documented would be most effective. This helps protect the function against the eventual loss of its author’s expertise if the employee retires or leaves the organization, as well as control the impact of modifications to the program. If the application does not include application authentication controls, this would also be a good recommendation.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

See the correct answer for an explanation. Explanation for Choice B: See the correct answer for an explanation. Explanation for Choice C: See the correct answer for an explanation. 1238

1241

Section F – Fraud Risks MULTIPLE CHOICE QUESTION NO. 1 Which of the following would indicate that fraud may be present in a marketing department? A. To encourage creativity, management has adopted a control environment that can best be described as "very loose." B. A manager appears to be living a lifestyle that is in excess of what could be provided by a marketing manager's salary. C. All of the above. D. There is no documentation for some fairly large payments made to a new vendor. 1242

Section F – Fraud Risks ANSWER TO QUESTION NO. 1 CORRECT ANSWER IS C . Its Explanation is Unsupported transactions, lavish lifestyles, and loose control environments are all considered fraud symptoms that should heighten the auditor’s awareness of potential fraud.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: This is considered a potential fraud symptom, but so are the other items. Explanation for Choice B: This is considered a potential fraud symptom, but so are the other items. Explanation for Choice D: This is considered a potential fraud symptom, but so are the other items.

1243

Section F – Fraud Risks MULTIPLE CHOICE QUESTION NO. 3 An accounting clerk developed a scheme to enter fraudulent invoices into the computer system for nonexistent vendors. All the payments were sent to the same address. The internal auditor suspects a possible fraud. The internal auditor should test all of the vendor information rather than a sample of the vendor transactions because A. The Standards prohibit the use of sampling if fraud is expected. B. The only effective approach requires performing procedures "through the computer." C. The engagement procedures used to compare vendor information require the reading of all records. D. Although non-sampling error is reduced, sampling error is larger when computers 1246 are used to draw the sample.

Section F – Fraud Risks ANSWER TO QUESTION NO. 3 CORRECT ANSWER IS C . Its Explanation is

If fraud is suspected, then all transactions have to be examined.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: The Standards do not prohibit the use of sampling. Explanation for Choice B: Manually checking the vendor information is effective, but inefficient. Explanation for Choice D: Sampling error is not larger when computers are used to draw the sample. In fact, the use of computers could make possible to check all transactions. 1247

Section F – Fraud Risks MULTIPLE CHOICE QUESTION NO. 5 Which of the following is true about interviewing an individual during the investigation of suspected fraud? A. The internal auditor's role involves collecting facts. B. The internal auditor's role involves attempting to obtain confessions of guilt. C. Internal auditors should be empowered to confine fraud suspects to the office but only for the purpose of interviewing them. D. Internal auditors are authorized to waive punishment of the employee if the employee restores the item(s) stolen. 1250

Section F – Fraud Risks ANSWER TO QUESTION NO. 5 CORRECT ANSWER IS A . Its Explanation is

This is true. The internal auditor mainly gathers facts during a fraud investigation. INCORRECT CHOICES EXPLANATION Explanation for Choice B: This is the role of an investigator. Explanation for Choice C: This is considered false imprisonment. Explanation for Choice D: This is considered compounding a felony. The right to punish or forgive a criminal act is reserved to the state. 1251

Section F – Fraud Risks MULTIPLE CHOICE QUESTION NO. 7 Which of the following gives the internal auditor the authority to investigate fraud? A. The Standards. B. Common law. C. The Institute of Internal Auditors Code of Ethics. D. Management.

1254

Section F – Fraud Risks ANSWER TO QUESTION NO. 7 CORRECT ANSWER IS D . Its Explanation is The internal auditor may recommend whatever investigation is considered necessary in the circumstances. Thereafter, the auditor should follow up to see that the IAA's responsibilities have been met. Generally, a fraud specialist carries out fraud investigations. Management must authorize any internal auditor involvement in an investigation.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

Internal auditors only have the authority to recommend a fraud investigation. Explanation for Choice B: Internal auditors only have the authority to recommend a fraud investigation. Explanation for Choice C: The IIA Code of Ethics does not specifically mention fraud investigation.

1255

Section F – Fraud Risks MULTIPLE CHOICE QUESTION NO. 9 During an engagement involving a purchasing department, an internal auditor discovered that many purchases were made (at normal prices) from an office supplier whose owner was the brother of the director of purchasing. Controls were in place to restrict such purchases and no fraud appears to have been committed. In this case, the internal auditor should recommend A. The development of an approved-vendor file initiated by the buyer and approved by the director of purchasing. B. The initiation of a conflict-of-interest policy. C. Establishment of a price policy (range) for all goods. D. The inspection of all receipts by receiving inspectors. 1258

Section F – Fraud Risks ANSWER TO QUESTION NO. 9 CORRECT ANSWER IS B . Its Explanation is The internal auditor should recommend the initiation of a conflict-of-interest policy. A conflict-of interest policy is a guideline that restricts business dealings with relatives unless fully disclosed and approved by senior management.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

The development of an approved-vendor file initiated by the buyer and approved by the director of purchasing would not necessarily prevent a conflict-of-interest. Explanation for Choice C: The establishment of a price policy would not prevent a conflict-of-interest. Explanation for Choice D: The inspection of all receipts by receiving inspectors is an appropriate receiving control, but it would not 1259 prevent a conflict-of-interest.

Section F – Fraud Risks MULTIPLE CHOICE QUESTION NO. 11 The following are facts about a subsidiary: 1. The subsidiary has been in business for several years and enjoyed good profit margins although the general economy was in a recession, which affected competitors. 2. The working capital ratio has declined from a healthy 3 to 0.9. 3. Turnover for the last several years has included three controllers, two supervisors of accounts receivable, four payables supervisors, and numerous staff in other financial positions. 4. Purchasing policy requires three bids. However, the supervisor of purchasing at the subsidiary has instituted a policy of sole-source procurement to reduce the number of suppliers. When conducting a financial audit of the subsidiary, the internal auditor should A. Most likely not detect 1, 2, or 3. B. Ignore 2 since the economy had a downturn during this period. C. Consider 3 to be normal turnover, but be concerned about 2 and 4 as warning signals of fraud. D. Consider 1, 2, 3, and 4 as warning signals of fraud. 1262

Section F – Fraud Risks ANSWER TO QUESTION NO. 11 CORRECT ANSWER IS D . Its Explanation is Items 1, 2, 3 and 4 are all warning signs of potential fraud. If the company is experiencing good profit margins during a recession, it's possible that management is distorting the financial statements in order to improve results. The large drop in working capital may indicate that funds were diverted for personal use. The high employee turnover indicates that employees are not happy in their positions, and maybe, they do not want to disclose existing problems. The sole procurement practice does not stimulate competition and does indicate favoritism. Favoritism often results from kickbacks, etc.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: Items 1, 2 and 3 would all be detected during a financial audit. Explanation for Choice B: Even though the economy experienced a downturn, the company still experienced good profit margins. Thus, working capital should not have declined as it did. This might indicate that funds were diverted for personal use. Explanation for Choice C: The high employee turnover, the drastic drop in working capital, and sole-source procurement would all be indicators of potential fraud. 1263

Section F – Fraud Risks MULTIPLE CHOICE QUESTION NO. 151 Which of the following is an example of skimming? A. Two friends who work together have an arrangement that the first to arrive to work for the day punches in using the time clock for both of them, and the last one to leave punches out for both of them. B. The organization issued payroll checks weekly. However, due to cash flow issues, the organization kept the amounts withheld from the employee paychecks (federal withholding, Social Security, Medicare, etc.) for its own use. C. The auditor discovered one of the managers was including personal items on the organization’s weekly vendor orders. There was no evidence the manager had reimbursed the organization for the expense.

D. As an incentive to limo drivers, an organization promised $25 for each $250 helicopter tour sold. After hearing several customer complaints, the manager discovered that one of the drivers was charging the customers $300 per tour and pocketing the difference. 1542

Section F – Fraud Risks ANSWER TO QUESTION NO. 151 CORRECT ANSWER IS D . Its Explanation is Skimming is a theft of cash before the accounting entry is recorded. Examples include accepting payment from a customer but not reporting the sale and overcharging the customer for the sale and keeping the difference. Skimming is very difficult to detect as there is no audit trail.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: Payroll fraud is a false claim for compensation. It can include, for example, falsifying timesheets, claiming overtime for hours not worked, and payments to fictitious or terminated employees. An employee punching the time clock for another employee is an example of payroll fraud. Explanation for Choice B:

The illegal nonpayment or underpayment of tax is considered tax evasion. Intentionally falsifying a tax return, failing to remit taxes, and failing to report taxes are examples. Explanation for Choice C: Payment fraud involves payment for fictitious goods or services, overstatement of invoices, or use of invoices for personal reasons. The manager was using the organization, through vendor invoices, to purchase items for his or her personal use. 1543

Section F – Fraud Risks MULTIPLE CHOICE QUESTION NO. 153 An upcoming internal audit engagement involves the possibility of fraud. The Standards require the internal auditors to possess which of the following skills? A. To be able to identify indicators that fraud may have been committed. B. To hold a current Certified Fraud Examiner certification. C. To hold a current Certified Internal Auditor certification. D. To possess technical expertise in a particular area of fraud examination, such as computer hacking.

1546

Section F – Fraud Risks ANSWER TO QUESTION NO. 153 CORRECT ANSWER IS A . Its Explanation is An internal auditor’s responsibilities for the detection of fraud include (1) having sufficient knowledge to identify indicators that fraud may have been committed, (2) being alert to opportunities that could allow fraud (e.g., control weaknesses), and (3) being able to evaluate the indicators of fraud sufficiently to determine whether a fraud investigation should be conducted.

INCORRECT CHOICES EXPLANATION Explanation for Choice B: The Standards do not require an internal auditor to hold a Certified Fraud Examiner certification to serve on an engagement in which possibility of fraud exists. Explanation for Choice C: The Standards do not require an internal auditor to hold a Certified Internal Auditor certification to serve on an engagement in which possibility of fraud exists.

Explanation for Choice D: The Standards do not require an internal auditor to have technical expertise in a particular area of fraud examination to serve on an engagement in which a possibility of fraud exists. 1547

Section F – Fraud Risks MULTIPLE CHOICE QUESTION NO. 155 The internal audit activity’s responsibility for preventing fraud is to

A. Exercise operating authority over fraud prevention activities. B. Maintain internal control. C. Establish internal control. D. Evaluate the system of internal control.

1550

Section F – Fraud Risks ANSWER TO QUESTION NO. 155 CORRECT ANSWER IS D . Its Explanation is Control is the principal means of preventing fraud. Management, in turn, is primarily responsible for the establishment and maintenance of control. In an assurance engagement, internal auditors are primarily responsible for preventing fraud by examining and evaluating the adequacy and effectiveness of control

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

Operating authority is a management function. Explanation for Choice B: Maintaining internal control is management’s responsibility. Explanation for Choice C: Establishing internal control is management’s responsibility. 1551

Section F – Fraud Risks MULTIPLE CHOICE QUESTION NO. 157 Internal auditors and management have become increasingly concerned about computer fraud. Which of the following control procedures is least important in preventing computer fraud? A. Testing of new applications by users during the systems development process. B. Program change control requiring a distinction between production programs and test programs. C. Segregation of duties between the programmer and systems analyst. D. Segregation of duties between the applications programmer and the program librarian function. 1554

Section F – Fraud Risks ANSWER TO QUESTION NO. 157 CORRECT ANSWER IS C . Its Explanation is Segregation of the programming and systems analysis functions is of least concern given that the analyst is responsible for communicating the nature of the design to the programmer. Programmer-analyst is a common job title.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

Testing of new applications by users is one of the most important controls to help prevent computer fraud. Explanation for Choice B: A program should be redesigned using a working copy, not the version in use. Explanation for Choice D: Adequate control over program changes is one of the most important control procedures in a computerized environment. Programmers should not have access to operational progress, and librarians should not be able to program. 1555

Section F – Fraud Risks MULTIPLE CHOICE QUESTION NO. 159 How does fraud awareness training support fraud prevention?

A. Reduces opportunities to commit fraud. B. Facilitates the testing of controls. C. Helps develop credible responses to potential risks. D. Limits rationalization.

1558

Section F – Fraud Risks ANSWER TO QUESTION NO. 159 CORRECT ANSWER IS D . Its Explanation is An individual justifies fraudulent actions by rationalization. Fraud awareness training minimizes rationalization by (1) supporting the ethical tone at the top, (2) promoting an anti-fraud environment, and (3) emphasizing that the organization does not tolerate misconduct of any kind.

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

Fraud awareness training does not reduce opportunities to commit fraud. Explanation for Choice B: Fraud awareness training does not facilitate the testing of controls. Explanation for Choice C: Controls help develop credible responses to potential risks, not fraud awareness training. 1559

Section F – Fraud Risks MULTIPLE CHOICE QUESTION NO. 161 The primary purpose of operating a fraud hotline within an organization is to A. Measure how well organizational units are achieving the organization’s goals. B. Reduce total costs of operations. C. Concentrate on areas that deserve attention. D. Establish channels of communication for people to report suspected improprieties. 1562

Section F – Fraud Risks ANSWER TO QUESTION NO. 161 CORRECT ANSWER IS D . Its Explanation is Fraud-related information and communication practices promote fraud risk management. For example, hotlines are a convenient way for employees to report suspected improprieties. INCORRECT CHOICES EXPLANATION Explanation for Choice A: The primary purpose of operating a fraud hotline is not to measure how well organizational units are achieving the organization’s goals. Explanation for Choice B: Reducing total costs of operating the organization is not the primary purpose of a fraud hotline. Explanation for Choice C: Concentrating on areas that deserve attention and less attention on areas operating as expected is not the primary purpose of a fraud hotline. 1563

Section F – Fraud Risks MULTIPLE CHOICE QUESTION NO. 163 A chief audit executive (CAE) suspects that several employees have used desktop computers for personal gain. In conducting an investigation, the primary reason that the CAE chose to engage a forensic information systems auditor rather than using the organization’s information systems auditor is that a forensic information systems auditor would possess A. Superior analytical skills that would facilitate the identification of computer abuse. B. Knowledge of what constitutes evidence acceptable in a court of law. C. Knowledge of the computing system that would enable a more comprehensive assessment of the computer use and abuse. D. Superior documentation and organization skills that would facilitate in the presentation of findings to senior management and the board. 1566

Section F – Fraud Risks ANSWER TO QUESTION NO. 163 CORRECT ANSWER IS B . Its Explanation is The distinguishing characteristic of forensic auditing is the knowledge needed to testify as an expert witness in a court of law. Although a forensic auditor may possess the other attributes listed, the organization’s information systems auditor may also possess these skills or knowledge elements.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: A forensic auditor would not necessarily have analytical skills that are superior to those of the organization’s auditor.

Explanation for Choice C: The organization’s information systems auditor would probably have more knowledge of the organization’s computing systems than a forensic auditor. Explanation for Choice D: A forensic auditor would not necessarily have organizational skills that are superior to those of the organization’s 1567 auditor.

Section F – Fraud Risks MULTIPLE CHOICE QUESTION NO. 165 Why does The IIA’s Code of Ethics in Rule of Conduct 4.2 require that due professional care be used in obtaining information to support an engagement opinion? A. To require honesty in performing work. B. If internal auditors were permitted to communicate engagement results without obtaining sufficient information, they would be in a position to accept fees or gifts from engagement clients. C. To preclude any conflict of interest. D. Sufficient, reliable, relevant, and useful information lends credibility to the opinion. 1570

Section F – Fraud Risks ANSWER TO QUESTION NO. 165 CORRECT ANSWER IS D . Its Explanation is Engagements must be performed with proficiency and due professional care (Attr. Std. 1200), and the engagement results must be communicated (Perf. Std. 2400). Engagement results include observations, conclusions, opinions, recommendations, and action plans. If internal auditors expressed opinions or otherwise communicated engagement results without substantive investigation and compliance with the Standards, such communications would be meaningless. The Standards are therefore incorporated by reference into The IIA’s Code of Ethics by Rule of Conduct 4.2. Thus, internal auditors must identify sufficient, reliable, relevant, and useful information to achieve the engagement’s objectives

INCORRECT CHOICES EXPLANATION Explanation for Choice A:

Rule of Conduct 1.1 requires honesty, diligence, and responsibility in the performance of work. Explanation for Choice B: Rule of Conduct 2.2 prohibits accepting anything that may impair or be presumed to impair the professional judgment of an internal auditor. Explanation for Choice C: A separate ethics rule prohibits conflicts of interest. Rule of Conduct 2.1 states, “Internal auditors shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization.” 1571

Section F – Fraud Risks MULTIPLE CHOICE QUESTION NO. 167 When interviewing an individual suspected of fraud, the interviewer should

A. Lock the door to ensure no one will interrupt the interview. B. Ensure the suspect’s supervisor is present during the interview. C. Pay attention to the wording choices of the suspect. D. Ask if the suspect committed the fraud.

1574

Section F – Fraud Risks ANSWER TO QUESTION NO. 167 CORRECT ANSWER IS C . Its Explanation is Through his or her choice of words, a suspect can reveal much without meaning to. Excessive and/or inappropriate use of the passive voice or of impersonal pronouns may indicate a desire to be detached from the topic.

INCORRECT CHOICES EXPLANATION Explanation for Choice A: Although the area in which the fraud interview takes place should be private, the suspect should not feel that (s)he is in a room in which no one can come to his or her aid. Explanation for Choice B: The presence of the suspect’s supervisor may inhibit honest communication on the suspect’s part. Explanation for Choice D: Directly asking the suspect if (s)he committed the fraud is not appropriate. The questioner should appear confident that (s)he already has all the relevant facts and not provide the suspect with an opportunity to deny the fraud. 1575

Section F – Fraud Risks MULTIPLE CHOICE QUESTION NO. 169 Forensic auditing differs from internal auditing because forensic auditing

A. Relies more heavily on investigative skills. B. Concentrates less on legal issues. C. Places less emphasis on communication skills. D. Focuses on error identification and prevention.

1578

Section F – Fraud Risks ANSWER TO QUESTION NO. 169 CORRECT ANSWER IS A . Its Explanation is Forensic auditing is the use of accounting and auditing knowledge and skills in matters having civil or criminal legal implications. Engagements involving fraud, litigation support, and expert witness testimony are examples. Forensic auditing requires investigative and accounting skills. The investigative skills are required to collect, analyze, and evaluate financial evidence. These skills differentiate forensic auditing from internal auditing.

INCORRECT CHOICES EXPLANATION Explanation for Choice B:

Forensic auditing applies accounting facts gathered through auditing procedures to legal problems. Thus, forensic auditing focuses heavily on legal issues. Explanation for Choice C: Although both forensic and internal auditing require written and oral communication skills, these skills are more critical in forensic auditing. Explanation for Choice D: Internal auditing, not forensic auditing, focuses on error identification and prevention.

1579

LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017 CIA Part 1 Test Bank Questions 2022 (16 August 2021) Web: https://zainacademy.us/product/cia-part-1-test-bank-questions-2022/ Web: https://mzain.org/product/cia-part-1-test-bank-questions-2022/ CPA Auditing and Attestation 2021 (26 July 2021) Web: https://zainacademy.us/product/cpa-auditing-and-attestation-2021/ Web: https://mzain.org/product/cpa-auditing-and-attestation-2021/ CIA Review Complete 2021 (15 June 2021) Web: https://zainacademy.us/product/cia-review-complete-2021/ Web: https://mzain.org/product/cia-review-complete-2021/

1581

LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017 CIA Part 2 Practice of Internal Auditing 2021 (05 May 2021) Web: https://zainacademy.us/product/cia-part-2-practice-of-internal-auditing-2021/ Web: https://mzain.org/product/cia-part-2-practice-of-internal-auditing-2021/ CIA Challenge Exam Study Book 2021 (03 May 2021) Web: https://zainacademy.us/product/cia-challenge-exam-study-book-2021/ Web: https://mzain.org/product/cia-challenge-exam-study-book-2021/ CIA Part 1 Essentials of Internal Auditing 2021 (23 April 2021) Web: https://zainacademy.us/product/cia-part-1-essentials-of-internal-auditing-2021/ Web: https://mzain.org/product/cia-part-1-essentials-of-internal-auditing-2021/ CIA Part 3 Business Knowledge for Internal Auditing 2021 (14 April 2021) Web: https://zainacademy.us/product/cia-part-3-2021/

Web: https://mzain.org/product/cia-part-3-2021/

1582

LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017 CMA Preparation Pack 2021 (24 March 2021) Web: https://zainacademy.us/product/cma-preparation-pack-2021/ Web: https://mzain.org/product/cma-preparation-pack-2021/ CMA Part 1 Preparation Pack 2021 (22 March 2021) Web: https://zainacademy.us/product/cma-part-1-preparation-pack-2021/ Web: https://mzain.org/product/cma-part-1-preparation-pack-2021/ CMA Part 2 Preparation Pack 2021 (12 February 2021) Web: https://zainacademy.us/product/cma-part-2-preparation-pack-2021/ Web: https://mzain.org/product/cma-part-2-preparation-pack-2021/ CIA Challenge Exam Test Bank Questions 2021 (26 November 2020) Web: https://zainacademy.us/product/cia-challenge-exam-2021/ Web: https://mzain.org/product/cia-challenge-exam-2021/

1583

LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017 CIA Part 3 Test Bank Questions 2021 (22 November 2020) Web: https://zainacademy.us/product/cia-part-3-test-bank-questions-2021/ Web: https://mzain.org/product/cia-part-3-test-bank-questions-2021/ CIA Part 1 Test Bank Questions 2021 (28 September 2020) Web: https://zainacademy.us/product/cia-part-1-test-bank-questions-2021/ Web: https://mzain.org/product/cia-part-1-test-bank-questions-2021/ CIA Part 2 Test Bank Questions 2021 (10 September 2020) Web: https://zainacademy.us/product/cia-part-2-test-bank-2021/ Web: https://mzain.org/product/cia-part-2-test-bank-questions-2021/ CMA Part 2 Strategic Financial Management 2020 (21 April 2020) Web: https://zainacademy.us/product/cma-part-2-2020/ Web: https://mzain.org/product/cma-part-2-strategic-financial-management-2020/

1584

LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017 CMA Part 1 Financial Planning, Performance and Analytics 2020 (01 February 2020) Web: https://zainacademy.us/product/cma-part-1-study-book-2020/ Web: https://mzain.org/product/cma-part-1-financial-planning-performance-and-analytics-2020/ CIA Part 2 Test Bank Questions 2020 (24 December 2019) Web: https://zainacademy.us/product/cia-part-2-test-bank-2020/ Web: https://mzain.org/product/cia-part-2-test-bank-questions-2020/ CIA Part 3 Test Bank Questions 2020 (14 December 2019) Web: https://zainacademy.us/product/cia-part-3-test-bank-2020/ Web: https://mzain.org/product/cia-part-3-test-bank-questions-2020/ CIA Part 1 Test Bank Questions 2020 (08 December 2019) Web: https://zainacademy.us/product/cia-part-1-test-bank-2020/ Web: https://mzain.org/product/cia-part-1-test-bank-questions-2020/ 1585

LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017 CIA Part 2 Practice of Internal Auditing 2020 (25 September 2019) Web: https://zainacademy.us/product/cia-part-2-2020/ Web: https://mzain.org/product/cia-part-2-practice-of-internal-auditing-2020/ CIA Part 1 Essentials of Internal Auditing 2020 (12 September 2019) Web: https://zainacademy.us/product/cia-part-1-2020/ Web: https://mzain.org/product/cia-part-1-essentials-of-internal-auditing-2020/ CPA Business Environment and Concepts (BEC) 2019 (22 July 2019) Web: https://zainacademy.us/product/cpa-business-environment-and-concepts-bec-2019/ Web: https://mzain.org/product/cpa-business-environment-and-concepts-bec-2019/ CIA Part 2 Practice of Internal Auditing 2019 (11 April 2019) Web: https://zainacademy.us/product/cia-part-2-practice-of-internal-auditing-2019/ Web: https://mzain.org/product/cia-part-2-practice-of-internal-auditing-2019/ 1586

LIST OF BOOKS PUBLISHED SINCE FEBRUARY 2017 CIA Part 1 Essentials of Internal Auditing 2019 (17 February 2019) Web: https://zainacademy.us/product/cia-part-1-essentials-of-internal-auditing-2019/ Web: https://mzain.org/product/cia-part-1-essentials-of-internal-auditing-2019/ CIA Part 3 Business Knowledge for Internal Auditing 2019 (05 January 2019) Web: https://zainacademy.us/product/cia-part-3-business-knowledge-for-internal-auditing-2019/ Web: https://mzain.org/product/cia-part-3-business-knowledge-for-internal-auditing-2019/ Certified Management Accountant (CMA) Part 1 2019 (07 October 2018) Web: https://zainacademy.us/product/cma-part-1-financial-reporting-planning-performance-and-control2019/ Web: https://mzain.org/product/cma-part-1-financial-reporting-planning-performance-and-control-2019/ Certified Management Accountant (CMA) Part 2 2019 (13 September 2018) Web: https://zainacademy.us/product/cma-part-2-financial-decision-making-2019/ Web: https://mzain.org/product/cma-part-2-financial-decision-making-2019/ 1587

1588

QUOTES THAT WILL CHANGE YOUR LIFE These are the quotes that have made me what I am today. You can also be the one in your Universe: • We are born in one day. We die in one day. We can change in one day. And we can fall in love in one day Anything can happen in just one day. The finest of the brains are in an extreme level of slavery. For them, career and job are important than financial freedom and peace of soul. You will be replaced in a day or two when you leave this world for eternal life. Not understanding this point will lead to a dead-end tunnel. Seek certification to change your world, well-being, and, most important yourself. • Excellence, Creativity, Passion, and Patience are key ingredients to become a Star. • Get up and Hustle. Chase your dreams. Turn your dreams into reality by showing up every day.

1589

QUOTES THAT WILL CHANGE YOUR LIFE • Have Confidence. You can do it. You have the capacity and potential to reach the top. Just believe in your abilities and chase your dream. • Dream is what seen by an open eye, not with the closed one. • Dreams don’t work unless you do. • What we learn becomes a part of who we are. • The right way to start your day is to focus on end goal. • Sometimes the bad things that happen in our lives put us directly on the path to the best things that will ever happen to us. • A creative man is motivated by the desire to achieve, not by the desire to beat others. • Twenty years from now you will be more disappointed by the things that you didn’t do than by the ones you did do. So throw off the bowlines. Sail away from the safe harbor. Catch the trade winds in your sails. Explore. Dream. Discover.

1590

QUOTES THAT WILL CHANGE YOUR LIFE • It does not matter how slow you go. So long as you don’t stop. • It is never too late to begin. • If it scares you, it might be a good thing to try. • There is only you and your camera. The limitations in your photography are in yourself, for what we see is what we are. • Creativity is Intelligence having fun. • All progress takes place out of comfort zone, so when are you starting. • Everything you have ever wanted is on the other side of fear. • When everything seems to be going against you, remember that the airplane takes off against the wind, not with it.

1591

QUOTES THAT WILL CHANGE YOUR LIFE • Unexpected kindness is the most powerful, least costly, and most underrated agent of human change. • Sometimes courage is the quiet voice at the end of the day saying I will try again tomorrow. • Sometimes you win, sometimes you learn. • Do something today that your future self will thank you for. • The past has no power over the present moment. So forget about your failures and start a new day. • Most of the important things in the world have been accomplished by people who have kept on trying when there seemed to be no help at all. • Your imagination is everything. It is the preview of life’s coming attractions. Only those who believe anything is possible can achieve things most would consider impossible. • Don’t let the noise of others’ opinions drown out your own inner voice. • Have the courage to follow your heart and intuition. They somehow already know what you truly want to become. Everything else is secondary. 1592

QUOTES THAT WILL CHANGE YOUR LIFE • Your time is limited, so don’t waste it living someone else’s life. • Remembering that you are going to die is the best way I know to avoid the trap of thinking you have something to lose. You are already naked. There is no reason not to follow your heart. • Your work is going to fill large part of your life and the only way to be truly satisfied is to do what you believe is great work. The only way to do great work is to love what you do. If you haven’t found it yet, keep looking. Don’t settle. As with all matters of the heart, you will know when you find it. • Success doesn’t come from what you do occasionally. It comes from what you do consistently. • If opportunity doesn’t knock, build a door. • The things you regret most in life are the risks you didn’t take. • Every successful person was once an unknown person that refused to give up on their dream. • Life is too short to be working for someone else’s dream.

1593

QUOTES THAT WILL CHANGE YOUR LIFE • It always seems impossible until it’s done. • Innovation distinguishes between a leader and a follower. • Success is not final; failure is not fatal. It is the courage to continue that counts. • Every problem is a gift. Without problems, we would not grow. • There is no shortage of remarkable ideas, what’s missing is the will to execute them.

• Forget past mistakes. Forget failures. Forget everything except what you are going to do now and do it. • Many of life’s failure are people who did not realize how close they were to success when they gave up. • If something is important enough, or you believe something is important enough, even if you are scared, you will keep going.

1594

QUOTES THAT WILL CHANGE YOUR LIFE • The best way to predict the future is to create it. • The only strategy that is guaranteed to fail is not taking risks. • Only those who will risk going too far can possibly find out how far one can go. • Don’t waste words on people who deserve your silence. Sometimes the most powerful thing you can say is nothing at all.

1595