Upgrade to remove ads
Only $2.99/month

ACCT 749: Quizzes

Terms in this set (120)

Which of following is not one of the three components of the internal auditing value proposition:

independence
assurance
insight
objectivity
Independence
Which of the following is not a key components of the definition of internal auditing

Answers:
Helping the organization accomplish its objectives.
Installing and managing effective accounting internal controls.
Evaluating and improving the effectiveness of risk management, control, and governance processes.
Assurance and consulting activity designed to add value and improve operations.
Selected Answer:

Installing and managing effective accounting internal controls.
What is the most accurate term for the procedures used by the board to oversee activities performed to achieve organizational objectives?

Governance
Control
Risk Management
Monitoring
Governance
Is the following definition of Governance true or false? Governance is the process conducted by the board of directors to authorize, direct, and oversee management toward the achievement of the organization's objectives.
True
Which of the following activities is outside the scope of internal auditing?

Evaluating risk exposure regarding compliance with policies, procedures, and contracts.
Safeguarding of assets.
Evaluating risk exposures regarding compliance with laws and regulations.
Ascertaining the extent to which management has established criteria to determine whether objectives have been accomplished.
Safeguarding of assets.
The purpose of the internal audit activity's evaluation of the effectiveness of existing risk management processes is to determine that

Management has planned and designed so as to provide reasonable assurance of the achieving objectives.
Management directs processes so as to provide reasonable assurance of the achieving objectives.
The organization's objectives will be achieved efficiently and economically.
The organization's objectives will be achieved in an accurate and timely manner and with minimal use of resources.
Management has planned and designed so as to provide reasonable assurance of the achieving objectives.
Which of the following goals sets risk management strategies at the optimum level?

Minimize costs
Maximize market share
Minimize losses
Maximize shareholder value
Maximize shareholder value
Is the following definition of Assurance true or false? Assurance is subjective examination of evidence for the purpose of providing an independent assessment on risk management, control, or governance processes for the organization.
False
Which one is not the internal auditor's assurance responsibility to achieve organizations strategy, operational, financial, and compliance objectives

Assurance on Governance
Assurance on Risk
Assurance on Financial Statements
Assurance on Controls
Assurance on Financial Statements
Which one of the following is not a part of business objectives of COSO 2004

Strategic Objectives
Operations Objectives
Enforcing Objectives
Compliance Objectives
Enforcing Objectives
Which of the following is NOT an appropriate governance role for an organization's board of directors?

a.
Influencing the organization's risk-taking philosophy
b.
Evaluating and approving strategic objectives
c.
Providing assurance directly to third parties that the organization's governance processes are effective
d.
Establishing broad boundaries of conduct, outside of which the organizations should not operate
c.
Providing assurance directly to third parties that the organization's governance processes are effective
The internal audit activity should assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives except.

a.
Promoting appropriate ethics and values within the organization
b.
Ensuring proper implementation of controls
c.
Communicating risk and control information to appropriate areas of the organization
d.
Coordinating the activities of and communicating information among the board, external and internal auditors, and management
Selected Answer:
b.
Ensuring proper implementation of controls
Governance is ultimately the responsibility of the board. The first of the board's responsibility is to identify the key stakeholders of an organization. A stakeholder is any party with a direct or indirect interest in an organization's activities and outcomes. The following list represents the stakeholders who are directly involved in the operation of the organization's business except.

Employees
Customers
Shareholders/investors
Vendors
Shareholders/investors
Because the various stakeholders will likely have different expectations, the outcomes each type of stakeholder deems unacceptable will vary as well. The board may need to consider the following types of outcomes except:

Financial
Ethical
Operational
Strategic
Ethical
The risk committee in an organization is responsible for determining that all key risks are identified, linked to risk management activities, and assigned to risk owners.
True
The responsibilities of the risk owners include the following except:

Evaluating whether the risk management activities are designed adequately to manage the related risks within the tolerable levels specified by the senior management.
Assessing the ongoing capabilities of the organization to execute those risk management activities.
Determine whether the risk management activities are currently operating as designed.
Ensuring effective organizational performance management and accountability.
Ensuring effective organizational performance management and accountability.
A series of business and related auditing failures led to the passage of the Sarbanes-Oxley Act (2002).
True
According to Title III-Corporate Responsibility, each member of the audit committee shall be a member of the board of directors and be independent. To be considered as independent, the committee member shall not accept any consulting, advisory, or other compensatory fee from the issuer.
True
According to Title III of SOX Act of 2002, the SEC requires that the principal executive officer or officers and the principal financial officer or officers (the signing officers) are responsible for establishing and maintaining internal controls; have designed such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to such officers; have evaluated the effectiveness of the issuer's internal controls as of a date within 90 days prior to the report; have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date.
True
According to Title 404 of SOX 2002, SEC requires each annual report to contain an internal control report, which shall (a) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; (b) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting, and (c) assert that the financial statements are prepared in accordance with GAAP.
False
When assessing the risk associated with an activity, an internal auditor should

A.
Determine how the risk should best be managed.
B.
Provide assurance on the management of the risk
C.
Update the risk management process based on risk exposures.
D.
Design controls to mitigate the identified risks.
B.
Provide assurance on the management of the risk
The primary reason that a bank would maintain a separate compliance function is to

A.
Better manage perceived high risk.
B.
Strengthen control over the bank's investments.
C.
Ensure the independence of line and senior management.
D.
Better respond to shareholder expectations.
A.
Better manage perceived high risk.
Enterprise risk management

A.
Guarantees achievement of organizational objectives.
B.
Requires establishment of risk and control activities by internal auditors.
C.
Involves the identification of events with negative impacts on organizational objectives.
D.
Includes selection of the best risk response for the organization.
C.
Involves the identification of events with negative impacts on organizational objectives.
Which of the following represents the best statement of responsibilities for risk management?

Management/Internal Auditor/Board

A. Responsibility for risk/Oversight role/ Advisory role
B. Oversight role/Responsibility for risk/ Advisory role
C. Responsibility for risk/Advisory role / Oversight role
D. Oversight role /Advisory role/ Responsibility for risk
C
The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. With respect to evaluating the adequacy of risk management processes, internal auditors most likely should

A.
Recognize that organizations should use similar techniques for managing risk.
B.
Determine that the key objectives of risk management processes are being met.
C.
Determine the level of risks acceptable to the organization.
D.
Treat the evaluation of risk management processes in the same manner as the risk analysis used to plan the engagements.
B.
Determine that the key objectives of risk management processes are being met.
Which of the following is not a responsibility of the Chief Audit Executive?

A.
To communicate the internal audit activity's plans and resource requirements to senior management and the board for review and approval.
B.
To coordinate with other internal and external providers of audit and consulting services to ensure proper coverage and minimize duplication.
C.
To oversee the establishment, administration, and assessment of the organization's system of risk management processes.
D.
To follow up on whether appropriate management actions have been taken on significant reported risks.
C.
To oversee the establishment, administration, and assessment of the organization's system of risk management processes.
Components of enterprise risk management (ERM) are integrated with the management process. Which of the following correctly states four of the eight components of ERM according to COSO's framework?

A.
Event identification, risk assessment, control activities, and objective setting.
B.
Internal environment, risk responses, monitoring, and risk minimization.
C.
External environment, information and communication, monitoring, and event identification.
D.
Objective setting, response to opportunities, risk assessment, and control activities.
A.
Event identification, risk assessment, control activities, and objective setting.
Which risk response reflects a change from acceptance to sharing?

A.
An insurance policy on a manufacturing plant was not renewed.
B.
Management purchased insurance on previously uninsured property.
C.
Management sold a manufacturing plant.
D.
After employees stole numerous inventory items, management implemented mandatory background checks on all employees.
B.
Management purchased insurance on previously uninsured property.
Which one of the following is not a part of ISO 31000 framework.

A.
Understand the organization and its context.
B.
Delegate accountability and authority.
C.
Allocate the necessary resources.
D.
Assess the risk.
D.
Assess the risk.
Which one of the following is not a part of ISO 3100 Process

A.
Establish the context, which focuses on understanding and agreeing on both the external and internal factors that will influence risk.
B.
Treat the risk.
C.
Monitor risk.
D.
Explicitly address uncertainty.
D.
Explicitly address uncertainty.
A primary purpose of establishing a code of conduct within a professional organization is to

A.
Reduce the likelihood that members of the profession will be sued for substandard work.
B.
Ensure that all members of the profession perform at approximately the same level of competence.
C.
Promote an ethical culture among professionals who serve others.
D.
Require members of the profession to exhibit loyalty in all matters pertaining to the affairs of their organization.
C.
Promote an ethical culture among professionals who serve others.
The IIA's Code of Ethics requires internal auditors to perform their work with

A.
Honesty, diligence, and responsibility.
B.
Timeliness, sobriety, and clarity.
C.
Knowledge, skills, and competence.
D.
Punctuality, objectivity, and responsibility.
A.
Honesty, diligence, and responsibility.
The Standards consists of three types of Standards. Which Standards apply to the characteristics of providers of internal auditing services?

A.
Implementation Standards.
B.
Performance Standards.
C.
Attribute Standards.
D.
Independence Standards.
C.
Attribute Standards.
Which Standards expand upon the other categories of Standards?

A.
Performance Standards.
B.
Attribute Standards.
C.
Implementation Standards.
D.
All of the choices are correct.
C.
Implementation Standards.
The purpose of the internal audit activity can be best described as

A.
Adding value to the organization.
B.
Providing additional assurance regarding fair presentation of financial statements.
C.
Expressing an opinion on the adequate design and functioning of the system of internal control.
D.
Assuring the absence of any fraud that would materially affect the financial statements.
A.
Adding value to the organization.
The chief audit executive (CAE) has been appointed to a committee to evaluate the appointment of the external auditors. The engagement partner for the external accounting firm wants the CAE to join her for a week of hunting at her private lodge. The CAE should

A.
Accept, assuming both their schedules allow it.
B.
Refuse on the grounds of conflict of interest.
C.
Accept as long as it is not charged to employer time.
D.
Ask the comptroller whether accepting the invitation is a violation of the organization's code of ethics.
B.
Refuse on the grounds of conflict of interest.
Which of the following permissible under The IIA's Code of Ethics?

A.
Disclosing confidential, engagement-related information that is potentially damaging to the organization in response to a court order.
B.
Using engagement-related information in a decision to buy an ownership interest in the employer organization.
C.
Accepting an unexpected gift from an employee whom the internal auditor has praised in a recent engagement communication.
D.
Not reporting significant observations and recommendations about illegal activity to the board because management has indicated it will address the issue.
A.
Disclosing confidential, engagement-related information that is potentially damaging to the organization in response to a court order.
The board of an organization has charged the chief audit executive (CAE) with upgrading the internal audit activity. The CAE's first task is to develop a charter. What item should be included in the statement of objectives?

A.
Report all engagement results to the board every quarter.
B.
Notify governmental regulatory agencies of unethical business practices by organization management.
C.
Evaluate the adequacy and effectiveness of the organization's controls.
D.
Submit budget variance reports to management every month.
C.
Evaluate the adequacy and effectiveness of the organization's controls.
Due professional care implies reasonable care and competence, not infallibility or extraordinary performance. Thus, which of the following is unnecessary?

A.
The conduct of examinations and verifications to a reasonable extent.
B.
The conduct of extensive examinations.
C.
The reasonable assurance that compliance does exist.
D.
The consideration of the possibility of material irregularities.
B.
The conduct of extensive examinations.
Following an external assessment of the internal audit activity, who is (are) responsible for communicating the results to the board?

A.
Internal auditors.
B.
Audit committee.
C.
Chief audit executive.
D.
External auditors.
Selected Answer:
C.
Chief audit executive.
Which of the following is not a business process?

Strategic planning.
Review and write-off of delinquent loans
Safeguarding of assets.
Remittance of payroll taxes to the respective tax authorities.
Safeguarding of assets.
Which of the following symbols represents a process in a process map?

Rectangle.
Diamond.
Arrow.
Oval.
Rectangle
The key objectives of a process can be determined by getting answers to the following questions except:

Why does the process exist?
How does this process contribute to the success of the organization's strategy?
What accomplishments tend to get employees involved in the process recognized by management or internal customers?
What else does the process do that is important to management?
What accomplishments tend to get employees involved in the process recognized by management or internal customers?
A business process is simply the set of connected activities linked with each other for the purpose of achieving an objective.
True
While Management and support processes do vary between organizations, they generally are necessary across all industries and support, but do not directly create, the value embedded in the organization's objectives.
True
According to COSO (Committee of Sponsoring Organization of the Treadway Commission) ERM objectives, the potential business risks are broken down into the following four categories: Strategic Risks, Operations Risks, Compliance Risks, and Reporting Risks. The Reporting Risks category has the following internal risk components except

Budgeting.
Performance measures.
Internal control.
Capital availability.
Capital availability.
A major upgrade to an important information system would most likely represent a high:

External risk factor.
Internal risk factor.
Other risk factor.
Likelihood of future systems problems.
Internal risk factor.
After business risks have been identified, they should be assessed in terms of their inherent:

Impact and likelihood.
Likelihood and probability.
Significance and severity.
Significance and control effectiveness.
Impact and likelihood.
Following are some of the steps used in determining the critical risk factors and processes to take actions as internal auditors under the Business Risk Assessment Approach using COSO Framework except.

Identify business risks using the Basic Business Risk Model.
Link critical risks to objectives.
Assign a score on a scale of 1-3 to each risk factor.
Map Risks to the business processes and identify processes and risks to audit or manage.
Assign a score on a scale of 1-3 to each risk factor.
Following are some of the steps used in determining the risk factors and processes to audit or manage as internal auditors under the Risk Factor Approach for assessing business risks except.

Identify risk factors using the Basic Business Risk Model.
Establish the relative weight for each factor on a scale 0-100, such that the total of all the factors' weight add to 100.
Use the Risk Assessment Model to determine the impact and likelihood of each risk factor.
Perform Risk/Control Analysis.
Use the Risk Assessment Model to determine the impact and likelihood of each risk factor.
The requirement that purchases be made from suppliers on an approved vendor list is an example of a:

Preventive control.
Detective control.
Compensating control.
Monitoring control.
Preventive control.
An effective system of internal controls is most likely to detect a fraud perpetrated by a:

Group of employees in collusion.
Single employee.
Group of managers in collusion.
Single manager.
Single employee.
Appropriate internal control for a multinational corporation's branch office that has a department responsible for the transfer of money requires that:

The individual who initiates wire transfers does not reconcile the bank statement.
The branch manager must receive all wire transfers.
Foreign currency rates must be computed separately by two different employees.
Corporate management approves the hiring of employees in this department.
The individual who initiates wire transfers does not reconcile the bank statement.
The policies and procedures helping to ensure that management directives are executed and actions are taken to address risks to achievements of objectives describes

Risk assessment.
Control environment.
Control activities
Monitoring.
Control activities
An organization's directors, management, external auditors, and internal auditors all play important roles in creating a proper control environment. Senior management is primarily responsible for

Establishing a proper organizational culture and specifying a system of internal control.
Designing and operating a control system that provides reasonable assurance that established objectives and goals will be achieved.
Ensuring that external and internal auditors adequately monitor the control environment.
Implementing and monitoring controls designed by the board of directors.
Establishing a proper organizational culture and specifying a system of internal control.
Which of the following represents the complete set of internal control components according to COSO framework:

Operations, Reporting, Risk assessment, Control activities, and Monitoring activities.
Reporting, Control environment, Risk assessment, Control activities, and Monitoring activities.
Operations, Compliance, Risk assessment, Control activities, and Monitoring activities.
Control environment, Risk assessment, Control activities, Information & Communication, and Monitoring activities.
Control environment, Risk assessment, Control activities, Information & Communication, and Monitoring activities.
Proper segregation of functional responsibilities in an effective system of internal control calls for separation of the functions of

Authorization, execution, and payment.
Authorization, recording, and custody.
Custody, execution, and reporting.
Authorization, payment, and recording.
Authorization, recording, and custody.
According to the PCAOB, who is responsible for the reliability of the internal controls over financial reporting process of an entity?

The entity's CEO and/or CFO.
The entity's board of directors.
An internal auditor.
The external auditor.
The entity's CEO and/or CFO.
Process level control is an activity that operates within a specific process for the purpose of achieving process-level objectives. Which of the following is not an example of the process level control.

Reconciliation of key accounts.
Process employee supervision and performance evaluations.
Authorizations.
Monitoring/oversight of specific transactions.
Authorizations.
In the interest of reliable financial reporting, management makes assertions regarding the recognition, measurement, presentation, and disclosure of accounts, transactions, events included in the entity's financial statements. Which of the following is not one of the five basic financial statement assertions?

Existence or occurrence.
Completeness.
Classification.
Right and obligation.
Classification
The Internet firewall is designed to provide protection against:

Computer viruses.
Unauthorized access from outsiders.
Lightning strikes and power surges.
Arson.
Unauthorized access from outsiders.
Which of the following best illustrates the use of EDI?

Purchasing merchandise from a company's Internet site.
Computerized placement of a purchase order from a customer to its supplier.
Transfer of data from a desktop computer to a database server.
Withdrawing cash from an ATM.
Computerized placement of a purchase order from a customer to its supplier.
Which of the following issues would be of most concern to an auditor relating to an organization's Internet security policy?

Auditor documentation.
System efficiency.
Data integrity.
Rejected and suspense item controls.
Data integrity.
Passwords for personal computer software programs are designed to prevent

Inaccurate processing of data.
Unauthorized access to the computer.
Incomplete updating of data files.
Unauthorized use of the software.
Unauthorized use of the software.
The best preventive measure against a computer virus is to

Compare software in use with authorized versions of the software.
Executive virus exterminator programs periodically on the system.
Allow only authorized software from known sources to be used on the system.
Prepare and test a plan for recovering from the incidence of a virus.
Allow only authorized software from known sources to be used on the system.
The reliability and integrity of all critical information of an organization, regardless of the media is which the information is stored, is the responsibility of

Shareholders.
IT department.
Management
All employees
Management
Which of the following is part of the board's role in protecting against privacy threats?

Established a privacy framework.
Identifying the information gathered by the organization that is deemed personal or private.
Identifying the methods used to collect information.
Determining whether the use of the information collected is in accordance with its intended use and the laws.
Established a privacy framework.
Which of the following is considered to be a server in a local area network (LAN)?

The cabling that physically interconnects the nodes of the LAN.
A device that stores program and data files for users of the LAN.
A device that connects the LAN to other networks.
A workstation that is dedicated to a single user of the LAN.
A device that stores program and data files for users of the LAN.
Change control typically includes procedures for separate libraries for production programs and for test versions of programs. The reason for this practice is to

Promote efficiency of system development.
Segregate incompatible duties.
Facilitate user input on proposed changes.
Permit unrestricted access to programs.
Segregate incompatible duties.
A systems development approach used to quickly produce a model of user interfaces, user interactions with the system, and process logic is called

Neural Networking.
Prototyping.
Reengineering.
Application generation.
Prototyping
Which of the following is not a typical "rationalization" of a fraud perpetrator?


A. It's in the organization's best interest.
B. The company owes me because I'm underpaid.
C. I want to get back at my boss (revenge).
D. I'm smarter than the rest of them.
D. I'm smarter than the rest of them.
Which of the following is not something all levels of employees should do?


Answers:
A. Understand their role within the internal control framework.
B. Have a basic understanding of fraud and be aware of the red flags.
C. Report suspicions of incidences of fraud.
D. Investigate suspicious activities that they believe may be fraudulent.
Selected Answer:
D.
Investigate suspicious activities that they believe may be fraudulent.
In the course of their work, internal auditors must be alert for fraud and other forms of white-collar crime. The important characteristic that distinguishes fraud from other varieties of white-collar crime is that?

A. Fraud is characterized by deceit, concealment, or violation of trust.
B. Unlike other white-collar crimes, fraud is always perpetrated against an outside party.
C. White-collar crime is usually perpetrated for the benefit of an organization, but fraud benefits an individual.
D.White-collar crime is usually perpetrated by outsiders to the detriment of an organization, but fraud is perpetrated by insiders to benefit the organization.
Selected Answer:
A.
Fraud is characterized by deceit, concealment, or violation of trust.
In an organization with a separate division that is primarily responsible for the prevention of fraud, the internal audit activity is responsible for?


Answers:
Examining and evaluating the adequacy and effectiveness of that division's actions taken to prevent fraud.
Establishing and maintaining that division's system of internal control.
Planning that division's fraud prevention activities.
Controlling that division's fraud prevention activities.
Selected Answer:

Examining and evaluating the adequacy and effectiveness of that division's actions taken to prevent fraud.
Which of the following statements is (are) true regarding the prevention of fraud?
I. The primary means of preventing fraud is through internal control established and maintained by management.
II. Internal auditors are responsible for assisting in the prevention of fraud by examining and evaluating the adequacy of the internal control system.
III. Internal auditors should assess the operating effectiveness of fraud-related communication systems.

Answers:
I only.
I and II only.
II only.
I, II, and III.
Selected Answer:

I, II, and III.
Internal auditors have a responsibility for helping to deter fraud. Which of the following best describes how this responsibility is usually met?

Answers:
By coordinating with security personnel and law enforcement agencies in the investigation of possible frauds.
By testing for fraud in every engagement and following up as appropriate.
By assisting in the design of control systems to prevent fraud.
By evaluating the adequacy and effectiveness of controls in light of the potential exposure or risk.
Selected Answer:

By evaluating the adequacy and effectiveness of controls in light of the potential exposure or risk.
An internal auditor who suspects fraud should?

Answers:
Determine that a loss has been incurred.
Interview those who have been involved in the control of assets.
Identify the employees who could be implicated in the case.
Recommend an investigation if appropriate.
Selected Answer:

Recommend an investigation if appropriate.
Red flags are conditions that indicate a higher likelihood of fraud. Which of the following is not considered a red flag?

Answers:
Management has delegated the authority to make purchases under a certain value to subordinates.
An individual has held the same cash-handling job for an extended period without any rotation of duties.
An individual handling marketable securities is responsible for making the purchases, recording the purchases, and reporting any discrepancies and gains/losses to senior management.
The assignment of responsibility and accountability in the accounts receivable department is not clear.
Selected Answer:

Management has delegated the authority to make purchases under a certain value to subordinates.
Which of the following policies is most likely to result in an environment conductive to the occurrence of fraud?


Answers:
Budget preparation input by the employees who are responsible for meeting the budget.
Unreasonable sales and production goals.
The division's hiring process frequently results in the rejection of adequately trained applicants.
The application of some accounting controls on a sample basis.
Unreasonable sales and production goals.
The following are facts about a subsidiary?

1.The subsidiary has been in business for several years and enjoyed good profit margins although the general economy was in a recession, which affected competitors.
The working capital ratio has declined from a healthy 3:1 to 0.9:1
2.Turnover for the last several years has included three controllers, two supervisors of accounts receivable, four payables supervisors, and numerous staff in other financial positions.
3.Purchasing policy requires three bids. However, the supervisor of purchasing at the subsidiary has instituted a policy of sole-source procurement to reduce the number of suppliers.
4.When conducting a financial audit of the subsidiary, the internal auditor should?
Selected Answer:

Answers:
Most likely not detect 1.,2., or 3
Ignore 2. Since the economy had a downturn during this period.
Consider 3. To be normal turnover, but be concerned about 2. And 4. As warning signals of fraud.
Consider 1.,2.,3., and 4. As warning signals of fraud.
Consider 1.,2.,3., and 4. As warning signals of fraud.
Senior management has requested that the internal audit function perform an operational review of the telephone marketing operations of a major division and recommend procedures and policies for improving management control over the operation. The internal audit function should:

Answers:
A. Accept the audit engagement because independence would not be impaired.
B.Accept the engagement, but indicate to management that recommending controls would impair audit independence so that management knows that future audits of the area would be impaired.
C.Not accept the engagement because internal audit functions are presumed to have expertise on accounting controls, not marketing controls.
D.Not accept the engagement because recommending controls would impair future objectivity of the department regards this client.
Selected Answer:
A.
Accept the audit engagement because independence would not be impaired.
Which of the following is not a responsibility of the CAE?
Answers:
A.To communicate the internal audit function's plans and resource requirements to senior management and board for review and approval.
B.To oversee the establishment, administration, and assessment of the organization's system of internal controls and risk management processes.
C.To follow up on whether appropriate management actions have been taken on significant issues citied in internal audit reports.
D.To establish a risk-based plan to accomplish the objectives of the internal audit function consistent with the organization's goals.
Selected Answer:
B.
To oversee the establishment, administration, and assessment of the organization's system of internal controls and risk management processes.
The purpose of the internal audit activity's evaluation of the effectiveness of existing risk management processes is to determine that?

Answers:
A. Management has planned and designed so as to provide reasonable assurance of achieving objectives.
B. Management directs processes so as to provide reasonable assurance of achieving objectives.
C. The organization's objectives will be achieved efficiently and economically.
D.The organization's objectives will be achieved in an accurate and timely manner and with minimal use of resources.
B.
Management directs processes so as to provide reasonable assurance of achieving objectives.
What is the most accurate term for the procedures used by the board to oversee activities performed to achieve organizational objectives?

Answers:
A. Governance.
B. Control.
C. Risk management.
D. Monitoring.
Selected Answer:
A.
Governance.
Who has primary responsibility for providing information to the board on the professional and organizational benefits of coordinating internal audit activities with those of other providers of similar services?

Answers:
A. The external auditor.
B. The chief audit executive.
C. The chief executive officer.
D. Each assurance and consulting function.
Selected Answer:
B.
The chief audit executive.
To improve their efficiency, internal auditors may rely upon the work of external auditors if it is?

Answers:
A. Performed after the internal auditing work.
B. Primarily concerned with operational objectives and activities.
C. Coordinated with internal auditing work.
D. Conducted in accordance with the Code of ethics.
Selected Answer:
C.
Coordinated with internal auditing work.
If an organization has no formal risk management processes, the chief audit executive should?

Answers:
A. Establish risk management processes based on industry norms.
B. Formulate hypothetical results of possible consequences resulting from risks not being managed.
C. Inform regulators that the organization is guilty of an infraction.
D. Formally discuss with the directors their obligations for risk management processes.
Selected Answer:
D.
Formally discuss with the directors their obligations for risk management processes.
The chief audit executive should develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity and continuously monitors its effectiveness. All of the following are included in a quality program except?

Answers:
A. Annual appraisals of individual internal auditors' performance.
B. Periodic internal assessment.
C. Supervision.
D. Periodic external assessments.
Selected Answer:
A.
Annual appraisals of individual internal auditors' performance.
As a part of a quality program, internal assessment teams most likely will examine which of the following to evaluate the quality of engagement planning and documentation for individual engagements?

Answers:
A. Written engagement work programs.
B. Project assignments documentation.
C. Weekly status reports.
D. The long-range engagement work schedule.
Selected Answer:
A.
Written engagement work programs.
An external assessment of an internal audit activity contains an expressed opinion. The opinion applies?

A. Only to the internal audit activity's conformance with the Standards.
B. Only to the effectiveness of the internal auditing coverage.
C. Only to the adequacy of internal control.
D. To the entire spectrum of assurance and consulting work.
Selected Answer:
D.
To the entire spectrum of assurance and consulting work.
Your audit objective is to determine the purchases of office supplies have been properly authorized. If purchases of office supplies are made through the purchasing department, which of the following procedures is most appropriate?

Answers:
A. Vouch purchase orders to approve purchase requisitions.
B. Trace approved purchases requisitions to purchase orders.
C. Inspect purchase requisitions for proper approval.
D. Vouch receiving reports to approved purchase orders.
Selected Answer:
A.
Vouch purchase orders to approve purchase requisitions.
An internal auditor is concerned that fraud, in the form of payments to fictitious vendors, may exist. Company purchasers, responsible for purchases of specific product lines, have been granted the authority to approve expenditures up to $10,000. Which of the following applications of generalized audit software would be most effective in addressing the auditor's concern?

Answers:
A. List all purchases over $10,000 to determine whether they were properly approved.
B. Take a random sample of all expenditures under $10,000 to determine whether they were properly approved.
C.List all major Vendors by product lines. Select a sample of major vendors and examine supporting documentation for goods or services received.
D.Lisa all major vendors by product line. Select a sample of major vendors and send negative confirmations to validate that they actually provided goods or services.
Selected Answer:
C.
List all major Vendors by product lines. Select a sample of major vendors and examine supporting documentation for goods or services received.
An internal auditor's working papers should support the observations, conclusions, and recommendations to be communicated. One of the purposes of this requirement is to?

A. Provide support for the internal audit activity's financial budge.
B. Facilitate quality assurance reviews.
C. Provide control over working papers.
D. Permit the audit committee to review observations, conclusions, and recommendations.
B.
Facilitate quality assurance reviews.
The internal auditor prepares working papers primarily for the benefit of?

Answers:
A. The external auditor.
B. The internal audit activity.
C. The engagement client.
D. Senior management.
Selected Answer:
B.
The internal audit activity.
Engagement working papers are indexed by means of reference numbers. The primary purpose of indexing is to?

A. Permit cross-referencing and simplify supervisory review.
B. Support the final engagement communication.
C. Eliminate the need for follow-up reviews.
D. Determine the working papers adequately support observations, conclusions, and recommendations.
Selected Answer:
A.
Permit cross-referencing and simplify supervisory review.
Which of the following conditions constitutes inappropriate working-paper preparation?

A. All forms and directives used by the engagement client are included in the working papers.
B. Flowcharts are included in the working papers.
C. Engagement observations are cross-referenced to supporting documentation.
D. Tick marks are explained in notes.
Selected Answer:
A.
All forms and directives used by the engagement client are included in the working papers.
Engagement information is usually considered relevant when it is?

Answers:
A. Derived through valid statistical sampling.
B. Objective and unbiased.
C. Factual, adequate, and convincing.
D. Consistent with the engagement objectives.
Selected Answer:
D.
Consistent with the engagement objectives.
Reliable information is?

Answers:
A. Supportive of the engagement observations and consistent with the engagement objectives.
B. Helpful in assisting the organization in meeting prescribed goals.
C.Factual, adequate, and convincing so that a prudent person would reach the same conclusion as the internal auditor.
D. Competent and the best attainable through the use of appropriate engagement techniques.
Selected Answer:
D.
Competent and the best attainable through the use of appropriate engagement techniques.
In an operational audit, the internal auditors discovered an increase in absenteeism. Accordingly, the chief audit executive decided to identify information about workforce morale. To achieve this engagement objective, the internal auditors must understand that?

Answers:
A. Morale cannot be reliably analyzed.
B. Only outcomes that are directly quantifiable can be reliably analyzed.
C. Reliable information may be obtained about morale factors such as job satisfaction.
D. Morale is always proportional to compensation.
Selected Answer:
C.
Reliable information may be obtained about morale factors such as job satisfaction.
What characteristic of information is satisfied by an original signed document?

Answers:
A. Sufficiency.
B. Reliability
C. Relevance.
D. Usefulness.
Selected Answer:
B.
Reliability
The primary reason for an internal auditor to use statistical sampling rather than nonstatistical sampling is to:

Answers:
A.Allow the auditor to quantify, and therefore control, the risk of making an incorrect decision based on sample evidence.
B. Obtain a smaller sample that would be required if non-statistical sampling were used.
C.Reduce the problems associated with the auditor?s judgment concerning the competency of the evidence gathered when nonstatistical sampling is used.
D.Obtain a sample more representative of the population than would be obtained if nonstatistical sampling techniques were used.
Selected Answer:
A.
Allow the auditor to quantify, and therefore control, the risk of making an incorrect decision based on sample evidence.
For which of the following would an internal auditor most likely use attribute sampling?

Answers:
A. Determining whether the year-end inventory balance is overstated.
B. Selecting fixed asset additions to inspect.
C. Choosing inventory items to test count.
D. Inspecting employee timecards for proper approval.
Selected Answer:
D.
Inspecting employee timecards for proper approval.
The achieved upper deviation limit is 7 percent and the risk of assessing control risk too low is 5 percent. How should the internal auditor interpret this attribute sampling outcome?

Answers:
A. There is a 7 percent chance that the deviation rate in the population is less than or equal to 5 percent.
B. There is a 5 percent chance that the deviation rate in the population is less than 7 percent.
C. There is a 5 percent chance that the deviation rate in the population exceeds 7 percent.
D. There is a 95 percent chance that the deviation rate in the population equals 7 percent.
Selected Answer:
C.
There is a 5 percent chance that the deviation rate in the population exceeds 7 percent.
If all other factors specified in a PPS sampling plan remain constant, changing the specified tolerable misstatement from $200,000 to $100,000 and changing the specified risk of incorrect acceptance from 10 percent to 5 percent would cause the required sample size to:

Answers:
A. Increase.
B. Decrease.
C. Remain the same.
D. Change by 5 percent.
Selected Answer:
A.
Increase.
In a sampling application, the group of items about which the auditor wants to estimate some characteristic is called the?

Answers:
A. Population.
B. Attribute of interest.
C. Sample.
D. Sampling unit.
Selected Answer:
A.
Population.
The variability of a population, as measured by the standard deviation, is the?

Answers:
A. Extent to which the individual values of the items in the population are spread about the mean.
B. Degree of asymmetry of a distribution.
C. Tendency of the means of large samples (at least 30 items) to be normally distributed.
D. Measure of the closeness of a sample estimate to a corresponding population characteristic.
Selected Answer:
A.
Extent to which the individual values of the items in the population are spread about the mean.
To project the frequency of shipments to wrong addresses, an internal auditor chose a random sample from the busiest month of each of the four quarters of the most recent year. The underlying concept of statistical sampling did the auditor violate?

Answers:
A. Attempting to project a rate of occurrence rather than an error rate.
B. Failing to give each item in the population an equal chance of selection.
C. Failing to adequately describe the population.
D. Using multistage sampling in conjunction with attributes.
Selected Answer:
B.
Failing to give each item in the population an equal chance of selection.
When planning an attribute sampling application, the difference between the expected error rate and the maximum tolerable error rate is the planned?

Answers:
A. Precision.
B. Reliability.
C. Dispersion.
D. Skewness.
Selected Answer:
A.
Precision.
An internal auditor is planning to use attribute sampling to test the effectiveness of a specific internal control related to approvals for cash disbursements. In attribute sampling, decreasing the estimated occurrence rate from 5% to 4% while keeping all other sample size planning factors exactly the same would result in a revised sample size that would be?

A. Larger.
B. Smaller.
C. Unchanged.
D. Indeterminate.
Selected Answer:
B.
Smaller.
If all other sample size planning factors were exactly the same in attribute sampling, changing the confidence level from 95% to 90% and changing the desired precision from 2% to 5% would result in a revised sample size that would be?

Answers:
A. Larger.
B. Smaller.
C. Unchanged.
D. Indeterminate.
Selected Answer:
B.
Smaller.
While planning an assurance engagement, the internal auditor obtains knowledge about the auditee's operations to, among other things?

Answers:
A. Develop an attitude of professional skepticism concerning management's assertions.
B. Make constructive suggestions to management regarding internal control improvements.
C.Evaluate whether misstatements in the auditee's performance reports should be communicated to senior management and the audit committee.
D. Develop an understanding of the auditee's objectives, risks, and controls.
Selected Answer:
D.
Develop an understanding of the auditee's objectives, risks, and controls.
Internal auditors may provide consulting services that add value and improve an organization's operations. The performance of these services?

Answers:
A. Impairs internal auditors' objectivity with respect to an assurance service involving the same engagement client.
B. Precludes generation of assurance from a consulting engagement.
C. Should be consistent with the internal audit activity's empowerment reflected in the charter.
D. Imposes no responsibility to communicate information other than to the engagement client.
Selected Answer:
C.
Should be consistent with the internal audit activity's empowerment reflected in the charter.
Comprehensive risk assessment involves analysis of both causes and effects. Which of the following statements concerning the analysis of causes and effects is false?

Answers:
A.Analyzing the causes and effects of a particular risk should only be performed after the internal auditor has first obtained evidence that a problem has occurred.
B. Analyzing the causes and effects of a particular risk provides insights about how to best manage the risk.
C.Analyzing the effects of a particular risk provides insights about the relative size of the risk and the relative importance of the business objective threatened by the risk.
D. Analyzing the root causes of a particular risk helps the internal auditor.
Selected Answer:
A.
Analyzing the causes and effects of a particular risk should only be performed after the internal auditor has first obtained evidence that a problem has occurred.
Internal auditors should design the scope of work in a consulting engagement to ensure that all of the following will be maintained except?

Answers:
A. Independence.
B. Integrity.
C. Credibility.
D. Professionalism.
Selected Answer:
A.
Independence.
Which of the following statements best describes an internal audit function's responsibility for assurance engagement follow-up activities?

Answers:
A.The internal audit function should determine that corrective action has been taken and is achieving the desired results, or that the senior management has assumed the risk associated with not taking corrective action on reported observations.
B.The internal audit function should determine whether management has initiated corrective action but has no responsibility to determine whether the corrective action is achieving the desired results. That determination is management's responsibility.
C.The CAE is responsible for scheduling audit follow-up activities only if asked to do so by senior management or the audit committee. Otherwise, such activities are discretionary.
D.Audit follow-up activities are not necessary if the auditee has agreed in writing to implement the internal audit function's recommendations.
Selected Answer:
A.
The internal audit function should determine that corrective action has been taken and is achieving the desired results, or that the senior management has assumed the risk associated with not taking corrective action on reported observations.
During an operational engagement, the internal auditors compare the current staffing of a department with established industry standards to?

Answers:
A. Identify bogus employees on the department's payroll.
B.Assess the current performance of the department and make appropriate recommendations for improvement.
C. Evaluate the adequacy of the established internal controls for the department.
D. Determine whether the department has complied with all laws and regulations governing its personnel.
Selected Answer:
B.
Assess the current performance of the department and make appropriate recommendations for improvement.
Which of the following statement does not illustrate the concept of inherent business risk?

Answers:
A. Cash is more susceptible to theft than an inventory of sheet metal.
B.A broken lock on a security gate allows employees to access a restricted area that they are not authorized to enter.
C.Transactions involving complex calculations are more likely to be misstated than transactions involving simple calculations.
D. Technological developments might make a particular product obsolete.
Selected Answer:
B.
A broken lock on a security gate allows employees to access a restricted area that they are not authorized to enter.
An internal auditor is conducting an audit of environmental protection and alarm devices. Which is the most significant objective of such an assignment? To determine whether?

Answers:
A. The devices are installed and operating properly.
B. The costs of the devices were properly recorded.
C. The device specification documents are complete.
D. Acquisitions and disposals are properly authorized.
Selected Answer:
A.
The devices are installed and operating properly.
The chief executive officer wants to know whether the purchasing function is properly meeting its charge to "purchase the right materials at the right time in the right quantities." Which of the following types of engagements addresses this request?

Answers:
A. A financial engagement relating to the purchasing department.
B. An operational engagement relating to the purchasing function.
C. A compliance engagement relating to the purchasing function.
D. A full-scope engagement relating to the manufacturing operation.
Selected Answer:
B.
An operational engagement relating to the purchasing function.
An operational engagement communication that concerns the scrap disposal function in a manufacturer should address?

Answers:
A.The efficiency and effectiveness of the scrap disposal function and include any observations requiring corrective action.
B. Whether the scrap material inventory is reported as a current asset.
C. Whether the physical inventory count of the scrap material equals the recorded amount.
D. Whether the scrap material inventory is valued at the lower of cost or market.
Selected Answer:
A.
The efficiency and effectiveness of the scrap disposal function and include any observations requiring corrective action.
THIS SET IS OFTEN IN FOLDERS WITH...