ACC 590 - Exam 3 - Section 1
The American Corporate Governance Index is based on: a) CAEs assessment of their company's performance against 8 guiding principles of corporate governance b) chairs of the audit committees assessment of their company's performance against 8 guiding principles of corporate governance c) CEOs assessment of their companys performance against 8 guiding principles of corporate governance d) stockholders assessment of the companys performance against 8 guiding principles of corporate governance
a) CAEs assessment of their company's performance against 8 guiding principles of corporate governance
According to the IIA Standards, what is the role of internal audit as it relates to risk management? a) Evaluate the effectiveness of the risk management process. b) Determine the risk appetite of the organization. c) Identify and assess significant risk within the organization. d) Communicate relevant risk information to appropriate people within the organization.
a) Evaluate the effectiveness of the risk management process.
In addition to the International Standards for the Professional Practice of Internal Auditing, some internal audit departments follow other standards in conducting their work, either because of regulatory requirements or by choice. When these other standards are inconsistent with the IIA Standards, what should the audit department do? a) Follow the standard that is most restrictive. b) Follow the standard that is least restrictive. c) Follow IIA Standards. d) Follow the other standards
a) Follow the standard that is most restrictive.
Which of the following is a Core Principles for the Professional Practice of Internal Auditing? a) Is appropriately positioned and adequately resourced. b) Maintains confidentiality. c) Promote an ethical culture in the internal auditing profession. d) Develops consistency in internal auditing practices.
a) Is appropriately positioned and adequately resourced.
The IIA's Code of Ethics is composed of 4 Principles and 12: a) Rules b) Attributes c) Guidelines d) Standards
a) Rules
ABC Company's new CFO has asked the company's CAE to meet with her to discuss the role of the internal audit function. The CAE should inform the CFO that the overall responsibility of internal audit is to: a) Serve as an independent assurance and consulting activity designed to add value and improve the company's operations. b) Review the integrity of financial and operating information and the methods used to accumulate and report information. c) Determine whether the company's system of internal controls provides reasonable assurance that information is effectively and efficiently communicated to management. d) Assess the company's methods for safeguarding its assets and, as appropriate, verify the existence of the assets.
a) Serve as an independent assurance and consulting activity designed to add value and improve the company's operations.
To determine to whom the CAE needs to send the final results of an audit engagement, one would consult: a) The Performance Standards: Assurance Services Implementation Standards. b) The Attribute Standards: Consulting Services Implementation Standards. c) The Performance Standards: Consulting Services Implementation Standards. d) The Attribute Standards: Assurance Services Implementation Standards.
a) The Performance Standards: Assurance Services Implementation Standards.
Who is responsible for establishing the strategic direction of an organization? a) The board of directors b) Risk owners, c) Consensus among all levels of management. d) The independent members of the board.
a) The board of directors
Which of the following is a requirement of The International Standards for the Professional Practice of Internal Auditing? a) To assess whether the information technology governance of the organization sustains and supports the organization's strategies and objectives. b) To evaluate annually the effectiveness of the audit committee. c) To obtain an annual representation from management acknowledging management's responsibility for the design and implementation of internal controls to prevent illegal acts. d) To issue annually an overall opinion on the adequacy of internal controls in the organization. e) To certify that all error or irregularities in the accounting records discovered within the fiscal year have been reported to the external auditors.
a) To assess whether the information technology governance of the organization sustains and supports the organization's strategies and objectives.
Which of the following statements is correct regarding the performance of consulting activities by internal auditors? a) in consulting activities the nature and scope of services are agreed upon with the client rather than determined by the auditor b) consulting engagements which have a high potential cost savings should be undertaken before undertaking an assurance engagement identified in the annual risk assessment as a high risk but without expected cost savings c) consulting activities are simply an extension of the auditor's current work in providing recommendations d) consulting activities, by definition, impair the independence of the auditor and therefore should only be performed on areas the internal audit department does not plan to audit in the future e) consulting is a more proactive approach where the auditor takes the lead in analyzing problems, decides the best course of action and implements situations with assistance from management
a) in consulting activities the nature and scope of services are agreed upon with the client rather than determined by the auditor
Which of the following situations is a violation of the IIA's Code of Ethics? a) knowing that management was aware of the situation, an internal auditor purposely left a description of an unlawful practice out of the final report b) an internal auditor shred an analytic audit technique with internal auditors from another organization c) an auditor discusses a significant issue with the vice president to whom the auditee reports prior to drafting the audit report d) an internal auditor, with the knowledge and consent of management, accepted an award from a customer of the organization for suggestions the auditor had made to improve the supply chain process; the award was a plaque and a gift certificated to a restaurant valued at $100 e) based upon knowledge of the probable success of the employers business, an internal auditor invested in a mutual fund that specialized in the same industry
a) knowing that management was aware of the situation, an internal auditor purposely left a description of an unlawful practice out of the final report
Which of the following is a core principle for the professional practice of internal auditing? the internal audit activity: a) provides risk-based assurance b) maintains confidentiality c) exhibits professional skepticism d) adopts audit methodology consistent with external auditors e) promotes an ethical culture in the internal auditing profession
a) provides risk-based assurance
You work for a company with operations in 15 locations around the globe and are assigned to conduct an audit of service contracts . Which of the following is an example of a potential scope limitation for this engagement? a) you exclude locations in asia and europe because of restrictions on travel budgets b) you select three of the locations to visit and test all services contracts at these three locations c) you randomly select ten contracts to test to see if management periodically reviews contractor performance against the measure specified in the contract d) for each type of service, you select the provider who received the largest total payments in the last 12 months and review the contract and test the payments e) you revisit all contracts and based on this review decide to test further only those involving payments over 10,000 per year
a) you exclude locations in asia and europe because of restrictions on travel budgets
The IIA standards require which of the following: a) when the CAE concludes that management has accepted a level of risk that may not be acceptable to the organization, the CAE must discuss the matter with senior management b) internal auditors must develop and document work programs that achieve the engagement objectives c) the CAE should be rotated at least every 7 years d) the internal auditor obtains from management annually a letter stating that any illegal activities of which they are aware have been disclosed to the CAE e) the internal audit function's plan of engagements must be based on a documented risk assessment, undertaken at least annually
a, b, e
If an internal audit function does not have the competencies necessary to conduct a specific assurance engagement, the CAE could do which of the following to comply with the IIA Standards? a) hire an experienced person with the needed competencies b) ask the organization's CPA to cover it as part of the annual audit of the financial statements c) send staff to training to acquire the need competencies d) decline the engagement e) co-source the engagement with a CPA or service provider that has the necessary competencies
a, c, e
Which of the following most likely constitutes a violation of the IIA's Code of Ethic? a. Auditor A is content as an internal auditor and has come to look at it as a regular 9-to-5 job. Auditor A has not engaged in continuing professional education or other activities to improve effectiveness during the last 3 years. However, Auditor A feels performance of quality work is the same as before. b Auditor B discovered an internal financial fraud during the year. The books were adjusted to reflect properly the loss associated with the fraud. Auditor B discussed the fraud with the external auditor when the external auditor reviewed working papers detailing the incident. c. Auditor C has accepted an assignment to perform an engagement at the electronics manufacturing division. However, Auditor C has recently joined the internal audit function coming from public accounting. Auditor C was senior auditor for the external audit of the division and has audited many electronics organizations during the past 2 years. d. Auditor D has been promoted to associate auditor director and assigned to oversee auditing of the organization's Asian operations. In the past 3 years, Auditor D completed several large consulting engagements for the operations in China and Korea - including serving on the SAP implementation team as a representative of internal audit to do pre-implementation reviews of controls. e. Auditor E has been assigned to perform an engagement at the warehousing function 6 months from now. Auditor E has no expertise in that area but accepted the assignment anyway. Auditor E has signed up for continuing professional education courses in warehousing that will be completed ore the engagement begins.
a. Auditor A is content as an internal auditor and has come to look at it as a regular 9-to-5 job. Auditor A has not engaged in continuing professional education or other activities to improve effectiveness during the last 3 years. However, Auditor A feels performance of quality work is the same as before.
Directors, management, external auditors, and internal auditors all play important roles in creating proper control procedures. Senior management is primarily responsible for: a. Establishing and maintaining an organizational culture. b. Implementing and monitoring controls designed by the board of directors. c. Reviewing the reliability and integrity of financial and operational information. d. Determining the organization's risk appetite. e. Ensuring that external and internal auditors oversee the administration of the system of risk management and control processes.
a. Establishing and maintaining an organizational culture.
In the 3 lines of defense model, internal audit is considered part of the: a) 2nd line b) 3rd line. c) 4th line. d) 1st line.
b) 3rd line.
Which of the following does Moody's advocate as a "best practice" for internal auditing in its report Best Practices in Audit Committee Oversight of Internal Audit? a) The internal audit function should report to head of risk management. b) Audit engagement reports should include a clear grading or ranking. c) The internal audit function should rely on the organizations ERM system to determine its risk-based audit plan. d) The internal audit function should be outsourced to a 3rd party service provider to increase the function's independence.
b) Audit engagement reports should include a clear grading or ranking.
The 2020 American Corporate Governance Index gave a score for corporate governance health in the U.S. is a grade of: a) A b) B- c) C d) D+
b) B-
Which of the following must be included in the internal audit charter? a) The responsibility of internal audit to minimize external audit fees. b) Internal audit responsibility. c) Internal audit staffing levels. d) CAE's compensation.
b) Internal audit responsibility.
Which of the following would be considered a first line of defense in the three lines of defense model? a) the external audit observes the counting of inventory on december 31 b) an accounts payable supervisor conducting a weekly review to ensure all payments were issued by the required payment date c) a corporate compliance and ethics officer conducting a review of employee training records to assure that all marketing and sales staff have completed the required FCPA training d) an internal audit team conducting an engagement to provide assurance on the company's SOX compliance with internal controls over financial reporting
b) an accounts payable supervisor conducting a weekly review to ensure all payments were issued by the required payment date
An internal auditor for a unversity performed an assurance engagement to review the university bookstore's cash function. Which of the following actions will be deemed lacking in due professional care? a) a flowchart of the entire cash function was developed, but only a sample of transactions were tested b) because of a highly developed system of internal control over the cash function, the final engagement communication assures senior management that no irregularities exist c) the final engagement communication included a well-supported recommendation for the reduction in staff, although it was known that such a reduction would adversely affect morale d) organizational records were reviewed to determine whether all employees who handled cash receipts and disbursements were bonded
b) because of a highly developed system of internal control over the cash function, the final engagement communication assures senior management that no irregularities exist
An internal auditor assigned to audit a vendor's compliance with product quality standards is the brother of the vendor's controller. The auditor should: a) accept the assignment, but avoid contact with the controller during fieldwork b) notify the chief audit executive of the potential conflict of interest c) accept the assignment, but disclose the relationship in the engagement final communication d) not worry about it, accept the assignment as this is not a significant conflict of interest as it is not in the controller's area e) notify the vendor of the potential conflict of interest
b) notify the chief audit executive of the potential conflict of interest
Which of the following components of the IPPF are mandatory? a) Implementation Guides b) The Code of Ethics c) Core Principles d) The Standards e) Practice Guides
b, c, d
Coordination of internal and external auditing can reduce the overall costs. Who is responsible for actual coordination of internal and external auditing efforts? a. External audit or engagement partner. b. Chief audit executive. c. CFO. d. Audit committee chair. e. CEO.
b. Chief audit executive.
Which of the following would be a violation of IIA's Code of Ethics? a. An internal auditor was subpoenaed in a court case in which a joint venture partner that claimed to have been defrauded by the auditor's company. The auditor divulged confidential audit information to the court during testimony. b. During an audit, an internal auditor learned that the company was about to introduce a new product that would revolutionize the industry. Because of the probable success of the new product, the product manager suggested that the auditor buy additional stock in the company, which the auditor did. c. An internal auditor's husband inherited 25,000 shares of company stock when his grandfather died. They have held the stock for over two years. d. An internal auditor works weekends doing tax returns for a friend who owns a small CPA firm.
b. During an audit, an internal auditor learned that the company was about to introduce a new product that would revolutionize the industry. Because of the probable success of the new product, the product manager suggested that the auditor buy additional stock in the company, which the auditor did.
5. In the IIA's International Professional Practice Framework (IPPF), which of the following are mandatory guidance? I. Practice Advisories II. The Code of Ethics III. Practice Guides IV. The Definition of Internal Auditing V. The International Standards for the Professional Practice of Internal Auditing. VI. Core Principles for the Professional Practice of Internal Auditing a. I, II, III, IV, V and VI. b. II, IV, V, and VI only. c. V and IV only. d. II and V only. e. I and III only.
b. II, IV, V, and VI only.
Within the context of internal auditing, assurance services are best defined as: a. Advisory services intended to add value and improve an organization's operations. b. Objective examinations of evidence for the purpose of providing independent assessments. c. Objective evaluations of compliance with policies, plans, procedures, laws, and regulations. d. Professional activities that measure and communicate financial and business data.
b. Objective examinations of evidence for the purpose of providing independent assessments.
Internal audit can strengthen and support any number of standing or special committees of senior management and the governing body. However, before inviting internal audit in, it is critical that the organization consider how internal audit would operate within these committees, including clearly defining internal audit's role and setting proper precautions to protect continued independence and objectivity. Which of the following is not a safeguard that should be put i place to protect IA independence and objecitvity? a) The audit committee should guide the extent of internal audit's participation b) Internal audit's role on committees should be clearly delineated in the internal audit charter. c) Internal audit should be a voting member of the committee. d) Internal audit's contributions are in the form of questions and insights, not conclusions or advocacy..
c) Internal audit should be a voting member of the committee.
Which of the following is not an appropriate governance role for an organization's board of directors? a) Influencing the organization's risk-taking philosophy. b) Evaluating and approving strategic objectives. c) Providing assurance directly to third parties that the organization's governance processes are effective. d) Establishing broad boundaries of conduct, outside of which the organization should not operate.
c) Providing assurance directly to third parties that the organization's governance processes are effective.
Who was Cynthia Cooper's (the chief audit executive at WorldCom) direct supervisor? a) Melvin Dick and Kenny Avery, the Arthur Andersen's audit partners for WorldCom engagement. b) Bernard Ebbers the CEO. c) Scott Sullivan the CFO d) Max Bobbitt, the audit committee chair.
c) Scott Sullivan the CFO
During an audit, an employee with whom you have developed a good working relationship informs you that she has some information about top management that would be damaging to the organization and may concern illegal activities. The employee does not want her name associated with the release of the information. Which of the following actions would be considered inconsistent with the IIA Code of Ethics and Standards? a) suggest the person consider talking to legal counsel b) inform the individual that you will attempt to keep the source of the information confidential and will look into the matter further c) assure the employee that you can maintain her anonymity and listen to the information d) inform the employee of other methods of communicating this type of information e) suggest that she talk with the organizations compliance officer
c) assure the employee that you can maintain her anonymity and listen to the information
Due professional care calls for: a. Detailed review of all transactions related to a particular function. b. Testing in sufficient detail to give absolute assurance that noncompliance does not exist. c. Consideration of the possibility of material irregularities during every engagement. d. Infallibility and extraordinary performance when the system of internal controls is known to be weak. e. Consideration of industry best practices on each engagement.
c. Consideration of the possibility of material irregularities during every engagement.
13. Audit report content and format may vary; but according to The International Standards of Professional Practice of Internal Auditing which of the following is a necessary element? a. Status of findings from prior reports. b. The auditee's views about the engagement's conclusions. c. Scope of what was cover in the engagement. d. Documentation of previous oral communications with area management.
c. Scope of what was cover in the engagement.
4. The critical characteristics that individuals, teams, and organizations must have to provide effective internal audit services are described in: a. The Definition of Internal Auditing b. The Code of Ethics c. The Attribute Standards d. The Implementation Standards e. The Performance Standards
c. The Attribute Standards
To whom did Cynthia Cooper, the Chief Audit Executive for WorldCom, directly report at the time of the WorldCom fraud? a. The chair of the audit committee. b. The KPMG audit partner for WorldCom. c. The CFO. d. The CEO. e. The General Counsel.
c. The CFO.
3. Which of the following is a requirement of The International Standards for the Professional Practice of Internal Auditing? a. To evaluate annually the effectiveness of the audit committee. . To obtain an annual representation from management acknowledging management's responsibility for the design and implementation of internal controls to prevent illegal acts. c. To evaluate the effectiveness of the organization's ethics-related objectives, programs, and activities. d. To certify that all error or irregularities in the accounting records discovered within the fiscal year have been reported to the external auditors. e. To issue annually an overall opinion on the adequacy of internal controls in the organization.
c. To evaluate the effectiveness of the organization's ethics-related objectives, programs, and activities.
Which of the following would be considered a second line of defense in the Three Lines of Defense model? a) A production line supervisor inspecting a sample of finished goods to ensure quality standards are met. b) An accounting supervisor conducting a monthly review to ensure all reconciliations were completed properly. c) A bank's internal audit team conducting an engagement to provide assurance on the compliance of the company's anti-money laundering program. d) A staff member of the corporate compliance and ethics office conducting a review of employee certifications that they have reviewed the organization's code of ethics
d) A staff member of the corporate compliance and ethics office conducting a review of employee certifications that they have reviewed the organization's code of ethics
Which of the following is the globally accepted certification for demonstrating internal audit competence? a) CISA b) CPA c) CFE d) CIA
d) CIA
Which of the following statements regarding the distinctions between internal and external audit is true? a) The internal auditing profession was created primarily in response to the 1933 and 1934 Securities Exchange Act, external auditing was a concept that came from the stock exchange rules. b) The external auditor reports directly to the audit committee, internal audit reports to the CFO. c) Internal auditors hold fiduciary responsibility to shareholders; external auditors hold only a contractual obligation to the corporation retaining the audit service . d) Internal auditors concentrate on the reliability of the accounting data input and subsequent systems processing; external auditors concentrate on the validity of the accounting data output and the underlying supporting evidence.
d) Internal auditors concentrate on the reliability of the accounting data input and subsequent systems processing; external auditors concentrate on the validity of the accounting data output and the underlying supporting evidence.
The purpose of the Code of Ethics is to a) Develop consistency in internal auditing practices. b) Establish a basis for the evaluation of the internal audit function. c) Provide a codification of best practices. d) Promote an ethical culture in the internal auditing profession.
d) Promote an ethical culture in the internal auditing profession.
The COO has requested the internal audit group advise her regarding the new incentive plan being developed for sales representatives. Which of the following tasks should the CAE decline with respect to providing advice to the COO? a) recommending monitoring procedures so that appropriate amounts are paid out under the plan b) determining how to best document the support for amounts paid to provide a sufficient audit trail c) researching and benchmarking incentive plans provided by other companies in the industry d) determining the appropriate bonus formula for inclusion in the plan e) identify what new risks the incentive plan introduced to the organization
d) determining the appropriate bonus formula for inclusion in the plan
Which of the following best describes the most important objective of an internal audit charter? a) to establish the audit committee's role in overseeing the internal audit department b) to provide new members of the audit staff with a clear indication of their job duties c) to help establish criteria by which the work of each audit team may be evaluated d) to establish the purpose, authority, and responsibility of the internal auditing department e) to better inform operating management as to what auditors will be doing an audit
d) to establish the purpose, authority, and responsibility of the internal auditing department
Which of the following statements is not true about business objectives? a. Establishing meaningful business objectives is a prerequisite to effective internal control. b. Establishing meaningful business objectives is a key component of the management process. c. The measurable steps the organization takes to achieve its strategy. d. Business objectives are management's means of employing resources and assigning responsibilities. e. Business objectives represent targets of performance.
d. Business objectives are management's means of employing resources and assigning responsibilities.
As part of a company-sponsored award program, an internal auditor was offered an award of significant monetary value by a division in recognition of the cost savings that resulted from the auditor's recommendations. According to the International Professional Practices Framework, what is the most appropriate action for the auditor to take? a. Accept the gift since the engagement is already concluded and the report issued. b. Accept the award under the condition that any proceeds go to charity. c. Accept the gift on condition it is spread across all the members of the audit team. d. Inform audit management and ask for direction on whether to accept the gift. e. Decline the gift and advise the division manager's superior.
d. Inform audit management and ask for direction on whether to accept the gift.
9. Which of the following is an appropriate responsibility of the board? a. Performing a review of the procurement function of the organization. b. Recommending the assignment of specific internal audit staff members for specific engagements. c. Performing the internal review of the internal audit function's quality assurance and improvement program. d. Reviewing the CAE-supplied internal audit function's engagement work plan. e. Reviewing the engagement records of the external auditor to determine their competence.
d. Reviewing the CAE-supplied internal audit function's engagement work plan.
In which of the following situations does the auditor potentially lack objectivity? a) an auditor reviews the procedures for a new electronic data interchange connection to a major customer before it is implemented b) a payroll accounting employee assists an auditor in verifying the physical inventory of small motors c) an auditor discusses a significant issued with the vice president to whom the auditee reports prior to drafting the audit report d) an auditor recommends standards of control and performance measures for a contract with a service organization for the processing of payroll and employee benefits e) a former purchasing assistant performs a review of internal controls over purchasing seven months after being transferred to the internal auditing department
e) a former purchasing assistant performs a review of internal controls over purchasing seven months after being transferred to the internal auditing department
A company has a chief privacy officer (CPO) who develops policies and conducts training to help the company comply with privacy laws and regulations. In addition to the CPO, the function has a staff of four. Two of these staff members cycle to each location to review compliance with record retention polices and to make sure any sensitive data is appropriately secured. This is an example of: a) the third line of defense b) a process control c) an operating control d) the first line of defense e) the second line of defense
e) the second line of defense
An internal auditor who encounters an ethical dilemma not explicitly addressed by The IIA's Code of Ethics should always: a. Seek counsel from an independent attorney to determine the personal consequences of potential actions. b. Consult with your organizations General Counsel. c. Seek the counsel of the audit committee before deciding on an action. d. Act consistently with the employing organization's code of ethics even if such action would not be consistent with The IIA's Code of Ethics. e. Take action consistent with the principles embodied in The IIA's Code of Ethics.
e. Take action consistent with the principles embodied in The IIA's Code of Ethics.