ACCT 4631 Exam 2
A rental car agency's fleet maintenance division uses a different code for each type of inventory transaction. A daily summary report lists activity by part number and transaction code. The report is reconciled by the parts room supervisor to the day's material request forms and is then forwarded to the fleet manager for approval. The reconciliation of the summary report to the day's material request forms by the parts room supervisor A. Ensures the accuracy and completeness of data input. B. Provides documentation as to what material was available for a specific transaction. C. Confirms that all material request forms are entered for all parts issued. D. Verifies that all material request forms were approved.
A
An auditor frequently uses flowcharts to determine whether there is A. Inefficiency and lack of controls. B. Authority to meet the performance criteria. C. Satisfactory performance of an operation. D. Sufficient but not excessive personnel assigned to an operation.
A
An internal auditor develops a flowchart primarily to A. Analyze a system and identify internal controls. B. Reduce the need for interviewing auditee personnel. C. Determine functional responsibilities. D. Detect errors and irregularities.
A
A manufacturer uses large quantities of small, inexpensive items, such as nuts, bolts, washers, and gloves, in the production process. As these goods are purchased, they are recorded in inventory in bulk amounts. Bins are located on the shop floor to provide timely access to these items. When necessary, the bins are refilled from inventory, and the cost of the items is charged to a consumable supplies account, which is part of shop overhead. Which of the following would be an appropriate improvement of controls in this environment? B. Require management review of reports on the cost of consumable items used in relation to budget. A. Require management review of reports on the cost of consumable items used in relation to budget B. Lock the bins during normal working hours C. Relocate bins to the inventory warehouse D. None of these controls are needed for items of minor cost and size
A
A preliminary survey of the purchasing function indicates that * Department managers initiate purchase requests that must be approved by the plant superintendent * Purchase orders are typed by the purchasing department using renumbered and controlled forms * Buyers regularly update the official vendor listing as new sources of supply become known * Rush orders can be placed with a vendor by telephone but must be followed by a written purchase order before delivery can be accepted * Vendor invoice payment requests must be accompanied by a purchase order and receiving report One possible fault of this system is that A. Purchases could be made from a vendor controlled by a buyer at prices higher than normal. B. Unnecessary supplies can be purchased by department managers. C. Payment can be made for supplies not received. D. Payment can be made for supplies received but not ordered by the purchasing department.
A
A recent inventory shortage at XYZ Corp., an unaffiliated supplier, contributed to production failures at OPS Corp. in the current period. To avoid future production failures because of supplier inventory shortages, the most appropriate method is for OPS to A. Inform XYZ about its risk appetite regarding supply failures. B. Produce the inventory items instead of purchasing from suppliers. C. Increase the size of orders. D. Establish an inventory control framework at XYZ.
A
An internal auditor noted that the accounts receivable department is separate from other accounting activities. Credit is approved by a separate credit department. Control accounts and subsidiary ledgers are balanced monthly. Similarly, accounts are aged monthly. The accounts receivable manager writes off delinquent accounts after 1 year, or sooner if a bankruptcy or other unusual circumstances are involved. Credit memoranda are prenumbered and must correlate with receiving reports. Which of the following areas could be viewed as an internal control weakness of the above organization? A. Write-offs of delinquent accounts. B. Credit approvals. C. Monthly aging of receivables. D. Handling of credit memos.
A
An internal auditor notes yeartoyear increases for small tool expense at a manufacturing facility that has produced the same amount of identical product for the last 3 years. Production inventory is kept in a controlled staging area adjacent to the receiving dock, but the supply of small tools is kept in an unsupervised area near the exit to the plant employees' parking lot. After determining that all of the following alternatives are equal in cost and are also feasible for local management, the internal auditor would best address the security issue by recommending that plant management A. Move the small tools inventory to the custody of the production inventory staging superintendent and implement the use of a special requisition to issue small tools. B. Initiate a full physical inventory of small tools on a monthly basis. C. Place supply of small tools in a secured area, install a key-access card system for all employees, and record each key-access transition on a report for the production superintendent. D. Close the exit to the employee parking lot and require all plant employees to use a doorway by the receiving dock that also provides access to the plant employees'' parking area.
A
Compared to batch processing, real-time processing has which of the following advantages? A. Timeliness of information. B. Efficiency of processing. C. Ease of implementation. D. Ease of auditing
A
DB2, Oracle, SQL Server, and Access are A. Database management systems. B. Access control systems. C. Programming languages. D. Library systems.
A
Fact Pattern: An organization has grown rapidly and has just automated its human resource system. The organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, ethnic code, age, insurance, medical protection, and other similar information. Management has asked the internal audit activity to review the new system. Human resources and payroll are separate departments. Which of the following combinations provides the best segregation of duties? A. Human resources adds employees, and payroll processes hours and enters employee bank account numbers. Paychecks are automatically deposited in the employee's bank account. B. Payroll adds employees and enters employees' bank account numbers but processes hours only as approved by human resources. Paychecks are automatically deposited in the employee's bank account. C. Human resources adds employees, payroll processes hours, and human resources delivers the paychecks to employees. D. Human resources adds employees, reviews and submits payroll hours to payroll for processing, and delivers paychecks to employees
A
Internal auditors regularly evaluate controls. Which of the following best describes the concept of control as recognized by internal auditors? A. Management takes action to enhance the likelihood that established goals and objectives will be achieved. B. Control procedures should be designed from the "bottom up" to ensure attention to detail. C. Control represents specific procedures that accountants and internal auditors design to ensure the correctness of processing. D. Management regularly discharges personnel who do not perform up to expectations.
A
One control objective of the financing or treasury cycle is the proper authorization of transactions involving debt and equity instruments. Which of the following controls would best meet this objective? A. Written policies requiring review of major funding or repayment proposals by the board. B. Segregation of responsibility for custody of funds from recording of the transaction. C. Use of an underwriter in all cases of new issue of debt or equity instruments. D. Requiring two signatures on all checks of a material amount.
A
Specific airline ticket information, including fare, class, purchase date, and lowest available fare options, as prescribed in the organization's travel policy, is obtained and reported to department management when employees purchase airline tickets from the organization's authorized travel agency. Such a report provides information for A. Quality of performance in relation to the organization's travel policy. B. Identifying costs necessary to process employee business expense report data. C. Departmental budget-to-actual comparisons. D. Supporting employer's business expense deductions.
A
The actions taken to manage risk and increase the likelihood that established objectives and goals will be achieved are best described as A. Control. B. Quality assurance. C. Compliance. D. Supervision.
A
The chief audit executive for an organization has just completed a risk assessment process, identified the areas with the highest risks, and assigned an engagement priority to each. Which of the following conclusions most logically follow(s) from such a risk assessment? 1. Items should be quantified as to risk in the rank order of quantifiable monetary exposure to the organization. 2. The risk priorities should be in order of major control deficiencies. 3. The risk assessment process, though quantified, is the result of professional judgments about both exposures and probability of occurrences. A. 3 only. B. 1, 2, and 3. C. 2 and 3 only. D. 1 only.
A
The internal auditor is considering making a risk analysis as a basis for determining the areas of the organization where engagements should be performed. Which one of the following statements is true regarding risk analysis? A. The extent to which management judgments are required in an area could serve as a risk factor in assisting the internal auditor in making a comparative risk analysis. B. The highest risk assessment should always be assigned to the area with highest probability of occurrence. C. Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization. D. The highest risk assessment should always be assigned to the area with the largest potential loss.
A
The risks created by rapid changes in IT have not affected which concepts of internal control? 1. Cost-benefit analysis 2. Control environment 3. Reasonable assurance 4. Management's responsibility A. 1, 2, 3, and 4. B. 3 and 4 only. C. 1 and 2 only. D. 2, 3, and 4 only.
A
To minimize potential financial losses associated with physical assets, the assets should be insured in an amount that is A. Supported by periodic appraisals. B. Equal to the book value of the individual assets. C. Determined by the board of directors. D. Automatically adjusted by an economic indicator such as the consumer price index.
A
When a risk assessment process has been used to construct an audit engagement schedule, which of the following should receive attention first? A. Management has requested an investigation of possible lapping in receivables. B. A new accounts payable system is currently undergoing testing by the information technology department. C. The external auditors have requested assistance for their upcoming annual audit. D. The existing accounts payable system has not been audited over the past year.
A
When a supplier of office products is unable to fill an order completely, it marks the outofstock items as back ordered on the customer's order and enters these items in a back order file that management can view or print. Customers are becoming disgruntled with the supplier because it seems unable to keep track of and ship outofstock items as soon as they are available. The best approach for ensuring prompt delivery of outofstock items is to A. Match the back order file to goods received daily. B. Increase inventory levels to minimize the number of times that out-of-stock conditions occur. C. Implement electronic data interchange with supply vendors to decrease the time to replenish inventory. D. Reconcile the sum of filled and back orders with the total of all orders placed daily.
A
Which of the following aspects of the administration of a compensation program is the most important control in the long run? A. A plan of job classifications based on predefined evaluation criteria. B. A wage and salary review plan for individual employee compensation. C. An informal wage and salary policy to be competitive with the industry average. D. A level of general compensation that is reasonably competitive.
A
Which of the following computerized control procedures would be most effective in ensuring that data uploaded from desktop computers to a server are complete and that no additional data are added? A. Batch control totals, including control totals and hash totals. B. Passwords that effectively limit access to only those authorized to upload the data to the mainframe computer. C. Self-checking digits to ensure that only authorized part numbers are added to the database. D. Field-level edit controls that test each field for alphanumerical integrity.
A
Which of the following controls would prevent the ordering of quantities in excess of an organization's needs? A. Review of all purchase requisitions by a supervisor in the user department prior to submitting them to the purchasing department. B. Automatic reorder by the purchasing department when low inventory level is indicated by the system C. A policy requiring review of the purchase order before receiving a new shipment. D. A policy requiring agreement of the receiving report and packing slip before storage of new receipts.
A
Which of the following ensures that all inventory shipments are billed to customers? A. Shipping documents are renumbered and are independently accounted for and matched with sales invoices. B. Sales invoices are renumbered and are independently accounted for and traced to the sales journal. C. Duties for recording sales transactions and maintain customer account balances are separated. D. Customer billing complaints are investigated by the controller's office.
A
Which of the following represents the best risk assessment technique? A. Assessment of the risk levels of current and future events, their effect on achievement of the organization's objectives, and their underlying causes. B. Assessment of the risk levels for future events based on the extent of uncertainty of those events and their impact on achievement of long-term organizational goals. C. Assessment of the risk levels of current and future events, their impact on the organization's mission, and the potential for elimination of existing or possible risk factors. D. Assessment of inherent and control risks and their impact on the extent of financial misstatements.
A
Which of the following statements is false regarding risk assessment as the term is used in internal auditing? A. Risk assessment is a judgmental process of assigning monetary amounts to the perceived level of risk found in an activity being evaluated. These amounts allow a chief audit executive to select the engagement clients most likely to result in identifiable savings. B. Risk assessment is a systematic process of assessing and integrating professional judgments about events that could affect the achievement of organizational objectives. It provides a means of organizing an engagement work schedule. C. As a result of an engagement or preliminary survey, the chief audit executive may revise the level of assessed risk of an engagement client at any time, making appropriate adjustments to the work schedule. D. The chief audit executive should incorporate information from a variety of sources into the risk assessment process, including discussions with the board, management, external auditors, review of regulations, and analysis of financial/operating data. A. Risk assessment is a judgmental process of assigning monetary amounts to the perceived level of risk found in an activity being evaluated. These amounts allow a chief audit executive to select the engagement clients most likely to result in identifiable savings.
A
Which of the following statements most likely represents a disadvantage for an entity that keeps data files on a server rather than on a manual system? A. It is usually easier for unauthorized persons to access and alter the files. B. It is usually more difficult to compare recorded accountability with the physical count of assets. C. Attention is focused on the accuracy of the programming process rather than errors in individual transactions. D. Random error associated with processing similar transactions in different ways is usually greater.
A
Which of the following types of controls is not described in the IT Governance Institute's Control Objectives for Information and Related Technology (COBIT)? A. Exchange controls. B. General controls. C. Process controls. D. Business controls.
A
[Picture of a flowchart] This data flow diagram could be expanded to show the A. Details of the preparation of purchase orders. B. Edit checks used in preparing purchase orders from stock records. C. Physical media used for stock records, the vendor file, and purchase orders. D. Workstations required in a distributed system for preparing purchase orders.
A
A customer's order was never filled because an order entry clerk transposed the customer identification number while entering the sales transaction into the system. Which of the following controls would most likely have detected the transposition? A. Sequence test. B. Completeness test. C. Validity check. D. Limit test.
C
A firm has recently converted its purchasing cycle from a manual process to an online computer system. Which of the following is a probable result associated with conversion to the new automatic system? A. The firm's risk exposures are reduced. B. Processing time is increased. C. Traditional duties are less segregated. D. Processing errors are increased
C
Multiple copies of the purchase order are prepared for recordkeeping and distribution with a copy of the purchase order sent to the vendor and one retained by the purchasing department. In addition, for proper informational flow and internal control purposes, a version of the purchase order would be distributed to the A. Accounts payable, receiving, and stores control departments. B. Accounts payable, receiving, and inventory control departments. C. Accounts payable, accounts receivable, and receiving departments. D. Accounts payable, receiving, and production planning departments.
B
A control likely to prevent purchasing agents from favoring specific suppliers is A. Requiring buyers to adhere to detailed material specifications. B. Rotating buyer assignments periodically. C. Monitoring the number of orders placed by each buyer. D. Requiring management's review of a monthly report of the totals spent by each buyer.
B
A database is A. A real-time system. B. A collection of related files. C. Essential for the storage of large data sets. D. A network of computer terminals.
B
A flowchart of process activities and controls may provide A. Information on the extent of a past fraud. B. Information on where fraud could occur. C. An indication of where fraud has occurred in a process. D. No information related to fraud prevention.
B
A logical view of an entire database is a A. Network. B. Schema. C. Hierarchy. D. Subschema.
B
An internal auditor reviews and adapts a systems flowchart to understand the flow of information in the processing of cash receipts. Which of the following statements is true regarding the use of such flowcharts? The flowcharts A. Show specific control procedures used, such as edit tests that are implemented and batch control reconciliations. B. Are a good guide to potential segregation of duties. C. Show only computer processing, not manual processing. D. Are generally kept up to date for systems changes.
B
Control objectives regarding effectiveness and efficiency, reliability, and compliance are the basis of which control framework? A. GTAG. B. COSO. C. COBIT. D. eSAC.
B
Internal control should follow certain basic principles to achieve its objectives. One of these principles is the segregation of functions. Which one of the following examples does not violate the principle of segregation of functions? A. The sales manager has the responsibility to approve credit and the authority to write off accounts B. The chief financial officer has the authority to sign checks but gives the signature block to the assistant chief financial officer to run the check-signing machine C. The warehouse clerk, who has the custodial responsibility over inventory in the warehouse, may authorize disposal of damaged goods D. The department time clerk is given the undistributed payroll checks to mail to absent employees
B
[Picture of a flowchart] This figure shows how A. Physical media are used in the system. B. Data flow within and out of the system. C. Input/output procedures are conducted. D. Accountability is allocated in the system.
B
One of two office clerks in a small organization prepares a sales invoice; however, the invoice is incorrectly entered by the bookkeeper in the general ledger and the accounts receivable subsidiary ledger for a smaller amount resulting from a transposition of digits. The customer subsequently remits the amount on the monthly statement. Assuming only three employees are in the department, the most effective control to prevent this type of error is A. Requiring that monthly statements be prepared by the bookkeeper and verified by one of the other office clerks prior to mailing. B. Using predetermined totals to control posting routines. C. Assigning the second office clerk to make an independent check of prices, discounts, extensions, footings, and invoice serial numbers. D. Requiring the bookkeeper to perform periodic reconciliations of the accounts receivable subsidiary ledger and the general ledger.
B
The diamond-shaped symbol is commonly used in flowcharting to show or represent a A. Process or a single step in a procedure or program. B. Decision point, conditional testing, or branching. C. Predefined process. D. Terminal output display.
B
The manager of a production line has the authority to order and receive replacement parts for all machinery that requires periodic maintenance. The internal auditor received an anonymous tip that the manager ordered substantially more parts than were necessary from a family member in the parts supply business. The unneeded parts were never delivered. Instead, the manager processed receiving documents and charged the parts to machinery maintenance accounts. The payments for the undelivered parts were sent to the supplier, and the money was divided between the manager and the family member. Which of the following internal controls would have most likely prevented this fraud from occurring? A. Using the company's inventory system to match quantities requested with quantities received. B. Segregating the receiving function from the authorization of parts purchases. C. Comparing the bill of lading for replacement parts to the approved purchase order. D. Establishing predefined spending levels for all vendors during the bidding process.
B
The normal sequence of documents and operations on a well-prepared systems flowchart is A. Bottom to top and right to left. B. Top to bottom and left to right. C. Bottom to top and left to right. D. Top to bottom and right to left.
B
The procedure requiring preparation of a prelisting of incoming cash receipts, with copies of the prelist going to the cashier and to accounting, is an example of which type of control? A. Directive B. Preventive C. Detective D. Corrective
B
The procedure requiring preparation of a prelisting of incoming cash receipts, with copies of the prelist going to the cashier and to accounting, is an example of which type of control? A. Detective. B. Preventive. C. Corrective. D. Directive.
B
What technique could be used to prevent the input of alphabetic characters into an all-numeric identification number? A. A record count. B. A format check. C. A check digit. D. A sequence check.
B
Which of the following characteristics distinguishes computer processing from manual processing? A. Errors or fraud in computer processing will be detected soon after their occurrence. B. Computer processing virtually eliminates the occurrence of computational error normally associated with manual processing. C. Most computer systems are designed so that transaction trails useful for audit purposes do not exist. D. The potential for systematic errors is ordinarily greater in manual processing than in computerized processing.
B
Which of the following controls could be used to detect bank deposits that are recorded but never made? A. Linking receipts to other internal accountabilities, for example, collections to either accounts receivable or sales B. Having bank reconciliations performed by a third party C. Establishing accountability for receipts at the earliest possible time D. Consolidating cash receiving points
B
Which of the following database models is considered to be the most versatile? A. The network model. B. The relational model. C. The hierarchical model. D. The tree model.
B
Which of the following describes a control weakness? A. Prenumbered blank purchase orders are secured within the purchasing department. B. Purchasing procedures are well designed and are followed unless otherwise directed by the purchasing supervisor. C. The purchasing agent invests in a publicly traded mutual fund that lists the stock of one of the organization's suppliers in its portfolio. D. Normal operational purchases fall in the range from US $500 to US $1,000 with two signatures required for purchases over US $1,000.
B
Which of the following is the intended users of control frameworks such as COBIT? A. Everyone in the organization. B. Anyone with IT control responsibilities. C. Senior management only. D. Internal and external auditors only.
B
Which of the following represent(s) appropriate internal audit action in response to the risk assessment process? 1. The low-risk areas may be delegated to the external auditor, but the high-risk areas should be performed by the internal audit activity. 2. The high-risk areas should be integrated into an audit work schedule along with the high-priority requests of senior management and the audit committee. 3. The risk analysis should be used in determining an annual audit work schedule. Thus, the risk analysis should be performed only on an annual basis. A. 1 only. B. 2 only. C. 3 only. D. 1 and 3 only.
B
Which of the following statements about the responsibilities of IT personnel is true? A. Computer help desk function is usually a responsibility of the systems programming unit. B. Programmers should ideally have no access to production data. C. A systems analyst is the individual who has overall responsibility for developing and maintaining the database and for establishing controls to protect its integrity. D. Operators are specifically qualified to analyze and design computer information systems.
B
Which one of the following input controls or edit checks would catch certain types of errors within the payment amount field of a transaction? A. Echo check. B. Limit check. C. Check digit. D. Record count.
B
Which one of the following situations represents an internal control weakness in the payroll department? A. Payroll department personnel are rotated in their duties. B. Paychecks are distributed by the employee's immediate supervisor. C. Payroll records are reconciled with quarterly tax reports. D. The timekeeping function is independent of the payroll department.
B
A manufacturer uses large quantities of small, inexpensive items, such as nuts, bolts, washers, and gloves, in the production process. As these goods are purchased, they are recorded in inventory in bulk amounts. Bins are located on the shop floor to provide timely access to these items. When necessary, the bins are refilled from inventory, and the cost of the items is charged to a consumable supplies account, which is part of shop overhead. Which of the following would be an appropriate improvement of controls in this environment? A. Relocate bins to the inventory warehouse. B. Lock the bins during normal working hours. C. Require management review of reports on the cost of consumable items used in relation to budget. D. None of these controls are needed for items of minor cost and size.
C
A small client recently put its cash disbursements system on a server. About which of the following internal control features would an auditor most likely be concerned? A. There are restrictions on the amount of data that can be stored and on the length of time that data can be stored. B. Programming of the applications are in Visual Basic rather than Java. C. The server is operated by employees who have cash custody responsibilities. D. Only one employee has the password to gain access to the cash disbursement system.
C
A system of internal control includes physical controls over access to and use of assets and records. A departure from the purpose of such procedures is that A. Only salespersons and sales supervisors use sales department vehicles. B. Access to the safe-deposit box requires two officers. C. Only storeroom personnel and line supervisors have access to the raw materials storeroom. D. The mailroom compiles a list of the checks received in the incoming mail.
C
Application control objectives do not normally include assurance that A. Transaction data are complete and accurate. B. Processing results are received by the intended user. C. Review and approval procedures for new systems are set by policy and adhered to. D. Authorized transactions are completely processed once and only once.
C
Appropriate internal control for a multinational corporation's branch office that has a monetary transfer unit requires that A. The branch manager receive all wire transfers B. Foreign currency rates be computed separately by two different employees C. The individual who initiates wire transfers not reconcile the bank statement D. Corporate management approve the hiring of monetary transfer unit employees
C
Assigning passwords to computer users is a control to prevent unauthorized access. Because a password does not conclusively identify a specific individual, it must be safeguarded from theft. A method used to protect passwords is to A. Require that they be displayed on computer screens but not printed on hard copy output. B. Set maximum character lengths. C. Require passwords to be changed periodically. D. Eliminate all records of old passwords.
C
Checks from customers are received in the organization's mail room each day. What controls should be in place to safeguard them? A. Establishing a separate post office box for customer payments. B. Forwarding all checks to the cashier upon receipt. C. Requiring a specific mail clerk to list and restrictively endorse each check. D. Providing bonding protection for mail clerks.
C
Internal auditors often flowchart a control system and reference the flowchart to narrative descriptions of certain activities. This is an appropriate procedure to A. Determine whether the system can be relied upon to produce accurate information. B. Determine whether the system meets established management objectives. C. Gain the understanding necessary to test the effectiveness of the system. D. Document that the system meets international auditing requirements.
C
Obsolete or scrap materials are charged to a predefined project number. The materials are segregated into specified bin locations and eventually transported to a public auction for sale. To reduce the risks associated with this process, an organization should employ which of the following procedures? 1. Require managerial approval for materials to be declared scrap or obsolete. 2. Permit employees to purchase obsolete or scrap materials prior to auction. 3. Limit obsolete or scrap materials sales to a pre-approved buyer. 4. Specify that a fixed fee, rather than a commission, be paid to the auction firm. A. 2 and 3. B. 2 and 4. C. 1 only. D. 1, 3, and 4.
C
One control objective of the financing or treasury cycle is the proper authorization of transactions involving debt and equity instruments. Which of the following controls would best meet this objective? A. Use of an underwriter in all cases of new issue of debt or equity instruments B. Segregation of responsibility for custody of funds from recording of the transaction C. Written policies requiring review of major funding or repayment proposals by the board D. Requiring two signatures on all checks of a material amount
C
The internal auditor wishes to develop a flowchart of (1) the process of receiving sales order information at headquarters, (2) the transmission of the data to the plants to generate the shipment, and (3) the plants' processing of the information for shipment. The internal auditor should A. Start with a shipment of goods and trace the transaction back through the origination of the sales order as received from the sales representative. B. Obtain a copy of the plants' systems flowchart for the sales process, interview relevant personnel to determine if any changes have been made, and then develop an overview flowchart which will highlight the basic process. C. Start with the receipt of a sales order from a sales representative and "walk through" both the manual and computerized processing at headquarters and the plant until the goods are shipped and billed. D. Start with management's decisions to set sales prices. Gather internal documentation on the approval process for changing sales prices. Complement documentation with a copy of the program flowchart. Prepare an overview flowchart that links these details. C. Start with the receipt of a sales order from a sales representative and "walk through" both the manual and computerized processing at headquarters and the plant until the goods are shipped and billed.
C
When assessing application controls, which one of the following input controls or edit checks is most likely to be used to detect a data input error in the customer account number field? A. Limit check. B. Hash total. C. Validity check. D. Control total.
C
Which of the following comments is (are) true regarding the assessment of risk associated with two projects that are competing for limited internal audit resources? 1. Activities that are requested by the board always should be considered higher risk than those requested by management. 2. Activities with higher financial budgets always should be considered higher risk than those with lower financial budgets. 3. Risk always should be measured by the potential monetary or other adverse exposure to the organization. A. 1 and 3 only. B. 1 only. C. 3 only. D. 2 only.
C
Which of the following controls could be used to detect bank deposits that are recorded but never made? A. Consolidating cash receiving points. B. Establishing accountability for receipts at the earliest possible time. C. Having bank reconciliations performed by a third party. D. Linking receipts to other internal accountabilities, for example, collections to either accounts receivable or sales.
C
Which of the following describes a control weakness? A. Prenumbered blank purchase orders are secured within the purchasing department B. Normal operational purchases fall in the range from US $500 to US $1,000 with two signatures required for purchases over US $1,000 C. Purchasing procedures are well designed and are followed unless otherwise directed by the purchasing supervisor D. The purchasing agent invests in a publicly traded mutual fund that lists the stock of one of the organization's suppliers in its portfolio
C
Which of the following is considered an application input control? A. Exception report. B. Run control total. C. Edit check. D. Report distribution log
C
Which of the following would not be appropriate to consider in the physical design of a data center? A. Evaluation of potential risks from railroad lines and highways. B. Use of biometric access systems. C. Design of authorization tables for operating system access. D. Inclusion of an uninterruptible power supply system and surge protection.
C
A chief audit executive may use risk analysis in preparing work schedules. Which of the following is not considered in performing a risk analysis? A. Results of prior engagements. B. Major operating changes. C. Issues relating to organizational governance. D. Skills available on the internal audit staff.
D
A chief audit executive most likely uses risk assessment for audit planning because it provides A. A listing of potentially adverse effects on the organization. B. The probability that an event or action may adversely affect the organization. C. A list of auditable activities in the organization. D. A systematic process for assessing and integrating professional judgment about probable adverse conditions.
D
A utility with a large investment in repair vehicles would most likely implement which internal control to reduce the risk of vehicle theft or loss? A. Review insurance coverage for adequacy. B. Systematically account for all repair work orders. C. Physically inventory vehicle and reconcile the results with the accounting records. D. Maintain vehicles in a secured location with release and return subject to approval by a custodian.
D
According to The IIA Glossary appended to the Standards, which of the following are most directly designed to ensure that risks are contained? A. Risk management processes. B. Governance processes. C. Internal audit activities. D. Control processes.
D
Appropriate internal control for a multinational corporation's branch office that has a monetary transfer unit requires that A. The branch manager receive all wire transfers. B. Corporate management approve the hiring of monetary transfer unit employees. C. Foreign currency rates be computed separately by two different employees. D. The individual who initiates wire transfers not reconcile the bank statement.
D
Controls that are designed to provide management with assurance of the realization of specified minimum gross margins on sales are
D
During an engagement involving a purchasing department, an internal auditor discovered that many purchases were made (at normal prices) from an office supplier whose owner was the brother of the director of purchasing. Controls were in place to restrict such purchases and no fraud appears to have been committed. In this case, the internal auditor should recommend A. Establishment of a price policy (range) for all goods B. The development of an approved-vendor file initiated by the buyer and approved by the director of purchasing C. The inspection of all receipts by receiving inspectors D. The initiation of a conflict-of-interest policy
D
During an engagement involving a purchasing department, an internal auditor discovered that many purchases were made (at normal prices) from an office supplier whose owner was the brother of the director of purchasing. Controls were in place to restrict such purchases and no fraud appears to have been committed. In this case, the internal auditor should recommend A. The development of an approved-vendor file initiated by the buyer and approved by the director of purchasing. B. The inspection of all receipts by receiving inspectors. C. Establishment of a price policy (range) for all goods. D. The initiation of a conflict-of-interest policy.
D
Fact Pattern: An organization has grown rapidly and has just automated its human resource system. The organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, ethnic code, age, insurance, medical protection, and other similar information. Management has asked the internal audit activity to review the new system. An employee in the payroll department is contemplating a fraud involving the addition of a fictitious employee and the entry of fictitious hours worked. The paycheck would then be sent to the payroll employee's home address. The most effective control procedure to prevent this type of fraud is to require that A. All new employees and their hours worked be entered by the human resources department. B. All changes to employee records be approved by supervisors outside of both human resources and payroll. C. The payroll department physically delivers paychecks to employees rather than mailing them. D. A report of all new employees added be approved by someone outside of the payroll department. Also, a report showing all employees and hours worked should be sent to the supervisor's department for review
D
Fact Pattern: During the planning phase, a chief audit executive (CAE) is evaluating four audit engagements based on the following factors: the engagement's ability to reduce risk to the organization, the engagement's ability to save the organization money, and the extent of change in the area since the last engagement. The CAE has scored the engagements for each factor from low to high, assigned points, and calculated an overall ranking. The results are shown below with the points in parentheses: Audit | Risk Reduction | Cost Savings | Changes 1 | High (3) | Medium (2) | Low (1) 2 | High (3) | Low (1) | High (3) 3 | Low (1) | High (3) | Medium (2) 4 | Medium (2) | Medium (2) | High (3) A. 1 and 2 only. B. 3 and 4 only. C. 1 and 3 only. D. 2 and 4 only.
D
If employee paychecks are distributed by hand to employees, which one of the following departments should be responsible for the safekeeping of unclaimed paychecks? A. Payroll department. B. Timekeeping department. C. Production department in which the employee works or worked. D. Cashier department.
D
Internal control should follow certain basic principles to achieve its objectives. One of these principles is the segregation of functions. Which one of the following examples does not violate the principle of segregation of functions? A. The sales manager has the responsibility to approve credit and the authority to write off accounts. B. The warehouse clerk, who has the custodial responsibility over inventory in the warehouse, may authorize disposal of damaged goods. C. The department time clerk is given the undistributed payroll checks to mail to absent employees. D. The chief financial officer has the authority to sign checks but gives the signature block to the assistant chief financial officer to run the check-signing machine.
D
One of the major problems in a computer system is that incompatible functions may be performed by the same individual. One compensating control is the use of A. Echo checks. B. A check digit system. C. Computer-generated hash totals. D. A computer log.
D
Organizational independence in the processing of payroll is achieved by segregation of functions that are built into the system. Which one of the following functional segregations is not required for internal control purposes? A. Segregation of timekeeping from payroll preparation. B. Segregation of personnel function from payroll preparation. C. Segregation of payroll preparation and paycheck distribution. D. Segregation of payroll preparation and maintenance of year-to-date records.
D
Passwords for personal computer software programs are designed to prevent A. Incomplete updating of data files. B. Inaccurate processing of data. C. Unauthorized access to the computer. D. Unauthorized use of the software.
D
Risk assessment is a systematic process for assessing and integrating professional judgments about probable adverse conditions or events. Which of the following statements reflects the appropriate action for the chief audit executive to take? A. The CAE should restrict the number of sources of information used in the risk assessment process. B. The risk assessment process should be conducted at least every 3 to 5 years. C. Work schedule priorities should be established to lead the CAE in the risk assessment process. D. The CAE should generally assign engagement priorities to activities with higher risks.
D
The COSO framework treats internal control as a process designed to provide reasonable assurance regarding the achievement of objectives related to A. Reliability of financial reporting. B. Effectiveness and efficiency of operations. C. Compliance with applicable laws and regulations. D. All of the answers are correct.
D
The concept of timeliness of data availability is most relevant to A. Computerized systems. B. Manual systems. C. Payroll systems. D. Online systems.
D
The most common computer-related problem confronting organizations is A. Disruption to computer processing caused by natural disasters. B. Fraud. C. Hardware malfunction. D. Input errors and omissions.
D
To minimize potential financial losses associated with physical assets, the assets should be insured in an amount that is A. Automatically adjusted by an economic indicator such as the consumer price index B. Equal to the book value of the individual assets C. Determined by the board of directors D. Supported by periodic appraisals
D
Upon receipt of purchased goods, receiving department personnel match the quantity received with the packing slip quantity and mark the retail price on the goods based on a master price list. The annotated packing slip is then forwarded to inventory control and goods are automatically moved to the retail sales area. The most significant control strength of this activity is A. Matching quantity received with the packing slip. B. Automatically moving goods to the retail sales area. C. Immediately pricing goods for retail sale. D. Using a master price list for marking the sale price.
D
Which of the following is an operating control for a research and development department? A. Research and development personnel are hired by the payroll department. B. Research and development expenditures are reviewed by an independent person. C. All research and development costs are charged to expense in accordance with the applicable accounting principles. D. The research and development budget is properly allocated between new products, product maintenance, and cost reduction programs.
D
Which of the following is most likely to be performed in the control activities component of internal control? A. Ongoing evaluations. B. Information processing. C. Assessing fraud risks. D. Segregation of duties.
D
Which of the following observations by an auditor is most likely to indicate the existence of control weaknesses over safeguarding of assets? 1. A service department's location is not well suited to allow adequate service to other units. 2. Employees hired for sensitive positions are not subjected to background checks. 3. Managers do not have access to reports that profile overall performance in relation to other benchmarked organizations. 4. Management has not taken corrective action to resolve past engagement observations related to inventory controls. A. 1 and 2 only. B. 1 and 4 only. C. 2 and 3 only. D. 2 and 4 only.
D
Which of the following statements best describes the relationship between planning and controlling? A. Planning looks to the future; controlling is concerned with the past. B. Planning and controlling are completely independent of each other. C. Planning prevents problems; controlling is initiated by problems that have occurred. D. Controlling cannot operate effectively without the tools provided by planning.
D
Which of the following tools would best give a graphical representation of a sequence of activities and decisions? A. Control chart. B. Run chart. C. Histogram. D. Flowchart.
D