CIA Part 1: Study Unit (1)
The chief audit executive (CAE) is best defined as the A. Inspector general. B. Person responsible for the internal audit function. C. Outside provider of internal audit services. D. Person responsible for overseeing the contract with the outside provider of internal audit services.
Answer (B) is correct. The CAE is a person in a senior position responsible for effectively managing the internal audit activity in accordance with the internal audit charter and the Definition of Internal Auditing, the Code of Ethics, and the Standards (The IIA Glossary).
Support from which persons or combination of persons listed below is most important to the success of the internal audit activity? A. The chief executive officer and chief financial officer. B. The chief executive officer. C. Management and the board. D. The audit committee.
Answer (C) is correct. The support of management and the board is crucial when inevitable conflicts arise between the internal audit activity and the department or function under review.
The IIA Rules of Conduct set forth in The IIA's Code of Ethics A. Describe behavior norms expected of internal auditors. B. Are guidelines to assist internal auditors in dealing with engagement clients. C. Are interpreted by the Principles. D. Apply only to particular conduct specifically mentioned.
Answer (A) is correct. The IIA's Code of Ethics extends beyond the definition of internal auditing to include two essential components: (1) Principles that are relevant to the profession and practice of internal auditing and (2) Rules of Conduct that describe behavior norms expected of internal auditors (Introduction).
Which one of the following is not included in the internal audit charter? A. Risk assessment of the internal audit activity. B. Responsibility of the internal audit activity. C. Purpose of the internal audit activity. D. Authority of the internal audit activity
Answer (A) is correct. A risk assessment is not appropriate for inclusion in the internal audit charter
An internal auditor often faces special problems when performing an engagement at a foreign subsidiary. Which of the following statements is false with respect to the conduct of international engagements? A. The IIA Standards do not apply outside of the United States. B. The internal auditor should determine whether managers are in compliance with local laws. C. There may be justification for having different organizational policies in force in foreign branches. D. It is preferable to have multilingual internal auditors conduct engagements at branches in foreign nations.
Answer (A) is correct. Pronouncements by The IIA have no geographic limits. Compliance with the concepts in the Standards is essential for the responsibilities of internal auditors to be met, regardless of the national environment.
During an engagement performed at a manufacturing division of a defense contractor, the internal auditor discovered that the organization apparently was inappropriately adding costs to a cost-plus governmental contract. The internal auditor discussed the matter with senior management, who suggested that the internal auditor seek an opinion from legal counsel. Upon review, legal counsel indicated that the practice was questionable but was not technically in violation of the government contract. Based on legal counsel's decision, the internal auditor decided to omit any discussion of the practice in the final engagement communication sent to senior management and the board. However, the internal auditor did informally communicate legal counsel's decision to senior management. Did the internal auditor violate The IIA's Code of Ethics? A. No. The internal auditor followed up the matter with appropriate personnel within the organization and reached a conclusion that no fraud was involved. B. No. If a fraud is suspected, it should be resolved at the divisional level where it is taking place. C. Yes. It is a violation because all important information, even if resolved, should be reported to the board. D. Yes. Internal legal counsel's opinion is not sufficient. The internal auditor should have sought advice from outside legal counsel.
Answer (A) is correct. Although an argument can be made that the internal auditor should report the matter to the board and senior management, there is no indication that the internal auditor is deliberately withholding material facts that, if not disclosed, may distort reports of activities under review (Rule of Conduct 2.3). Hence, no violation of the Code occurred.
Which situation is most likely a violation of The IIA's Code of Ethics? A. Reporting apparent violations of antitrust statutes by officers to government regulators. B. Cooperating with the government's criminal investigation of the organization. C. Reporting apparent violations of antitrust statutes by officers to the board of directors. D. Immediately reporting a violent crime observed at work to local law enforcement agencies.
Answer (A) is correct. An internal auditor must (1) not knowingly be a party to any illegal activity (Rule of Conduct 1.3); (2) disclose all material facts known to him or her that, if not disclosed, might distort the reporting of activities under review (Rule of Conduct 2.3); and (3) respect and contribute to the legitimate and ethical objectives of the organization (Rule of Conduct 1.4). Thus, when apparent violations of antitrust statutes by officers come to the internal auditor's attention, (s)he should report to the board of directors rather than directly to the government regulators. An internal auditor also must observe the law and make any disclosures required by the law or by the profession (Rule of Conduct 1.2).
The code of ethics of a professional organization sets forth A. Broad standards of conduct for the members of the organization. B. The organizational details of the profession's governing body. C. A list of illegal activities that are proscribed to the members of the profession. D. A basis for the measurement of internal audit performance.
Answer (A) is correct. An organization's code of ethical conduct is the established general value system the organization wishes to apply to its members' activities by communicating organizational purposes and beliefs and establishing uniform ethical guidelines for members, which include guidance on behavior for members in making decisions. A code establishes high standards against which individuals can measure their own performance and communicates to those outside the organization the value system from which the organization's members must not be asked to deviate.
Why does The IIA's Code of Ethics in Rule of Conduct 4.2 require that due professional care be used in obtaining information to support an engagement opinion? A. Sufficient, reliable, relevant, and useful information lends credibility to the opinion. B. To preclude any conflict of interest. C. To require honesty in performing work. D. If internal auditors were permitted to communicate engagement results without obtaining sufficient information, they would be in a position to accept fees or gifts from engagement clients.
Answer (A) is correct. Engagements must be performed with proficiency and due professional care (Attr. Std. 1200), and the engagement results must be communicated (Perf. Std. 2400). Engagement results include observations, conclusions, opinions, recommendations, and action plans (PA 2410-1). If internal auditors expressed opinions or otherwise communicated engagement results without substantive investigation and compliance with the Standards, such communications would be meaningless. The Standards are therefore incorporated by reference into The IIA's Code of Ethics by Rule of Conduct 4.2. Thus, internal auditors must identify sufficient, reliable, relevant, and useful information to achieve the engagement's objectives (Perf. Std. 2310).
The purpose of the internal audit activity can be best described as A. Adding value to the organization. B. Providing additional assurance regarding fair presentation of financial statements. C. Expressing an opinion on the adequate design and functioning of the system of internal control. D. Assuring the absence of any fraud that would materially affect the financial statements.
Answer (A) is correct. Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations (Definition of Internal Auditing).
Internal auditors should be prudent in their relationships with persons and organizations external to their employers. Which of the following activities will most likely not adversely affect internal auditors' ethical behavior? A. Accepting compensation from professional organizations for consulting work. B. Serving as consultants to competitor organizations. C. Serving as consultants to suppliers. D. Discussing engagement plans or results with external parties.
Answer (A) is correct. Professional organizations are unlikely to be employees, clients, customers, suppliers, or business associates of the organization. Hence, the consulting fees are not likely to impair or be presumed to impair the internal auditors' professional judgment (Rule of Conduct 2.2). Moreover, relationships with professional organizations are not likely to create a conflict of interest or impair or be presumed to impair internal auditors' unbiased judgment (Rule of Conduct 2.1). Also, the consulting engagement should not result in the improper use of information (Rule of Conduct 3.2).
The IIA's Code of Ethics requires internal auditors to perform their work with A. Honesty, diligence, and responsibility. B. Timeliness, sobriety, and clarity. C. Knowledge, skills, and competencies. D. Punctuality, objectivity, and responsibility.
Answer (A) is correct. Rule of Conduct 1.1 under the integrity principle states, "Internal auditors shall perform their work with honesty, diligence, and responsibility."
Which of the following is permissible under The IIA's Code of Ethics? A. In response to a subpoena, an auditor appeared in a court of law and disclosed confidential, audit-related information that could potentially damage the auditor's organization. B. An auditor used audit-related information in a decision to buy stock issued by the employer corporation. C. After praising an employee in a recent audit engagement communication, an auditor accepted a gift from the employee. D. An auditor did not report significant observations about illegal activity to the board because management indicated that it would resolve the issue.
Answer (A) is correct. Rule of Conduct 1.2 under the integrity principle states, "Internal auditors shall observe the law and make disclosures expected by the law and the profession." Thus, auditors must comply with subpoenas.
An internal auditor working for a chemical manufacturer believed that toxic waste was being dumped in violation of the law. Out of loyalty to the organization, no information regarding the dumping was collected. The internal auditor A. Violated the Code of Ethics by knowingly becoming a party to an illegal act. B. Violated the Code of Ethics by failing to protect the well-being of the general public. C. Did not violate the Code of Ethics. Loyalty to the employer in all matters is required. D. Did not violate the Code of Ethics. Conclusive information about wrongdoing was not gathered.
Answer (A) is correct. Rule of Conduct 1.3 under the integrity principle prohibits knowingly being a party to any illegal activity. By failing to collect information about a known violation of law, the auditor became party to the illegal act.
An internal auditor has been assigned to an engagement to evaluate a possible acquisition. Coincidentally, a significant portion of this internal auditor's personal investment portfolio is composed of the target organization's stock. What is the internal auditor's preferable course of action in this situation based on The IIA's Code of Ethics? A. Acquaint the chief audit executive with the situation and ask to be assigned to another audit. B. Acquaint the chief audit executive with the situation and offer assurance that it will have no impact on objectivity. C. Proceed with the audit because the personal investments are not an issue. D. Proceed with the audit because the investment is insignificant relative to the whole of the target company's stock.
Answer (A) is correct. Rule of Conduct 2.1 under the objectivity principle states, "Internal auditors shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization." In these circumstances, the internal auditor lacks the appearance of objectivity because the outcome of the engagement could directly affect the acquisition decision and the price of the stock. The use of the information also would be a violation of the Code and possibly of insider trading rules as well. Rule of Conduct 3.2 under the confidentiality principle states, "Internal auditors shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization."
An internal auditor has been assigned to an engagement at a foreign subsidiary. The internal auditor is aware that the social climate of the country is such that "facilitating payments" (bribes) are an accepted part of doing business. The internal auditor has completed the engagement and has found significant weaknesses relating to important controls. The subsidiary's manager offers the internal auditor a substantial "facilitating payment" to omit the observations from the final engagement communication with a provision that the internal auditor could revisit the subsidiary in 6 months to verify that the problem areas have been properly addressed. The internal auditor should A. Not accept the payment because such acceptance is in conflict with the Code of Ethics. B. Not accept the payment, but omit the observations as long as a verification visit is made in 6 months. C. Accept the offer because it is consistent with the ethical concepts of the country in which the subsidiary is doing business. D. Accept the payment because it has the effect of doing the greatest good for the greatest number; the internal auditor is better off, the subsidiary is better off, and the organization is better off because there is strong motivation to correct the deficiencies.
Answer (A) is correct. Rule of Conduct 2.2 under the objectivity principle states, "Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment."
An internal auditor may receive which of the following without violating The IIA's Code of Ethics? A. A pen received from the sales manager of a subsidiary with the imprinted name of the organization's product and a phone number. B. A dinner and baseball tickets from the manager of a department being reviewed. The tickets are usually made available to employees of that department. C. A dinner and baseball tickets from the manager of a department that has never been reviewed and for which there are no plans for a future engagement. The tickets are usually made available to employees of that department. D. A bottle of whiskey from the organization's CFO.
Answer (A) is correct. Rule of Conduct 2.2 under the objectivity principle states, "Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment." A small promotional item, such as a pen of minimal value, is unlikely to affect an auditor's judgment.
An internal auditor discovered some material inefficiencies in a purchasing function. The purchasing manager is the internal auditor's next-door neighbor and best friend. In accordance with The IIA's Code of Ethics, the internal auditor should A. Objectively include the facts of the case in the engagement communications. B. Not report the incident because of loyalty to the friend. C. Include the facts of the case in a special communication submitted only to the friend. D. Not report the friend unless the activity is illegal.
Answer (A) is correct. Rule of Conduct 2.3 under the objectivity principle states, "Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review."
Which of the following actions could be construed as a violation of The IIA's Code of Ethics? A. Failing to report to management information that would be material to management's judgment. B. Expressing an opinion on internal financial statements. C. Turning a case over to the security department when an internal auditor suspects fraud but has no proof. D. Including an internal control problem in a final engagement communication when it has been corrected prior to completion of the engagement.
Answer (A) is correct. Rule of Conduct 2.3 under the objectivity principle states, "Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review."
Through an engagement performed at the credit department, the chief audit executive (CAE) became aware of a material misstatement of the year-end accounts receivable balance. The external auditors have completed their engagement without detecting the misstatement. What should the CAE do in this situation? A. Inform the external auditors of the misstatement. B. Report the misstatement to management when the external auditors present a report. C. Exclude the misstatement from the final engagement communication because the external auditors are responsible for expressing an opinion on the financial statements. D. Perform additional engagement procedures on accounts receivable balances to benefit the external auditors.
Answer (A) is correct. Rule of Conduct 2.3 under the objectivity principle states, "Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review." Additionally, the CAE should share information and coordinate activities with the external auditors (Perf. Std. 2050).
During an engagement, an internal auditor learned that certain individuals in the organization were involved in industrial espionage for the benefit of the organization. According to The IIA's Code of Ethics, what is the internal auditor's proper course of action? A. Report the facts to the appropriate individuals within the organization. B. No action is required because this condition is not detrimental to the organization. C. Note the condition in the working papers but refrain from reporting it because it benefits the organization. D. Report the condition to the appropriate governmental regulatory agency.
Answer (A) is correct. Rule of Conduct 2.3 under the objectivity principle states, "Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review." Moreover, Rule of Conduct 1.3 under the integrity principle states, "Internal auditors shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization."
Which situation most likely violates The IIA's Code of Ethics and the Standards? A. The chief audit executive (CAE) disagrees with the engagement client about the observations and recommendations in a sensitive area. The CAE discusses the detail of the observations and the proposed recommendations with a fellow CAE from another organization. B. An organization's charter for the internal audit activity requires the chief audit executive (CAE) to present the yearly engagement work schedule to the board for its approval and suggestions. C. The engagement manager has removed the most significant observations and recommendations from the final engagement communication. The in-charge internal auditor opposed the removal, explaining that (s)he knows the reported conditions exist. The in-charge internal auditor agrees that, technically, information is not sufficient to support the observations, but management cannot explain the conditions, and the observations are the only reasonable conclusions. D. Because the internal audit activity lacks skill and knowledge in a specialty area, the chief audit executive (CAE) has hired an expert. The engagement manager has been asked to review the expert's approach to the assignment. Although knowledgeable about the area under review, the manager is hesitant to accept the assignment because of lack of expertise.
Answer (A) is correct. Rule of Conduct 3.1 under the confidentiality principle states, "Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties." Discussion of sensitive matters with an unauthorized party is the situation most likely to be considered a Code violation.
The chief audit executive has assigned an internal auditor to perform a year-end engagement to evaluate payroll records. The internal auditor has contacted the director of compensation and has been refused access to necessary documents. To avoid this problem, A. Access to records relevant to performance of engagements should be specified in the internal audit activity's charter. B. Internal auditing should be required to report to the CEO of the organization. C. By following the long-range planning process, access to all relevant records should be guaranteed. D. Board approval should be required for all scope limitations.
Answer (A) is correct. Specific guidelines are written in the internal audit activity's charter authorizing access to records, personnel, and physical properties relevant to the performance of engagements (Inter. Attr. Std. 1000). Such provisions reduce the likelihood of scope limitations.
Fact Pattern: The chief audit executive (CAE) of a mid-sized internal audit activity was concerned that management might outsource the internal auditing function. Thus, the CAE adopted a very aggressive program to promote the internal audit activity within the organization. The CAE planned to present the results to senior management and the board and recommend modification of the internal audit activity's charter after using the new program. The following lists six actions the CAE took to promote a positive image within the organization: 1. Engagement assignments concentrated on efficiency. The engagements focused solely on cost savings, and each engagement communication highlighted potential costs to be saved. Negative observations were omitted. The focus on efficiency was new, but the engagement clients seemed very happy. 2. Drafts of all engagement communications were carefully reviewed with the engagement clients to get their input. Their comments were carefully considered when developing the final engagement communication. 3. The information technology internal auditor participated as part of a development team to review the control procedures to be incorporated into a major computer application under development. 4. Given limited resources, the engagement manager performed a risk assessment to establish engagement work schedule priorities. This was a marked departure from the previous approach of ensuring that all operations are evaluated on at least a 3-year interval. 5. To save time, the CAE no longer required that a standard internal control questionnaire be completed for each engagement. 6. When the internal auditors found that the engagement client had not developed specific criteria or data to evaluate operations, the internal auditors were instructed to perform research, develop specific criteria, review the criteria with the engagement client, and, if acceptable, use them to evaluate the engagement client's operations. If the engagement client disagreed with the criteria, a negotiation took place until acceptable criteria could be agreed upon. The engagement communication commented on the engagement client's operations in conjunction with the agreed-upon criteria. Which of the following elements of Action 1 taken by the CAE would be considered inappropriate? The type of engagements was changed before modifying the internal audit activity's charter and going to the audit committee. Negative observations were omitted from the engagement communications. Cost savings and recommendations were highlighted in the engagement communication. A. 1 and 2. B. 1 and 3. C. 1 only. D. 2 and 3.
Answer (A) is correct. The CAE dramatically changed internal audit's scope of work without consulting with the board. A second violation is the omission of negative observations. Under The IIA's Code of Ethics, the auditors must disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review (Rule of Conduct 2.3).
Which of the following best describes the purpose of the internal audit activity? A. To add value and improve an organization's operations. B. To assist management with the design and implementation of risk management and control systems. C. To examine and evaluate an organization's accounting system as a service to management. D. To monitor the organization's internal control system for the external auditors.
Answer (A) is correct. The Definition of Internal Auditing states, in part, "Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations."
In complying with The IIA's Code of Ethics, an internal auditor should A. Use individual judgment in the application of the principles set forth in the Code. B. Respect and contribute to the objectives of the organization even if it is engaged in illegal activities. C. Go beyond the limitation of personal technical skills to advance the interest of the organization. D. Primarily apply the competency principle in establishing trust.
Answer (A) is correct. The IIA's Code of Ethics includes principles that internal auditors are expected to apply and uphold. They are interpreted by the Rules of Conduct, behavior norms expected of internal auditors. That a particular conduct is not mentioned in the Rules of Conduct does not prevent it from being unacceptable or discreditable. Consequently, a reasonable inference is that individual judgment is necessary in the application of the principles and the Rules of Conduct.
The transportation department of a publicly held company has asked the internal audit activity to review the design specifications for a proposed new warehouse and repair facility. The best reason for the internal audit activity to decline the request is A. Such a review does not fall within the authority granted in the internal audit charter. B. The CEO and the head of the transportation department are neighbors and belong to the same social clubs. C. The internal audit activity performed a thorough review of the transportation department the previous year. D. The transportation department's budget is immaterial to the organization's total budget.
Answer (A) is correct. The internal audit activity's purpose, authority, and responsibility are specifically granted in the form of a written charter approved by the board.
The organizational position of the internal audit activity should be free from the effects of irresponsible policy changes by management. The most effective way to ensure that freedom is to A. Have the internal audit charter approved by the board. B. Adopt policies for the functioning of the internal audit activity. C. Establish an audit committee within the board. D. Develop written policies and procedures to serve as standards of performance for the internal audit activity.
Answer (A) is correct. The internal audit charter is a formal document that defines the internal audit activity's purpose, authority, and responsibility. Final approval of the internal audit charter resides with the board (Inter. Attr. Std. 1000).
In applying the Rules of Conduct set forth in The IIA's Code of Ethics, internal auditors are expected to A. Not be unduly influenced by their own interests in forming judgments. B. Compare them with standards of other professions. C. Be guided by the desires of the engagement client. D. Use discretion in deciding whether to use them.
Answer (A) is correct. The objectivity principle contained in The IIA's Code of Ethics states, in part, "Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments."
An accounting association established a code of ethics for all members. What is one of the association's primary purposes of establishing the code of ethics? A. To outline criteria for professional behavior to maintain standards of integrity and objectivity. B. To establish standards to follow for effective accounting practice. C. To provide a framework within which accounting policies could be effectively developed and executed. D. To outline criteria that can be used in conducting interviews of potential new accountants.
Answer (A) is correct. The primary purpose of a code of ethical behavior for a professional organization is to promote an ethical culture among professionals who serve others.
Which of the following is permissible under The IIA's Code of Ethics? A. Disclosing confidential, engagement-related information that is potentially damaging to the organization in response to a court order. B. Using engagement-related information in a decision to buy an ownership interest in the employer organization. C. Accepting an unexpected gift from an employee whom the internal auditor has praised in a recent engagement communication. D. Not reporting significant observations and recommendations about illegal activity to the board because management has indicated it will address the issue.
Answer (A) is correct. The principle of confidentiality permits the disclosure of confidential information if there is a legal or professional obligation to do so.
Internal auditing has planned an engagement to evaluate the effectiveness of the quality assurance function as it affects the receipt of goods, the transfer of the goods into production, and the scrap costs related to defective items. The engagement client argues that such an engagement is not within the scope of the internal audit activity and should come under the purview of the quality assurance department only. What is the most appropriate response? A. Refer to the internal audit activity's charter and the approved engagement plan that includes the area designated for evaluation in the current time period. B. Because quality assurance is a new function, seek the approval of management as a mediator to set the scope of the engagement. C. Indicate that the engagement will evaluate the function only in accordance with the standards set by, and approved by, the quality assurance function before beginning the engagement. D. Terminate the engagement because it will not be productive without the client's cooperation.
Answer (A) is correct. The written charter, approved by the board, defines the scope of internal audit activities (Inter. Std. 1000).
Under the Sarbanes-Oxley Act of 2002 (SOX), A. An issuer must disclose whether at least one member of the audit committee is a financial expert. B. The chairman of the board of directors must be a financial expert. C. The audit committee must rotate at least one seat on an annual basis. D. All members of the audit committee must be financial experts.
Answer (A) is correct. Under the terms of SOX, an issuer must disclose whether at least one member of the audit committee is a financial expert. If the audit committee lacks a financial expert, the issuer must disclose the reason(s).
Which of the following most likely constitutes a violation of The IIA's Code of Ethics by an internal auditor? A. Discussing at a trade convention the organization's controls over its computer networks. B. Purchasing stock in a target entity after overhearing an executive's discussion of a possible acquisition. C. Deleting sensitive information from a final engagement communication at the request of senior management. D. Investigating executive expense reports based completely on rumors of padding.
Answer (B) is correct. Rule of Conduct 3.2 under the confidentiality principle states, "Internal auditors shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization."
In analyzing the differences between two recently merged businesses, the chief audit executive of Organization A notes that it has a formal code of ethics and Organization B does not. The code of ethics covers such things as purchase agreements, relationships with vendors, and other issues. Its purpose is to guide individual behavior within the firm. Which of the following statements regarding the existence of the code of ethics in A can be logically inferred? A exhibits a higher standard of ethical behavior than does B. A has established objective criteria by which an individual's actions can be evaluated. The absence of a formal code of ethics in B would prevent a successful review of ethical behavior in that organization. A. 1 and 2. B. 2 only. C. 3 only. D. 2 and 3.
Answer (B) is correct. A formal code of ethics effectively (1) communicates acceptable values to all members, (2) provides a method of policing and disciplining members for violations, (3) establishes objective standards against which individuals can measure their own performance, and (4) communicates the organization's value system to outsiders.
Which of the following statements is not appropriate to include in a manufacturer's conflict of interest policy? An employee shall not A. Accept money, gifts, or services from a customer. B. Participate (directly or indirectly) in the management of a public agency. C. Borrow from or lend money to vendors. D. Use organizational information for private purposes.
Answer (B) is correct. A prohibition on public service is ordinarily inappropriate. Public service is a right, if not a duty, of all citizens.
Which core principle of The IIA's Code of Ethics do the following actions violate? The internal auditor assumes operational duties on a temporary basis. The internal auditor performs an audit in a department managed by the auditor's father. The internal auditor managed the department being audited 6 months prior to the audit. The internal auditor receives a bonus based on the number of observations generated during an audit. A. Competency. B. Objectivity. C. Independence. D. Integrity.
Answer (B) is correct. According to The IIA's Code of Ethics, "Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interest or by others in forming judgments." The auditor should not participate in any activity or relationship that may impair or appear to impair an unbiased assessment. Assuming management responsibilities and auditing an area in which the auditor had such responsibilities within 1 year violate the objectivity principle. Performing an audit in a department managed by a family member also violates this principle because of an actual or implied conflict of interest. Accepting a bonus based on work accomplished during an audit also may impair or be presumed to impair the auditor's objectivity.
The chief audit executive is aware of a material inventory shortage caused by internal control deficiencies at one manufacturing plant. The shortage and related causes are of sufficient magnitude to affect the external auditor's report. Based on The IIA's Code of Ethics, what is the CAE's most appropriate course of action? A. Say nothing; guard against interfering with the independence of the external auditors. B. Discuss the issue with management and take appropriate action to ensure that the external auditors are informed. C. Inform the external auditors of the possibility of a shortage but allow them to make an independent assessment of the amount. D. Communicate the shortages to the board and allow them to communicate it to the external auditor.
Answer (B) is correct. All material facts known by the internal auditors should be disclosed (Rule of Conduct 2.3). The CAE should share information and coordinate activities with other internal and external providers of relevant assurance and consulting services (Perf. Std. 2050).
The best reason for establishing a code of conduct within an organization is that such codes A. Are typically required by governments. B. Express standards of individual behavior for members of the organization. C. Provide a quantifiable basis for personnel evaluations. D. Have tremendous public relations potential.
Answer (B) is correct. An organization's code of ethical conduct is the established general value system the organization wishes to apply to its members' activities. It communicates organizational purposes and beliefs and establishes uniform ethical guidelines for members, which include guidance on behavior for members in making decisions. A code establishes high standards against which individuals can measure their own performance. It also communicates to those outside the organization the value system from which its members must not be asked to deviate.
Objectivity is an ethical requirement for all persons engaged in the professional practice of internal auditing. One aspect of objectivity requires A. Performance of professional duties in accordance with relevant laws. B. Avoidance of conflict of interest. C. Refraining from using confidential information for unethical or illegal advantage. D. Maintenance of an appropriate level of professional expertise.
Answer (B) is correct. Commitment to independence from conflicts of economic or professional interest is an aspect of objectivity.
The purposes of the Standards include all of the following except A. Establishing the basis for the measurement of internal audit performance. B. Guiding the ethical conduct of internal auditors. C. Stating basic principles that represent the practice of internal auditing. D. Fostering improved organizational processes and operations.
Answer (B) is correct. Guiding the ethical conduct of internal auditors is the purpose of the Code of Ethics, not the Standards.
In their communication of results, internal auditors are required by The IIA's Code of Ethics to A. Obtain factual information within the established time and budget parameters. B. Reveal material facts that could distort communications if not revealed. C. Present sufficient factual information without revealing confidential information that could be detrimental to the organization. D. Disclose all material information obtained as of the date of the final engagement communication.
Answer (B) is correct. Internal auditors should disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review (Rule of Conduct 2.3).
Which Standards expand upon the other categories of Standards? A. Performance Standards. B. Attribute Standards. C. Implementation Standards. D. All of the choices are correct.
Answer (C) is correct. Implementation Standards expand upon the Attribute and Performance Standards. They provide requirements applicable to specific engagements.
A CIA is working in a noninternal-auditing position as the director of purchasing. The CIA signed a contract to procure a large order from the supplier with the best price, quality, and performance. Shortly after signing the contract, the supplier presented the CIA with a gift of significant monetary value. Which of the following statements regarding the acceptance of the gift is true? A. Acceptance of the gift is prohibited only if it is not customary. B. Acceptance of the gift violates The IIA's Code of Ethics and is prohibited for a CIA. C. Because the CIA is no longer acting as an internal auditor, acceptance of the gift is governed only by the organization's code of conduct. D. Because the contract was signed before the gift was offered, acceptance of the gift does not violate either The IIA's Code of Ethics or the organization's code of conduct.
Answer (B) is correct. Members of The Institute of Internal Auditors and recipients of, or candidates for, IIA professional certifications are subject to disciplinary action for breaches of The IIA's Code of Ethics. Rule of Conduct 2.2 under the objectivity principle states, "Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment."
Which of the following concurrent occupations could appear to subvert the ethical behavior of an internal auditor? A. Internal auditor and a well-known charitable organization's local in-house chairperson. B. Internal auditor and part-time business insurance broker. C. Internal auditor and adjunct faculty member of a local business college that educates potential employees. D. Internal auditor and landlord of multiple housing that publicly advertises for tenants in a local community newspaper listing monthly rental fees.
Answer (B) is correct. Rule of Conduct 2.1 under the objectivity principle states, "Internal auditors shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization." As a business insurance broker, the internal auditor may lose his or her objectivity because (s)he might benefit from a change in the employer's insurance coverage.
The chief audit executive (CAE) has been appointed to a committee to evaluate the appointment of the external auditors. The engagement partner for the external accounting firm wants the CAE to join her for a week of hunting at her private lodge. The CAE should A. Accept, assuming both their schedules allow it. B. Refuse on the grounds of conflict of interest. C. Accept as long as it is not charged to employer time. D. Ask the comptroller whether accepting the invitation is a violation of the organization's code of ethics.
Answer (B) is correct. Rule of Conduct 2.1 under the objectivity principle states, "Internal auditors shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization." Furthermore, under Rule of Conduct 2.2, "Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment."
An internal auditing team has made observations and recommendations that should significantly improve a division's operating efficiency. Out of appreciation of this work, and because it is the holiday season, the division manager presents the in-charge internal auditor with a gift of moderate value. Which of the following best describes the action prescribed by The IIA's Code of Ethics? A. Not accept it prior to submission of the final engagement communication. B. Not accept it if the gift is presumed to impair the internal auditor's judgment. C. Not accept it, regardless of other circumstances, because its value is significant. D. Accept it, regardless of other circumstances, because its value is insignificant.
Answer (B) is correct. Rule of Conduct 2.2 under the objectivity principle states, "Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment."
Which of the following actions by an internal auditor would violate The IIA's Code of Ethics? A. Attendance at an educational program offered by an engagement client to all employees. B. Acceptance of airline tickets from an engagement client. C. Disclosure, in an engagement communication, of all material facts relevant to the area reviewed. D. Disposal of a small ownership interest in the organization prior to learning of a business downturn.
Answer (B) is correct. Rule of Conduct 2.2 under the objectivity principle states, "Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment."
An internal auditor engages in the preparation of income tax forms during the tax season. For which of the following activities will the internal auditor most likely be in violation of The IIA's Code of Ethics? A. Writing a tax guide intended for publication and sale to the general public. B. Preparing the personal tax return, for a fee, for one of the organization's division managers. C. Teaching an evening tax seminar, for a fee, at a local university. D. Preparing tax returns for elderly citizens, regardless of their associations, as a public service.
Answer (B) is correct. Rule of Conduct 2.2 under the objectivity principle states, "Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment." Preparing a personal tax return for a division manager for a fee falls under this prohibition.
Which of the following situations is a violation of The IIA's Code of Ethics? A. An internal auditor, with the knowledge and consent of management, accepted a token gift from a customer of the organization that was not presumed to impair and did not impair judgment. B. Knowing that management was aware of the situation, an internal auditor purposely left a description of an unlawful practice out of the final engagement communication. C. An internal auditor shared techniques with internal auditors from another organization. D. Based upon knowledge of the probable success of the employer's business, an internal auditor invested in a mutual fund that specialized in the same industry.
Answer (B) is correct. Rule of Conduct 2.3 under the objectivity principle states, "Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review." Moreover, Rule of Conduct 1.3 under the integrity principle states, "Internal auditors shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization."
A new staff internal auditor was told to perform an engagement in an area with which the internal auditor was not familiar. Because of time constraints, no supervision was provided. The assignment represented a good learning experience, but the area was clearly beyond the internal auditor's competence. Nonetheless, the internal auditor prepared comprehensive working papers and communicated the results to management. In this situation, A. The internal audit activity violated the Standards by hiring an internal auditor without proficiency in the area. B. The internal audit activity violated the Standards by not providing adequate supervision. C. The chief audit executive has not violated The IIA's Code of Ethics because it does not address supervision. D. The Standards and The IIA's Code of Ethics were followed by the internal audit activity.
Answer (B) is correct. Rule of Conduct 4.2 under the competency principle requires internal auditing services to be performed in accordance with the Standards. Attr. Std. 1200 requires engagements to be performed with proficiency and due professional care. They also should be properly supervised to ensure that objectives are achieved, quality is assured, and staff is developed (Perf. Std. 2340).
An organization has recently placed a former operating manager in the position of chief audit executive (CAE). The new CAE is not a member of The IIA and is not a CIA. Henceforth, the internal audit activity will be run strictly by the CAE's standards, not The IIA's. All four staff internal auditors are members of The IIA, but they are not CIAs. According to The IIA's Code of Ethics, what is the best course of action for the staff internal auditors? A. The Code does not apply because they are not CIAs. B. They should comply with the International Standards for the Professional Practice of Internal Auditing. C. They must respect the legitimate and ethical objectives of the organization and ignore the Standards. D. They must resign their jobs to avoid improper activities.
Answer (B) is correct. Rule of Conduct 4.2 under the competency principle states, "Internal auditors shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing." Because the internal auditors are members of The Institute, The IIA's Code of Ethics is enforceable against them even though they are not CIAs.
Today's internal auditor will often encounter a wide range of potential ethical dilemmas, not all of which are explicitly addressed by The IIA's Code of Ethics. If the internal auditor encounters such a dilemma, the internal auditor should always A. Seek counsel from an independent attorney to determine the personal consequences of potential actions. B. Apply and uphold the principles embodied in The IIA's Code of Ethics. C. Seek the counsel of the board before deciding on an action. D. Act consistently with the code of ethics adopted by the organization even if such action is not consistent with The IIA's Code of Ethics.
Answer (B) is correct. The Code includes Principles (integrity, objectivity, confidentiality, and competency) relevant to the profession and practice of internal auditing and Rules of Conduct that describe behavioral norms for internal auditors and that interpret the Principles. Internal auditors are expected to apply and uphold the Principles. Furthermore, that a particular conduct is not mentioned in the Rules does not prevent it from being unacceptable or discreditable.
Under The IIA's Code of Ethics, an entity that provides internal auditing services is specifically required to A. Maintain certain predetermined staffing requirements for engagements. B. Comply with the International Standards for the Professional Practice of Internal Auditing. C. Comply with organizational policy. D. Participate in a formal continuing education program.
Answer (B) is correct. The IIA's Code of Ethics applies not only to individuals but also to entities that provide internal auditing services. Rule of Conduct 4.2 under the competency principle states, "Internal auditors shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing."
An internal auditor who encounters an ethical dilemma not explicitly addressed by The IIA's Code of Ethics should always A. Seek counsel from an independent attorney to determine the personal consequences of potential actions. B. Take action consistent with the principles embodied in The IIA's Code of Ethics. C. Seek the counsel of the audit committee before deciding on an action. D. Act consistently with the employing organization's code of ethics even if such action would not be consistent with The IIA's Code of Ethics.
Answer (B) is correct. The IIA's Code of Ethics is based on principles relevant to the profession and practice of internal auditing that internal auditors are expected to apply and uphold: integrity, objectivity, confidentiality, and competency. Furthermore, the Code states that particular conduct may be unacceptable or discreditable even if it is not mentioned in the Rules of Conduct.
Which of the following is not true with regard to the internal audit charter? A. It defines the authorities and responsibilities for the internal audit activity. B. It specifies the minimum resources needed for the internal audit activity. C. It provides a basis for evaluating the internal audit activity. D. It should be approved by the board.
Answer (B) is correct. The charter formally defines the purpose, authority, and responsibility of the internal audit activity. Resource requirements are based on risk-based plans that are consistent with organizational objectives; they are not an appropriate topic to codify in the internal audit charter.
Which one of the following must be included in the internal audit charter? A. Internal audit objectivity. B. Internal audit responsibility. C. Chief audit executive's compensation plan. D. Number of full-time internal audit employees deemed to be the necessary minimum.
Answer (B) is correct. The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter.
A formal code of ethics should do all of the following except A. Effectively communicate acceptable values to all members. B. Communicate the organization's value system to outsiders. C. Reflect only legal standards of conduct for individuals and the organization. D. Provide a method of policing and disciplining members of the organization for violations.
Answer (C) is correct. An ethical organization aspires to a higher standard of behavior than mere legality.
The Standards consist of three types of Standards. Which Standards apply to the characteristics of providers of internal auditing services? A. Implementation Standards. B. Performance Standards. C. Attribute Standards. D. Independence Standards.
Answer (C) is correct. Attribute Standards concern the characteristics of organizations and parties providing internal auditing services.
Which of the following activities of an internal auditor is most likely to be acceptable under The IIA's Code of Ethics? A. Late arrivals and early departures from work because this practice is common in the organization. B. Frequent luncheons and other socializing with major suppliers of the organization without the consent of senior management. C. Conducting an unrelated business outside of office hours. D. Acceptance of a material gift from a supplier.
Answer (C) is correct. Nothing in The IIA's Code of Ethics prohibits operating an unrelated business outside of regular office hours. The activity is not, in itself, (1) a conflict of interest, (2) a use of information for personal gain, or (3) an impairment of the internal auditor's unbiased assessment.
The chief audit executive meets with the members of the internal audit activity at scheduled staff meetings. Which of the following is the most appropriate function of such a staff meeting? A. Developing the engagement work schedule. B. Revising travel, promotion, and compensation policies. C. Explaining administrative policies and obtaining suggestions from the staff. D. Developing long-range training programs that will meet the staff's need
Answer (C) is correct. One reason for staff meetings is to explain routine administrative matters, to teach new techniques, and even to let off steam. For example, staff members should be able to raise questions about ineffective procedures, promotions, salaries, or other problems.
An internal auditor for a large regional bank was asked to serve on the board of directors of a local bank. The bank competes in many of the same markets as the regional bank but focuses more on consumer financing than on business financing. In accepting this position, the internal auditor Violates The IIA's Code of Ethics because serving on the board may be in conflict with the best interests of the internal auditor's employer Violates The IIA's Code of Ethics because the information gained while serving on the board of directors of the local bank may influence recommendations regarding potential acquisitions A. 1 only. B. 2 only. C. 1 and 2. D. Neither 1 nor 2.
Answer (C) is correct. Rule of Conduct 2.1 under the objectivity principle states, "Internal auditors shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization." Accordingly, service on the board of the local bank constitutes a conflict of interest and may prejudice the internal auditor's ability to carry out objectively his or her duties regarding potential acquisitions.
Which of the following actions by an internal auditor is most likely a violation of The IIA's Code of Ethics? A. Accepting payment for teaching auditing at a local university. B. Having a material ownership interest in a competitor. C. Accepting a moderate gift from a customer of his or her organization. D. Allowing use of the Certified Internal Auditor designation in a context not involving his or her employment.
Answer (C) is correct. Rule of Conduct 2.2 under the objectivity principle states, "Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment."
In a review of travel and entertainment expenses, a certified internal auditor questioned the business purposes of an officer's reimbursed travel expenses. The officer promised to compensate for the questioned amounts by not claiming legitimate expenses in the future. If the officer makes good on the promise, the internal auditor A. Can ignore the original charging of the nonbusiness expenses. B. Should inform the tax authorities in any event. C. Should still include the finding in the final engagement communication. D. Should recommend that the officer forfeit any frequent flyer miles received as part of the questionable travel.
Answer (C) is correct. Rule of Conduct 2.3 under the objectivity principle states, "Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review."
During the course of an engagement, an internal auditor discovers that a clerk is embezzling funds from the organization. Although this is the first embezzlement ever encountered and the organization has a security department, the internal auditor decides to interrogate the suspect. If the internal auditor is violating The IIA's Code of Ethics, the rule violated is most likely A. Failing to exercise due diligence. B. Lack of loyalty to the organization. C. Lack of competence in this area. D. Failing to comply with the law.
Answer (C) is correct. Rule of Conduct 4.1 under the competency principle states, "Internal auditors shall engage only in those services for which they have the necessary knowledge, skills, and experience." Internal auditors may not have, and are not expected to have, knowledge equivalent to that of a person whose primary responsibility is to detect and investigate fraud (Impl. Std. 1210.A2).
Which of the following most likely constitutes a violation of The IIA's Code of Ethics? A. Auditor A has accepted an assignment to perform an engagement at the electronics manufacturing division. Auditor A has recently joined the internal audit activity. But Auditor A was senior auditor for the external audit of that division and has audited many electronics organizations during the past 2 years. B. Auditor B has been assigned to perform an engagement at the warehousing function 6 months from now. Auditor B has no expertise in that area but accepted the assignment anyway. Auditor B has signed up for continuing professional education courses in warehousing that will be completed before the assignment begins. C. Auditor C is content as an internal auditor and has come to look at it as a regular 9-to-5 job. Auditor C has not engaged in continuing professional education or other activities to improve effectiveness during the last 3 years. However, Auditor C feels performance of quality work is the same as before. D. Auditor D discovered an internal financial fraud during the year. The books were adjusted to properly reflect the loss associated with the fraud. Auditor D discussed the fraud with the external auditor when the external auditor reviewed working papers detailing the incident.
Answer (C) is correct. Rule of Conduct 4.3 under the competency principle states, "Internal auditors shall continually improve their proficiency and the effectiveness and quality of their services."
After the chief audit executive receives approval from the board to offer consulting services, what should be done? A. The CAE should begin performing consulting services. B. The CAE should get approval from the internal auditors. C. The internal audit charter should be amended. D. The board should develop appropriate policies and procedures for conducting such engagements.
Answer (C) is correct. The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter (Attr. Std. 1000). The nature of consulting services must be defined in the internal audit charter (Impl. Std. 1000.C1).
Internal auditors who fail to maintain their proficiency through continuing education could be found to be in violation of A. The International Standards for the Professional Practice of Internal Auditing. B. The IIA's Code of Ethics. C. Both the International Standards for the Professional Practice of Internal Auditing and The IIA's Code of Ethics. D. None of the answers are correct.
Answer (C) is correct. Rule of Conduct 4.3 under the competency principle states, "Internal auditors shall continually improve their proficiency and the effectiveness and quality of their services." Furthermore, Attr. Std. 1230 states, "Internal auditors must enhance their knowledge, skills, and other competencies through continuing professional development." Hence, both The IIA's Code of Ethics and the Standards are violated by failing to earn continuing education credits.
An engagement at a foreign subsidiary disclosed payments by the sales department to local government officials in return for orders. What action does The IIA's Code of Ethics suggest for an internal auditor in such a case? A. Refrain from any action that might be detrimental to the organization. B. Report the incident to appropriate regulatory authorities. C. Inform appropriate organizational officials. D. Report the practice to the board of The Institute of Internal Auditors.
Answer (C) is correct. Such payments may be illegal. Rule of Conduct 2.3 under the objectivity principle states, "Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review."
A primary purpose of establishing a code of conduct within a professional organization is to A. Reduce the likelihood that members of the profession will be sued for substandard work. B. Ensure that all members of the profession perform at approximately the same level of competence. C. Promote an ethical culture among professionals who serve others. D. Require members of the profession to exhibit loyalty in all matters pertaining to the affairs of their organization.
Answer (C) is correct. The IIA's Code of Ethics is typical. Its purpose is "to promote an ethical culture in the profession of internal auditing." The definition of internal auditing states that it is "an independent, objective assurance and consulting activity." Moreover, internal auditing is founded on "the trust placed in its objective assurance about governance, risk management, and control." Accordingly, internal auditors are professionals who serve others by providing assurance and consulting services.
An element of authority that must be included in the charter of the internal audit activity is A. Identification of the organizational units where engagements are to be performed. B. Identification of the types of disclosures that should be made to the board. C. Access to records, personnel, and physical properties relevant to the performance of engagements. D. Access to the external auditor's engagement records.
Answer (C) is correct. The charter establishes the internal audit activity's position within the organization, including the nature of the chief audit executive's functional reporting relationship with the board; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities (Inter. Attr. Std. 1000).
The board of an organization has charged the chief audit executive (CAE) with upgrading the internal audit activity. The CAE's first task is to develop a charter. What item should be included in the statement of objectives? A. Report all engagement results to the board every quarter. B. Notify governmental regulatory agencies of unethical business practices by organization management. C. Evaluate the adequacy and effectiveness of the organization's controls. D. Submit budget variance reports to management every month.
Answer (C) is correct. The charter establishes the internal audit activity's position within the organization, including the nature of the chief audit executive's functional reporting relationship with the board; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities (Inter. Std. 1000). Internal auditing brings a systematic, disciplined approach to evaluating and improving risk management, control, and governance processes (Definition of Internal Auditing).
The internal audit activity's scope of responsibilities includes A. Eliminating risk. B. Managing risk. C. Evaluating risk. D. Controlling risk.
Answer (C) is correct. The internal audit activity helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes (Definition of Internal Auditing). Managing, controlling, and eliminating risk are responsibilities of management.
The types of services provided by the internal audit activity can best be described as A. Auditing and engagement. B. Auditing and consulting. C. Assurance and consulting. D. Auditing and assurance.
Answer (C) is correct. The internal audit activity provides independent, objective assurance and consulting services designed to add value and improve an organization's operations (Definition of Internal Auditing).
A charter is one of the more important factors positively affecting the internal audit activity's independence. Which of the following is least likely to be part of the charter? A. Access to records within the organization. B. The scope of internal audit activities. C. The length of tenure of the chief audit executive. D. Access to personnel within the organization.
Answer (C) is correct. The length of the CAE's employment should not be codified in the charter; it is a matter of ongoing judgment for the board.
According to The IIA's International Professional Practices Framework, which of the following constitute mandatory guidance for implementing the Standards? A. Development Aids. B. Practice Aids. C. Performance Standards. D. Practice Advisories.
Answer (C) is correct. The mandatory guidance portion of the IPPF consists of the Definition of Internal Auditing, the Code of Ethics, Attribute Standards, Performance Standards, and Implementation Standards.
The authority of the internal audit activity is limited to that granted by A. The board and the controller. B. Senior management and the Standards. C. Management and the board. D. The board and the chief financial officer.
Answer (C) is correct. The purpose, authority, and responsibility of the internal audit activity must be formally defined in a charter. The CAE must periodically review and present the charter to senior management and the board for approval (Attr. Std. 1000).
An internal auditor, nearly finished with an engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement, and the internal auditor is under pressure to complete it quickly. The internal auditor notes the problem and passes the information on to the chief audit executive but does no further follow-up. The internal auditor's actions A. Are in violation of The IIA's Code of Ethics for withholding meaningful information. B. Are in violation of the Standards because the internal auditor did not properly follow up on a red flag that might indicate the existence of fraud. C. Are not in violation of either The IIA's Code of Ethics or the Standards. D. Are in violation of The IIA's Code of Ethics for withholding meaningful information and are in violation of the Standards because the internal auditor did not properly follow up on a red flag that might indicate the existence of fraud.
Answer (C) is correct. There is no violation of either The IIA's Code of Ethics or the Standards. The internal auditor did not withhold information and properly followed up upon learning of the information.
The Sarbanes-Oxley Act of 2002 (SOX) imposes which of the following requirements? A. The board of directors must be composed entirely of independent shareholders. B. At least one member of the audit committee must be a former partner of the independent public accounting firm. C. The audit committee must be composed entirely of independent members of the board. D. Once the audit committee has selected the independent public accounting firm, the committee must not interfere with the firm's conduct of the financial statement audit.
Answer (C) is correct. Under the terms of SOX, each member of the issuer's audit committee must be an independent member of the board of directors. To be independent, a director must not be affiliated with, or receive any compensation (other than for service on the board) from, the issuer.
Which of the following is not appropriate for inclusion in the internal audit charter? A. The nature of the chief audit executive's functional reporting relationship with the board. B. Authorization of internal audit access to records, personnel, and physical properties. C. Definition of the scope of internal audit activities. D. Authorization of the board to approve the charter.
Answer (D) is correct. Final approval of the internal audit charter resides with the board. The board has this power inherently.
A review of an organization's code of conduct revealed that it contained comprehensive guidelines designed to inspire high levels of ethical behavior. The review also revealed that employees were knowledgeable of its provisions. However, some employees still did not comply with the code. What element should a code of conduct contain to enhance its effectiveness? A. Periodic review and acknowledgment by all employees. B. Employee involvement in its development. C. Public knowledge of its contents and purpose. D. Provisions for disciplinary action in the event of violations.
Answer (D) is correct. Penalties for violations of a code of conduct should enhance its effectiveness. Some individuals will be deterred from misconduct if they expect it to be detected and punished.
Which of the following items is a violation by an internal auditor of The IIA's Code of Ethics? A. Certain facts recorded in the internal auditor's working papers that helped to support the basic allegations made by the internal auditor regarding a case of fraud were not included in the final engagement communication. B. Information in the internal auditor's working papers that proved a criminal act was included in the internal auditor's draft communication. The comments were later removed by internal audit management. C. To keep the engagement effort within the budgeted time, the internal auditor was directed to and did curtail testing in an area that looked suspicious and later was proved to contain massive irregularities. D. A control system that had been recommended by the internal audit staff during the previous engagement was found to be defective. The internal auditor reported the defective function as an engagement client failure.
Answer (D) is correct. Reporting the defective function as an engagement client failure is a violation of the internal auditor's ethical obligation to disclose all material facts known to him or her that, if not disclosed, may distort the reporting of activities under review (Rule of Conduct 2.3).
In their reporting, internal auditors are required by The IIA's Code of Ethics to A. Present sufficient factual information without revealing confidential matters that could be detrimental to the organization. B. Disclose all material information obtained by the auditor as of the date of the final engagement communication. C. Obtain factual information within the established time and budget parameters. D. Disclose material facts known to the internal auditor that could distort the final engagement communication if not revealed.
Answer (D) is correct. Rule of Conduct 2.3 under the objectivity principle states, "Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review."
During an examination of grants awarded by a not-for-profit organization, an internal auditor discovered a number of grants made without the approval of the grant authorization committee (which includes outside representatives), as required by the organization's charter. All the grants, however, were approved and documented by the president. The chair of the grant authorization committee, who is also a member of the board of directors, proposes that the committee meet and retroactively approve all the grants before the engagement communication is issued. If the committee meets and approves the grants before such issuance, the internal auditor should A. Not report the grants in question because they were approved before the issuance of the engagement communication. B. Discuss the matter with the chair of the grant committee to determine the rationale for not approving the grants earlier. If the grants are routine, discussion of the grant committee's inaction should be omitted from the engagement communication. C. Include the items in the communication as an override of the organization's controls. Details about each grant should be reported, and the internal auditor should investigate further for fraud. D. Report the override of control to the board.
Answer (D) is correct. Rule of Conduct 2.3 under the objectivity principle states, "Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review." The management override of an important control over approval of grants created a material risk exposure. The internal auditor is ethically obligated to report the matter to senior officials charged with performing the governance function.
Which of the following actions taken by a chief audit executive (CAE) could be considered professionally ethical under The IIA's Code of Ethics? A. The CAE decides to delay an engagement at a branch so that his nephew, the branch manager, will have time to "clean things up." B. To save organizational resources, the CAE cancels all staff training for the next 2 years on the basis that all staff are too new to benefit from training. C. To save organizational resources, the CAE limits procedures at foreign branches to confirmations from branch managers that no major personnel changes have occurred. D. The CAE refuses to provide information about organizational operations to his father, who is a part owner.
Answer (D) is correct. Rule of Conduct 3.1 under the confidentiality principle states, "Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties." Additionally, Rule of Conduct 3.2 states, "Internal auditors shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization." Thus, such use of information by the CAE might be illegal under insider trading rules.
An internal auditor is performing services in a division in which the chief financial officer is a close personal friend, and the internal auditor learns that the friend is to be replaced after a series of critical labor negotiations. The internal auditor relays this information to the friend. Has a violation of The IIA's Code of Ethics occurred? A. No. The use of the confidential information resulted in no personal gain to the internal auditor. B. No. The internal auditor was just being honest with his or her friend. C. Yes. The internal auditor had a conflict of interest with the organization. D. Yes. The internal auditor was not prudent in the use of information acquired in the course of his or her duties.
Answer (D) is correct. Rule of Conduct 3.1 under the confidentiality principle states, "Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties." Rule of Conduct 3.2 states, "Internal auditors shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization." In this case, the decision whether to notify the financial officer of his or her replacement was properly the organization's. Accordingly, the internal auditor was bound not to tell his or her friend.
Which of the following situations is a violation of The IIA's Code of Ethics? A. An internal auditor was ordered to testify in a court case in which a merger partner claimed to have been defrauded by the internal auditor's organization. The internal auditor divulged confidential information to the court. B. An internal auditor for a manufacturer of office products recently completed an engagement to evaluate the marketing function. Based on this experience, the internal auditor spent several hours one Saturday working as a paid consultant to a hospital in the local area that intended to conduct an engagement to evaluate its marketing function. C. An internal auditor gave a speech at a local IIA chapter meeting outlining the contents of a program the internal auditor had developed for engagements relating to electronic data interchange (EDI) connections. Several internal auditors from major competitors were in the audience. D. During an engagement, an internal auditor learned that the organization was about to introduce a new product that would revolutionize the industry. Because of the probable success of the new product, the product manager suggested that the internal auditor buy an additional interest in the organization, which the internal auditor did.
Answer (D) is correct. Rule of Conduct 3.2 under the confidentiality principle states, "Internal auditors shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization."
In which of the following duties would the chief audit executive least likely have a primary role? A. Determine the need for expanded testing. B. Review the summary observations sheet. C. Select or approve team members. D. Organize and draft the final engagement communication.
Answer (D) is correct. The CAE has overall responsibility for the internal audit activity. Consequently, (s)he would most likely delegate the task of organizing and drafting the final engagement communication for a specific engagement.
The proper organizational role of internal auditing is to A. Assist the external auditor to reduce external audit fees. B. Perform studies to assist in the attainment of more efficient operations. C. Serve as the investigative arm of the board. D. Serve as an independent, objective assurance and consulting activity that adds value to operations.
Answer (D) is correct. The Definition of Internal Auditing states, in part, "Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations."
One of the purposes of the International Standards for the Professional Practice of Internal Auditing ("the Standards") is to A. Encourage the professionalization of internal auditing. B. Establish the independence of the internal audit activity and emphasize the objectivity of internal auditing. C. Encourage external auditors to make more extensive use of the work of internal auditors. D. Establish the basis for evaluating internal auditing performance.
Answer (D) is correct. The IIA provides the following purposes of the Standards: Delineate basic principles that represent the practice of internal auditing. Provide a framework for performing and promoting a broad range of value-added internal audit activities. Establish the basis for evaluating internal auditing performance. Foster improved organizational processes and operations.
During an engagement to evaluate the organization's accounts payable function, an internal auditor plans to confirm balances with suppliers. What is the source of authority for such contacts with units outside the organization? A. Internal audit activity policies and procedures. B. The Standards. C. The Code of Ethics. D. The internal audit activity's charter.
Answer (D) is correct. The charter establishes the internal audit activity's position within the organization, including the nature of the chief audit executive's functional reporting relationship with the board; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities (Inter. Std. 1000). Thus, the charter prescribes the internal audit activity's relationships with other units within the organization and with those outside.
A typical code of ethical conduct for financial managers or management accountants in an organization requires all of the following except A. Integrity and a refusal to compromise professional values for the sake of personal goals. B. Independence from conflicts of economic interest. C. Independence from conflicts of professional interest. D. Subjectivity in presenting information, preparing reports, and making analyses.
Answer (D) is correct. The code of ethical conduct for financial managers or management accountants in an organization should require objectivity in presenting information, preparing reports, and making analyses.
An internal auditor, recently terminated by an organization due to downsizing, has found a job with another organization in the same industry. Which of the following disclosures made by the internal auditor to the new organization would constitute a violation of The IIA's Code of Ethics? A. The internal auditor used the risk assessment approach that was used by the internal auditor's former employer in determining priorities in the new job. B. The new internal audit activity does not use PPS sampling, and the internal auditor believes PPS sampling has advantages for many of the engagements conducted by the new employer. The internal auditor conducts training sessions and develops forms to implement sampling in the same manner as the previous employer. C. While at the previous firm, the internal auditor conducted a great deal of research to identify "best practices" for the management of the treasury function. Because most of the research was done at home and during non-office hours, the internal auditor retained much of the research and plans to use it in conducting a review of the treasury function at the new employer. D. None of the answers represent a violation of the Code.
Answer (D) is correct. The former employer's risk assessment approach may be viewed as general information about "best practices." Hence, applying this approach on behalf of a new employer is acceptable. With regard to the former employer's sampling methods, the internal auditor is applying knowledge of a commonly used engagement procedure. It is not confidential information. Moreover, gathering information about best practices of other organizations is part of the continuing education of the internal auditor. Thus, the listed responses are not violations of the Code.
A major reason for establishing an internal audit activity is to A. Relieve overburdened management of the responsibility for establishing effective controls. B. Safeguard resources entrusted to the organization. C. Ensure the reliability and integrity of financial and operational information. D. Evaluate and improve the effectiveness of control processes.
Answer (D) is correct. The internal audit activity helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes (Definition of Internal Auditing).
An internal auditor has uncovered facts that could be interpreted as indicating unlawful activity on the part of an engagement client. The internal auditor decides not to inform senior management and the board of these facts because of lack of proof. The internal auditor, however, decides that, if questions are raised regarding the omitted facts, they will be answered fully and truthfully. In taking this action, the internal auditor A. Has not violated The IIA's Code of Ethics or the Standards because confidentiality takes precedence over all other standards. B. Has not violated The IIA's Code of Ethics or the Standards because the internal auditor is committed to answering all questions fully and truthfully. C. Has violated The IIA's Code of Ethics because unlawful acts should have been reported to the appropriate regulatory agency to avoid potential "aiding and abetting" by the internal auditor. D. Has violated the Standards because the internal auditor should inform the appropriate authorities in the organization if fraud may be indicated.
Answer (D) is correct. The internal auditor should inform the appropriate authorities in the organization if the indicators of the commission of a fraud are sufficient to recommend an investigation. Hence, the internal auditor has a duty to act even though the available facts do not prove that an irregularity has occurred. Moreover, Rule of Conduct 2.3 states, "Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review."
The purpose, authority, and responsibility of the internal audit activity are formally defined in A. The records of the proceedings of the board of directors. B. The corporate bylaws. C. The memorandum of understanding. D. A formal, written charter.
Answer (D) is correct. The purpose, authority, and responsibility of the internal audit activity must be formally defined in a written charter, consistent with the Definition of Internal Auditing, the Code of Ethics, and the Standards.
A chief audit executive (CAE) learned that a staff internal auditor provided confidential information to a relative. Both the CAE and staff internal auditor are CIAs. Although the internal auditor did not benefit from the transaction, the relative used the information to make a significant profit. The most appropriate way for the CAE to deal with this problem is to A. Verbally reprimand the internal auditor. B. Summarily discharge the internal auditor and notify The IIA. C. Take no action because the internal auditor did not benefit from the transaction. D. Inform The IIA's Board of Directors and take the personnel action required by organizational policy.
Answer (D) is correct. The staff internal auditor has violated Rule of Conduct 3.2 regarding use of information. A violation of The IIA's Code of Ethics is the basis for a complaint to the International Ethics Committee, which is responsible for receiving, interpreting, and investigating all complaints against members or CIAs on behalf of the Board of Directors of The IIA and making recommendations to the Board on actions to be taken (Administrative Directive 5). In addition, organizational policy must be followed.
During the course of an engagement, an internal auditor discovered that a research and development employee has been patenting new developments that are unrelated to the basic business of the organization. The organization does not have a specific policy addressing patents on developments that are not related to its basic business, but it has a general policy that all important new discoveries by employees are the property of the organization. The employee is considered one of the most prestigious in the field. The employee's actions have been condoned by local management as an extra incentive to keep the employee at the lab. A decision not to report the employee's action is A. A violation of The IIA's Code of Ethics. B. A violation of the reporting requirements in the Standards. C. Justified because divisional management is aware of the practice, and it is not in violation of organizational policies. D. Both a violation of The IIA's Code of Ethics AND a violation of the reporting requirements in the Standards.
Answer (D) is correct. Under the Standards, internal auditors should communicate engagement results. Rule of Conduct 4.2 states, "Internal auditors shall perform internal auditing services in accordance with the International Standards for the Professional Practice of Internal Auditing." Rule of Conduct 2.3 under the objectivity principle states, "Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review." Hence, the failure to report violates The IIA's Code of Ethics and the Standards.