Internal Auditing Exam 2

¡Supera tus tareas y exámenes ahora con Quizwiz!

An internal auditor must weigh the cost of an engagement procedure against the persuasiveness of the evidence to be gathered. Observation is one engagement procedure that involves cost-benefit trade-offs. Which of the following statements regarding observation as an engagement technique is (are) true? 1. Observation is limited because individuals may react differently when being observed. 2. When testing financial statement balances, observation is more persuasive for the completeness assertion than it is for the existence assertion. 3. Observation is effective in providing information about how the organization's processes differ from those specified by written policies.

1 and 3 only. Observation consists of watching the physical activities of the employees in the organization to see how they perform their duties. The internal auditor can determine whether written policies have been put into practice. Observation is limited because employees who know they are being observed may behave differently while being observed. Moreover, observation is more persuasive for the *existence or occurrence assertion* (whether assets or liabilities exist and whether transactions have occurred) than for the *completeness assertion (whether all transactions that should be reported are reported).*

The chief audit executive of a multinational organization must form an engagement team to examine a newly acquired subsidiary in another country. Consideration should be given to which of the following factors? 1. Local customs 2. Language skills of the internal auditor 3. Experience of the internal auditor 4. Monetary exchange rate

1, 2, and 3. This answer is correct. The knowledge, skills, and other competencies of the internal audit staff must be considered when selecting internal auditors for the engagement. Thus, in an engagement to be performed in a foreign country, the language skills of the internal auditor and knowledge of local customs must be considered. For example, gender and ethnic issues may be important in some countries because of religious restrictions and incompatibilities. As always, experience levels are relevant in making staff assignments. The exchange rate is irrelevant to determining the needed traits of the team members.

The chief audit executive for an organization has just completed a risk assessment process, identified the areas with the highest risks, and assigned an engagement priority to each. Which of the following conclusions most logically follow(s) from such a risk assessment? 1. Items should be quantified as to risk in the rank order of quantifiable monetary exposure to the organization. 2. The risk priorities should be in order of major control deficiencies. 3. The risk assessment process, though quantified, is the result of professional judgments about both exposures and probability of occurrences.

3 only. Any assessment of risk priority and exposure necessarily implies the exercise of professional judgment. Thus, although risk factors may be weighted to determine their relative significance, a ranking based solely on such specific criteria as monetary exposure or control deficiencies is not always indicated.

The internal auditor is concerned with the overall valuation of inventory. Rank the following sources of engagement information from most persuasive to least persuasive in addressing the assertion as to the valuation of inventory. 1. Calculate inventory turnover by individual product. 2. Assess the net realizability of all inventory items with a turnover ratio of 2.0 or less by interviewing the marketing manager as to the marketability of the product. 3. Calculate the net realizable value (NRV) of all inventory products (using software to calculate NRV based on the last selling price) and compare NRV with cost. 4. Take a statistical sample of inventory and examine the latest purchase documents (invoices and receiving slips) to calculate inventory cost. A 4, 1, 3, 2. B 1, 4, 2, 3. C 2, 3, 4, 1. D 1, 2, 3, 4.

A. *Sampling inventory and examining purchase documents are procedures that provide the most persuasive information in establishing cost, which is the basis of determining the valuation of inventory.* They rely on the internal auditor's own observations and on inspection of documents from external sources. *The next most persuasive information is derived from the internal auditor's analytical procedures.* A change in inventory turnover or a very low level of inventory turnover indicates potential obsolescence of inventory and the need for the internal auditor to perform additional procedures, e.g., examining subsequent sales to determine whether inventory should be written down. *Calculation of net realizable value may indicate a valuation problem. The difficulty with this procedure is that the last sales price may not be appropriate.* *The marketing manager's opinion about marketability is the least persuasive information. It is a form of testimonial information* from an individual who may have a vested interest in persuading the internal auditor that the goods will be sold at their normal prices in the normal course of business. *In addition, the arbitrary cutoff value of 2.0 may not be justified. The cutoff should be based on the nature of the client's inventory.* C is incorrect.

As an internal auditor for a multinational chemical producer, you have been assigned to an engagement at a local plant. This plant is similar in age, siting, and construction to two other plants owned by the same organization that have been recently cited for discharge of hazardous wastes. In addition, you are aware that chemicals manufactured at the plant release toxic by-products. Assume that you have evidence that the plant is discharging hazardous wastes. As a certified internal auditor, what is the appropriate communication requirement in this situation? A Issue an interim engagement communication to the appropriate levels of management. B Send a copy of your engagement communication to the appropriate regulatory agency. C Note the issue in your working papers but do not report it. D Ignore the issue because the regulatory inspectors are better qualified to assess the danger.

A. Interim reports are oral or written and may be transmitted formally or informally. Interim reports are used to communicate information that requires immediate attention, to communicate a change in engagement scope for the activity under review, or to keep management informed of engagement progress when engagements extend over a long period. C is incorrect. The Standards require the reporting of violations of laws, regulations, and contracts. B is incorrect. Internal auditors are not usually responsible for notifying outside authorities of suspected wrongdoing.

Which of the following situations is most likely to be the subject of a written interim report to the engagement client? A Open burning at a subsidiary plant poses a prospective violation of pollution regulations. B Seventy percent of the planned audit work has been completed with no significant adverse observations. C The engagement program has been expanded because of indications of possible fraud. D The auditors have decided to substitute survey procedures for some of the planned detailed review of certain records.

A. Interim reports are oral or written and may be transmitted formally or informally. Interim reports are used to communicate information that requires immediate attention, to communicate a change in engagement scope for the activity under review, or to keep management informed of engagement progress when engagements extend over a long period. A possible violation of pollution regulations requires immediate attention. C is incorrect. A sufficient investigation should be made to establish reasonable certainty that a fraud has occurred before a report is issued. Immediate attention is not required, and this situation is not the most likely to be the subject of a written interim report to the engagement client.

The internal audit activity has recently experienced the departure of two internal auditors who cannot be immediately replaced due to budget constraints. Which of the following is the least desirable option for efficiently completing future engagements, given this reduction in resources? A Eliminating consulting engagements from the engagement work schedule. B Using self-assessment questionnaires to address audit objectives. C Employing information technology in audit planning, sampling, and documentation. D Filling vacancies with personnel from operating departments that are not being audited.

A. The chief audit executive must ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan (Perf. Std. 2030). The audit schedule is reduced as a last resort once all other alternatives have been explored, including the request for additional resources. Using operating personnel with internal audit expertise and corporate experience is an appropriate way to enhance internal audit resources.

During an interview to identify controls over the quality of wastewater discharge, the responsible employee refers only to a department procedure when asked about controls to ensure that samples are collected and analyzed. In the internal auditor's experience, such operations should maintain a log to record all samples, the types of analyses performed, and whether results should be reported to management or regulatory agencies. For some reason, this employee is reluctant to discuss detailed responsibilities in this area. The best thing for the internal auditor to do in this case is A Continue the interview and discuss other elements of the employee's duties, returning periodically to the samples and analytical results. B Accept the information as given and record an observation finding that adequate controls are in place. C Interview the supervisor of the employee and discuss the auditee's duties in detail. D Relate what the internal auditor has seen at other facilities and tell the employee that the log is necessary.

A. The internal auditor may wish to return to the issue of controls over the samples after the employee has been put at ease. Nonjudgmental questioning, good listening habits, and a cooperative approach may lower the employee's defenses and elicit the desired information. C is incorrect. Interviewing the supervisor will not extract additional information from the employee.

Fact Pattern: The chief audit executive is reviewing some of the basic concepts inherent in the performance of an engagement with three internal auditors who are on a rotation assignment. After 6 months in the internal audit activity, they will move back to line positions. Each of them has fairly extensive organizational experience and is on a fast track to a high-level management line position. To develop their analytical decision-making abilities, the CAE pulls some old engagement working papers, holding back the review notes and clearing comments. The CAE asks the team to indicate the informational criteria that are violated. During the planning stage of an engagement, the internal auditor made an on-site observation of the vehicle maintenance department and included the following statement in a memorandum summary of the results: "We noted that several maintenance garages were deteriorating badly. Fencing around the property was in need of repair." Which of the following informational criteria, if any, is violated? A No criteria are violated. B Reliability. C Relevance. D Sufficiency.

A. The observations made about the vehicle maintenance department contain sufficient information (factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions) that is reliable (the best attainable through the use of appropriate engagement techniques) and relevant (supports engagement observations and recommendations and is consistent with the objectives for the engagement) (Inter. Std. 2310). B is incorrect. *The reliability criterion has not been violated. On-site observation is an appropriate technique to determine deterioration and needed repairs.*

A bank internal auditor wanted to verify the accuracy of the general ledger balance of a depository account. One engagement procedure used in this process was to mail positive confirmations to statistically sampled depositors. However, the number of replies received was not adequate to form a valid conclusion about the account's accuracy. What action should the internal auditor take to accomplish this objective? A Verify accuracy of the depositors' addresses. Remail confirmation requests a second time with a notation indicating that it is a second request. B Assume that the nonreplies represent tacit agreements by the depositor, document the results, and perform no further work on this engagement procedure. C Expand the original confirmation sample to include additional depositors. D Mail negative confirmation requests to all non-replies and document results of testing. If necessary, telephone depositors to inquire about any disagreement with balances confirmed.

A. This answer is correct. *Positive confirmations* are used when the amounts being confirmed are *material*. The recipient is asked to sign and return the letter with a positive assertion that the amount is either correct or incorrect. Because the amounts involved are *material, unanswered positive confirmations must be followed up.* They are thus more time-consuming than *negative confirmations*.

Which of the following represents the best risk assessment technique? A Assessment of the risk levels of current and future events, their effect on achievement of the organization's objectives, and their underlying causes. B Assessment of the risk levels of current and future events, their impact on the organization's mission, and the potential for elimination of existing or possible risk factors. C Assessment of the risk levels for future events based on the extent of uncertainty of those events and their impact on achievement of long-term organizational goals. D Assessment of inherent and control risks and their impact on the extent of financial misstatements.

A. When determining the best risk assessment technique, internal auditors should choose the most comprehensive. Of the options given, assessing risks, their effects, and their causes is the technique meeting that criterion. Elimination of risks is less likely than mitigation

Developing the IA activity's audit plan often follows developing or updating the audit universe. Audit universe is:

All auditable risk areas

Which of the following documents should the internal auditor examine to determine whether only authorized purchases are being accepted by the receiving department? A. A bill of lading. B. Policies and procedures for the receiving function. C. A copy of the purchase order. D. An invoice.

Answer C is correct. In determining whether the accounts accurately reflect the obligations of the firm to vendors, the three items most useful to the auditor are purchase orders, receiving reports, and vendors' invoices. *The purchase order* provides information as to whether the goods were actually ordered and are a voluntary obligation of the organization. *The receiving report* confirms that the proper amount was received and the liability recorded in the correct period. *The vendor's invoice* confirms that the proper amount due has been recorded. An internal auditor will also be interested in *the purchase requisitions* to determine whether the purchase orders were properly authorized. *However, the purchase order, not the requisition, is vital to determining the engagement client's obligation.*

One engagement procedure for an engagement to evaluate facilities and equipment is to test the accuracy of recorded depreciation. Which of the following is the best source of information that the equipment in question is in service? A A review of inventory documentation for the equipment. B A comparison of depreciation schedules with the maintenance and repair logs for the same equipment. C A review of depreciation policies and procedures. D A comparison of depreciation schedules with a listing of insurance appraisals for the same equipment.

B This answer is correct. The maintenance and repair records provide information that equipment exists and is in use. Equipment in service is more likely to require maintenance than retired equipment. *However, the best information is the internal auditor's direct observation.*

Which of the following is a step in an engagement work program? A Internal auditors may not reveal engagement observations to nonsupervisory, operational personnel during the course of this engagement. B The methods used to identify defective units produced are observed. C A determination is made concerning whether the manufacturing operations are effective and efficient. D The engagement will commence in 6 weeks and include tests of compliance with laws, regulations, and contracts. FLAGGED FOR REVIEW This question was flagged for review. Please make sure you understand this question.

B. An *engagement work program* is a document that lists the procedures to be followed during an engagement. These procedures are designed to achieve the engagement objectives. Thus, observing the engagement client's execution of methods for identifying defects is an action performed to achieve the engagement objectives and should be included in the work program. C is incorrect. Determination of whether operations are effective and efficient is an *engagement objective.*

Which of the following is an appropriate objective in an engagement to review a personnel department? Determining whether A An equitable training program exists that provides all employees with approximately the same amount of training each year. B Reference checks of prospective employees are being performed. C Hourly employees are being paid only for hours actually worked as indicated by time cards or similar reports. D Recruitment is being delegated to the various departments that have personnel needs.

B. An effective personnel function is necessary for hiring, training, and monitoring human resources. One purpose of this function is to recruit, select, hire, train, supervise, and evaluate individuals who are suitable in light of job requirements, job descriptions, and job specifications (the abilities needed for particular jobs). In a review of this function, an appropriate objective is to determine whether the selection process is being properly performed. Thus, a potential employee's references should be checked to determine whether (s)he is truthful and has the desired qualifications. Whether hourly employees are being paid only for hours actually worked as indicated by time cards or similar reports is *an objective of an engagement to review payroll.*

Fact Pattern: An internal auditing team has been assigned to review "the customer satisfaction measurement system" that the Industrial Products Division implemented 2 years ago. This system consists of an annual mail survey conducted by the division's customer service office. A survey is sent to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. The survey is three pages long, and its 30 questions use a mixture of response modes (e.g., some questions are open-ended, some are multiple-choice, and others use a response scale). The customer service office mails the survey in September and tabulates the results for questionnaires returned by October 15. Only one mailing is sent. If the customer does not return the questionnaire, no follow-up is conducted. When the survey was last conducted, 45 of the questionnaires were not returned. Several of the internal auditing team members are concerned about the low response rate, the poor quality of the questionnaire design, and the potentially biased wording of some of the questions. They suggest that the customer service office might want to supplement the survey with some unobtrusive data collection such as observing customer interactions in the office or collecting audiotapes of phone conversations with customers. Which of the following is not a potential advantage of unobtrusive data collection compared to surveys or interviews? A Unexpected or unusual events are more likely to be observed. B It is easier to make precise measurements of the variables under study. C People are less likely to alter their behavior because they are being studied. D Interactions with customers can be observed as they occur in their natural setting.

B. Lack of experimental control and measurement precision are weaknesses of observational research. *Another is that some things, such as private behavior, attitudes, feelings, and motives, cannot be observed.* C is incorrect. If research subjects are unaware of being studied, they are less likely to do what they think the researcher wants, censor their comments, etc.

Fact Pattern: The internal audit activity has just completed an engagement to review loan processing and commercial loan account balances for a financial institution. Following are a few excerpts from the working papers indicating potential engagement observations. A. The auditors took a statistical sample of 100 loan applications and determined that only 85 loans were granted. B. Of the 85 loans granted, the auditors noted that 4 loans should have been reviewed and approved by the loan committee but were not. Organizational policy states that all loans must be approved by the committee prior to funding. Each of the 4 loans, however, was approved by the vice president. The matter was discussed with the vice president, who indicated it was a competitive loan situation to a new customer and in the best interests of the financial institution to expedite the loan and establish a firm relationship with a growing customer. All of the other loans were formally approved by the loan committee. C. Of the 81 loans approved by the loan committee, the auditors found 7 in which the actual amount lent exceeded the approved amount. The auditors noted three instances in which loans were made to related groups of organizations without an analysis of the total amount of loans made to the controlling entity. There may be statutory limitations on the amount of loans that can be made to any individual controlling organization. D. Of the 81 loans approved by the loan committee, the auditors found that 14 contained either insufficient documentation or were not received by the committee in a timely fashion in advance of their meeting. The statistical sample was taken with a 95% confidence level using attribute sampling with a tolerable error limit of 4%. Assume that the sampling plan was implemented correctly. Assume with regard to item B, the vice president asks the loan committee to review the loans on an after-the-fact basis. Assume further, upon this subsequent review, the loan committee approves the loans on the after-the-fact basis. Which of the following conclusions is true regarding the communication of the engagement observations? 1. The sample deviation rate would drop to 0%. 2. The item should still be reported in the audit report because it was not approved in a timely manner in accordance with organizational policies. 3. The item should be reported as a nondeviation because subsequent action validated the vice president's approach. A 1 only. B 2 only. C 1, 2, and 3. D 3 only.

B. The loans were not timely approved prior to funding according to organizational policies and procedures. Thus, the condition attribute differs from the criteria attribute of the observation, and the loans should be reported as deviations. But the internal auditor should note that the loans were subsequently reviewed and approved by the loan committee.

During an investigation of unexplained inventory shrinkage, an internal auditor is testing inventory additions as recorded in the perpetual inventory records. Because of internal control weaknesses, the information recorded on receiving reports may not be reliable. Under these circumstances, which of the following documents provides the best information about additions to inventory? A Purchase requisitions. B Vendors' invoices. C Vendors' statements. D Purchase orders.

B. The vendors' invoice *confirms that the proper amount due has been recorded.* A vendor's invoices *provide the best source of information about additions to inventory.* Vendors' invoices provide an *external source of information regarding shipments* to the engagement client. *These amounts should be equal to quantities added to inventory* (after possible adjustment for items returned to the vendor because of damage, etc.). D is incorrect. *The quantity ordered may not equal the quantity shipped* by the vendor. A is incorrect. The quantity requested in a purchase requisition may not equal the quantity shipped by the vendor as a result of modification by the purchasing department or vendor stockouts.

Which of the following statements most accurately reflects the chief audit executive's responsibilities for internal audit resources? A The CAE is responsible for ensuring that audit coverage is based on the periodic skills assessment. B The CAE is responsible for communicating resource needs to the board but has no explicit responsibility for administering the organization's compensation program. C The CAE is responsible for evaluating the detailed summary of audit resources presented by management to the board. D The CAE is not responsible for such human resource functions as evaluation and development

B. This answer is correct. The CAE must ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan. This includes the effective communication of resource needs and reporting of status to senior management and the board. Responsibility for administering the organization's compensation program normally resides in the human resources (personnel) area. A. This answer is incorrect. The CAE has responsibility for ensuring that the skills assessment is *driven by the needs of the audit coverage, not by the capabilities already present in the internal audit activity.*

Fact Pattern: During the planning phase, a chief audit executive (CAE) is evaluating four audit engagements based on the following factors: the engagement's ability to reduce risk to the organization, the engagement's ability to save the organization money, and the extent of change in the area since the last engagement. The CAE has scored the engagements for each factor from low to high, assigned points, and calculated an overall ranking. The results are shown below with the points in parentheses: Audit: 1 Risk Reduction: High (3) Cost Savings: Medium (2) Changes: Low (1) Audit: 2 Risk Reduction: High (3) Cost Savings: Low (1) Changes: High (3) Audit: 3 Risk Reduction: Low (1) Cost Savings: High (3) Changes: Medium (2) Audit: 4 Risk Reduction: Medium (2) Cost Savings: Medium (2) Changes: High (3) If the organization has asked the CAE to consider the cost savings factor to be twice as important as any other factor, which engagements should the CAE pursue? A 1 and 2 only. B 3 and 4 only. C 1 and 3 only. D 2 and 4 only.

B. 3 and 4 only. This answer is correct. After *doubling* the cost savings points, audit 3 [1 + (*2* × 3) + 2 = 9] and audit 4 [2 + (*2* × 2) + 3 = 9] have the highest total points.

According to the Standards, when should a signed report be issued? A Only if required by the particular engagement. B Whenever an opinion is expressed. C At the conclusion of an engagement. D At predetermined stages as the engagement progresses.

C. *A signed report is issued after the engagement's completion.* B is incorrect. A signed report is required even when an opinion is not appropriate.

The internal audit activity has recently completed an engagement to evaluate the organization's accounts payable function. The chief audit executive decided to issue a summary in conjunction with the final engagement communication. Who is most likely to receive the summary only? A External auditor. B Accounts payable manager. C Audit committee of the board. D Controller.

C. *The CAE distributes the final engagement communication to the management of the audited activity and to those members of the organization who can ensure engagement results are given due consideration and take corrective action or ensure that corrective action is taken. Where appropriate, the CAE may send a summary communication to higher-level members in the organization.* *Everyone else (external auditor, AP manager, and controller needs a copy of the full final engagement communication.)*

While performing an engagement relating to an organization's cash controls, the internal auditor observed that cash deposits are not deposited intact daily. A comparison of a sample of cash receipts lists revealed that each cash receipt list equaled cash journal entry amounts but not daily bank deposits amounts, and cash receipts list totals equaled bank deposit totals in the long run. This information as support for the internal auditor's observations is A Not sufficient, reliable, or relevant. B Sufficient but not reliable or relevant. C Sufficient, reliable, and relevant. D Relevant but not sufficient or reliable.

C. *The bank deposits can be verified by examining bank statements obtained directly from the bank. Information obtained from an independent source is usually more reliable than information secured solely within the entity. Moreover, it is obviously relevant to the issue of whether cash receipts are deposited intact. A reasonable internal auditor should judge that the comparison of the organization's records with independently obtained bank statements is persuasive of the proposition that cash receipts are not deposited intact. Thus, the information is also sufficient.*

Which of the following engagement procedures will provide the least relevant information for determining that payroll payments were made to bona fide employees? A Examine canceled checks for proper endorsement and compare to personnel records. B Test for segregation of the authorization for payment from the hire/fire authorization. C Test the payroll account bank reconciliation by tracing outstanding checks to the payroll register. D Reconcile time cards in use to employees on the job.

C. A payroll account proof tests the *completeness* assertion. However, it is irrelevant to the *validity* of the transactions. A is incorrect. Examining for proper endorsements and comparing them with personnel records might detect improper payments.

Which of the following is an example of documentary information? A A letter from a former employee alleging a fraud. B A page of the internal auditor's working papers containing the computations that demonstrate the existence of an error or irregularity. C A page of the general ledger containing irregularities placed there by the perpetrator of a fraud. D A photograph of an engagement client's workplace.

C. Documentary information exists in some permanent form, such as checks, invoices, shipping records, receiving reports, and purchase orders. It includes both external information, e.g., shipping documents provided by carriers, and documents originating within the engagement client's organization. A: Testimonial information B: The study and comparison of relationships among data results in analytical information. D: Physical information

Which of the following is not an objective of the exit meeting for an engagement performed by the internal auditors? A To identify management's actions and responses to the observations, conclusions, and recommendations. B To resolve conflicts. C To identify concerns for future engagements. D To discuss the observations, conclusions, and recommendations.

C. The purpose of post-engagement meetings (exit meetings) is to help avoid misunderstandings or misinterpretations of fact by providing the opportunity for the engagement client to clarify specific items and express views of the observations, conclusions, and recommendations. Identifying concerns for future engagements is thus not a purpose of the exit meeting.

Fact Pattern: The chief audit executive is reviewing some of the basic concepts inherent in the performance of an engagement with three internal auditors who are on a rotation assignment. After 6 months in the internal audit activity, they will move back to line positions. Each of them has fairly extensive organizational experience and is on a fast track to a high-level management line position. To develop their analytical decision-making abilities, the CAE pulls some old engagement working papers, holding back the review notes and clearing comments. The CAE asks the team to indicate the informational criteria that are violated. In an engagement to evaluate the effectiveness and validity of a subsidiary's marketing expenditures, the internal auditors identified the following information: Analytical comparisons of advertising expenditures and changes in shopping patterns and item sales Direct observation of various advertising media used Review of a marketing survey of general public reaction to the marketing plan Which of the following informational criteria, if any, is violated? A Sufficiency. B Reliability. C No criteria are violated. D Relevance.

C. This answer is correct. The identified information is sufficient (factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions), reliable (the best attainable through the use of appropriate engagement techniques), and relevant (supports engagement observations and recommendations and is consistent with the objectives for the engagement) (Inter. Std. 2310).

Fact Pattern: Paragraph 1: The production department has the newest production equipment available because of a fire that required the replacement of all equipment. Paragraph 2: The members of the production department have become completely comfortable with the state-of-the-art technology over the past year and a half. As a result, the production department has become an industry leader in production efficiency and effectiveness. Paragraph 3: The production department produces an average of 25 units per worker per shift. The defect rate is 1%. Paragraph 4: The industry average productivity is 20 units per worker per shift. The industry defect rate is 3%. Which paragraph should be characterized as the attribute described in the Standards as "condition"? A 2 B 4 C 3 D 1

C. Condition is defined as the factual evidence that the internal auditor found in the course of the examination (the current state). Paragraph 3 describes the actual productivity of the firm. 1: Cause 2: Effect 4: Criteria

Fact Pattern: The following data were gathered during an internal auditor's investigation of the reason for a material increase in bad debts expense. In preparing an engagement communication, each of the items might be classified as criteria, condition, cause, effect, or background information. 1. Very large orders require management's approval of credit. 2. Engagement procedures showed that sales personnel regularly disregard credit guidelines when dealing with established customers. 3. A monthly report of write-offs is prepared but distributed only to the accounting department. 4. Credit reports are used only on new accounts. 5. Accounting department records suggest that uncollectible accounts could increase by 5% for the current year. 6. The bad debts loss increased by US $100,000 during the last fiscal year. 7. Even though procedures and criteria were changed to reduce the amount of bad-debt write-offs, the loss of commissions because of written-off accounts has increased for some sales personnel. 8. Credit department policy requires the review of credit references for all new accounts. 9. Current payment records are to be reviewed before extending additional credit to open accounts. 10. To reduce costs, the use of outside credit reports was suspended on several occasions. 11. Because several staff positions in the credit department were eliminated to reduce costs, some new accounts have received only cursory review. 12. According to the new credit manager, strict adherence to established credit policy is not necessary. The condition attribute is best illustrated by items numbered A 3, 4, and 12. B 5, 6, and 7. C 2, 10, and 11. D 1, 8, and 9.

C. 2, 10, and 11. The condition attribute is the factual evidence that the internal auditor found in the course of the examination (the current state). Items 2, 10, and 11 state information gathered by the internal auditor as a result of engagement procedures. A 3, 4, and 12. Cause B 5, 6, and 7. Effect C 2, 10, and 11. D 1, 8, and 9. Criteria

Perform

Conduct tests to gather evidence Evaluate evidence & develop conclusions Prepare preliminary recommendations

When evaluating the propriety of a payment to a consultant, the most appropriate information for the internal auditor to obtain and review is A Oral information in the form of opinions of operating management. B Analytical information in the form of comparisons with prior years' expenditures on consultants. C Physical information in the form of the consultant's report. D Documentary information in the form of a contract.

D. A contract is a document that formalizes an agreement between the parties. *It provides persuasive information that the payment was properly authorized.* C is incorrect. The report indicates that some work was done but not that the payment was authorized or in the appropriate amount.

Internal auditors realize that at times corrective action is not taken even when agreed to by the appropriate parties. Thus, in an assurance engagement, internal auditors should A Write a follow-up engagement communication with all observations and recommendations and their significance to the operations. B Allow management to decide when to follow up because follow-up is management's ultimate responsibility. C Decide to conduct follow-up work only if management requests the internal auditor's assistance. D Decide the extent of necessary follow-up work.

D. A is incorrect. The internal auditors *must decide the extent of follow-up before submitting a follow-up engagement communication.*

Which of the following statements is appropriate as a conclusion (opinion) in an internal auditing final communication of the results of an engagement to evaluate the organization's branch operations? A The engagement to review branch operations was conducted in accordance with the Standards. B The vice-president of branch operations should require the timely review of the daily transaction report as a means of monitoring purchases from the imprest fund. C Statistical sampling was used to determine the extent of unauthorized purchases from the imprest fund. D Except for the unauthorized purchases from the imprest fund, the system of internal controls over branch operations appears to be working well.

D. Conclusions and opinions are the internal auditor's evaluations of the effects of the observations and recommendations on the activities reviewed. They usually put the observations and recommendations in perspective based upon their overall implications. A is incorrect. Stating that the engagement to review branch operations was conducted *in accordance with the Standards describes the engagement scope*; it is not a conclusion.

The most persuasive information regarding the asset value of newly acquired computers is A Physical examination. B Observation of engagement client's procedures. C Inquiry of management. D Documentation prepared externally.

D. Information is considered more or less persuasive depending on how much control the engagement client has over it. The most persuasive information relevant to the *valuation assertion* is documentation that is prepared *externally*. A is incorrect. Physical examination of the asset *reveals only limited information as to the asset's value.*

The most appropriate use of an oral engagement communication is to communicate A Complex matters to operating management when the possibility exists that misunderstanding would result from reducing them to writing. B Matters that are not material. C Sensitive matters to management when the chief audit executive does not want to commit them to writing. D Conditions that demand immediate action.

D. Interim reports are oral or written and are used to communicate information that requires immediate attention. Therefore, the most appropriate use of an oral engagement communication would be in an interim report to communicate conditions that demand immediate action. The use of interim reports does not diminish or eliminate the need for a final report. *Immaterial matters should not be communicated.*

To determine whether refunds granted to customers were properly approved, an internal auditor should vouch accounts receivable entries to A Sales invoices. B Remittance advices. C Shipping documents. D Credit memos.

D. The auditor wants to verify that customer refunds are properly supported by triggering events, i.e., vouching. The proper triggering event for a refund is an approved credit memo. B is incorrect. Vouching accounts receivable credit entries to remittance advices determines *whether the credits represent actual collections from customers.*

During an engagement to evaluate travel expenses, the accounting supervisor tells the internal auditor that each expense report is reviewed and approved before costs are reimbursed to the traveler. Which of the following is the best course of action for the internal auditor to take? A Conserve engagement resources by accepting the statement and redirect work into another area. B Corroborate this information with the controller. C Request the supervisor to put the statement in writing. D Review a sample of expense reports for proper approval.

D. The supervisor has described a control intended to prevent payment of unauthorized travel expenses. The internal auditor's best course of action is to test the control to determine whether it is actually in place and operating effectively. The most reliable information for this purpose is to inspect a sample of the relevant documents. Engagement information is obtained through observation, inquiry, and examination of records. When an internal auditor becomes aware of a policy or procedure through inquiry of employees or reading a written plan, it is best for the internal auditor then to examine records to determine whether the policy or procedure is actually followed in practice. A is incorrect. Testimonial information is less reliable than the internal auditor's direct personal knowledge obtained by reviewing documents. Hence, accepting the uncorroborated statement is not appropriate.

An approved audit plan for the internal audit activity is an essential part of A Providing senior management with information about the quality of the internal audit activity's performance. B Establishing standards for employee performance. C Scheduling support for the external audit. D Planning for the internal audit activity.

D. This answer is correct. The audit plan should include the activities to be performed, when they will be performed, and the estimated time required, considering the scope of the engagement work planned and the nature and extent of related work performed by others. This plan permits determination of staffing plans and financial budgets and is a basis for the presentation of reports. Providing information about internal audit's performance is not a function of the audit workplan.

Which of the tests provides the least significant information when testing for suspected fraudulent sales? A Performing analysis of write-offs and sales returns and comparing the amounts over the past several years. B Confirming sales transactions with customers and investigating nonresponses. C Performing analytical tests of sales by comparing sales and gross margins over time. D Tracing a sample of authorized inventory slips from inventory through billing to the sales journal.

D. Tracing a sample of inventory removal slips is least likely to provide evidence of fraudulent sales because it applies to transactions that have apparently been properly authorized and documented. C is incorrect. Analytical tests may disclose an unusual relationship between sales and gross margins.

A follow-up review found that a significant internal control weakness had not been corrected. The chief audit executive (CAE) discussed this matter with senior management and was informed of management's willingness to accept the risk. The CAE should A Initiate a fraud investigation to determine if employees had taken advantage of the internal control weakness. B Inform senior management that the weakness must be corrected and schedule another follow-up review. C Do nothing further because management is responsible for deciding the appropriate action to be taken in response to reported engagement observations and recommendations. D Assess the reasons that senior management decided to accept the risk and inform the board of senior management's decision.

D. When the chief audit executive believes that *senior management has accepted a level of residual risk that may be unacceptable* to the organization, the chief audit executive must *discuss the matter with senior management.* If the decision regarding residual risk is not resolved, the chief audit executive must report the matter to the *board* for resolution (Perf. Std. 2600). C is incorrect. *The CAE and senior management should report the matter to the board if the CAE believes that the residual risk may be unacceptable.*

The chief audit executive was reviewing recent reports that had recommended additional engagements because of risk exposures to the organization. Which of the following represents the greatest risk and should be the next assignment? A Three prenumbered receiving reports were missing. B There were several purchase orders issued without purchase requisitions. C Several times cash receipts had been held over an extra day before depositing. D Payment had been made for routine inventory items without a purchase order or receiving report.

D. Payment vouchers for merchandise should be supported by (1) a properly authorized purchase requisition, (2) a purchase order executing the transaction, (3) a receiving report indicating all goods ordered have been received in good condition, and (4) a vendor invoice confirming the amount owed. Lack of such support for cash payments suggests a high risk of fraud. *Certain routine purchases may not require requisitions.* <- WHAT?

An internal auditor is observing cash sales to determine whether customers are given written receipts. The objective of this test is to ensure that A Customers are charged authorized prices. B Cash balances are correct. C Cash received equals the total of the receipts. D All cash sales are recorded.

D. The written receipt fixes responsibility for the cash. The employee who collected it and issued the receipt is accountable and therefore less likely to commit irregularities. Moreover, the customer's expectation of a receipt increases the likelihood that transactions will be recorded. Determining whether cash received equals the total of the receipts is accomplished by counting the cash received and comparing it with the total of the receipts.

A follow-up interview helps to ensure the accuracy of conclusions, findings, and recommendations in the final engagement communication by discussing it with the interviewee.

F A follow-up interview is intended to answer questions raised during the analysis of the fact-gathering interview and to test the interviewee's acceptance of new ideas generated by the auditor. Helping to ensure the accuracy of conclusions, findings, and recommendations in the final engagement communication by discussing it with the interviewee is a function of the *exit* interview.

The chief audit executive (CAE) does not have to agree with the board about the internal audit activity's charter.

F According to IG 2060, the chief audit executive (CAE) is *responsible for presenting the internal audit activity's charter to the board for approval.*

The internal audit activity's plan of engagements must be undertaken at least monthly.

F According to Impl. Std. 2010.A1, the internal audit activity's plan of engagements must be undertaken *at least annually* and based on a documented risk assessment.

Once it has accepted and responded to the final engagement communication, client management must establish a follow-up process and regularly report progress to senior management and the board.

F According to Impl. Std. 2500.A1, "The *chief audit executive* must establish a follow-up process to monitor and ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action."

The final engagement communication should contain an assertion that the engagement was "conducted in conformance with the International Standards for the Professional Practice of Internal Auditing."

F According to Perf. Std. 2430, internal auditors may report that their engagements are conducted in conformance with the IPPF *only if the results of the QAIP support the assertion.*

Final communications are distributed to all those having a direct and indirect interest in the engagement.

F Final communications are distributed to all those having a *direct (vested!!) interest* in the engagement. Each communication should contain a distribution sheet listing the distributees and indicating with whom it has been reviewed in draft.

Internal auditors employ three basic information-gathering procedures during field work: observing conditions, interrogating people, and examining witnesses.

F Internal auditors use three basic information-gathering procedures: observing conditions, interviewing people, and examining records. Interrogations are used during a fraud investigation after the internal auditor has already gathered pertinent facts and is seeking confirmation.

Data-gathering activities, such as interviewing operating personnel, should be done after completing the preliminary survey phase of the audit.

F Interviewing operating personnel and other individuals, identifying standards for performance evaluation, assessing operational risks, and other data-gathering activities are usually performed *during the preliminary survey phase* of an audit engagement. components: - inputs from stakeholders - analytical procedures - interviews - prior audit reports and other relevant documentation - process mapping - checklists

Since management is responsible for the proper functioning of risk and control processes, internal audit's responsibility is simply to note management's response to the final engagement communication and forward it to the board.

F Management decides the action taken in response to engagement results. *The CAE assesses this action for timely resolution.*

Observation provides very persuasive information about the assertions of completeness, rights, valuation, and presentation and disclosure.

F Observation provides *less persuasive information* about the assertions of *completeness, rights, valuation, and presentation and disclosure.* For example, merely observing inventory does not determine whether the engagement client has rights in it. Observation is effective for verifying whether (a) particular assets *exist* or (b) a certain process or procedure is *being performed appropriately* at a moment in time. *When physical observation is the only information about a significant condition, at least two internal auditors should view it.*

Observations and recommendations are based on four attributes: criteria, condition, cause, and result.

F Observations and recommendations are based on *four* (?) attributes: criteria (standard), condition, cause, and effect (impact). *oh, I guess recommendations are Remedy..

The CAE reports to the board and senior management on risk and control issues, not governance issues.

F Standard 2060 states that the chief audit executive must report periodically to senior management and the board on the internal audit activity's purpose, authority, responsibility, and performance relative to its plan. The reports must also include significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the board.

The auditor can use prior audit reports as a basis for objectives or conclusions.

F The auditor must use prior audit reports for *informational purposes only*, not as a basis for objectives or conclusions.

The best way to determine whether transactions were recorded in the proper period is to obtain a management representation letter that includes assertions that transactions and events were recorded appropriately.

F The best way to determine whether transactions were recorded in the proper period is a *cutoff test*. *Documents are traced to the accounting records* for several days prior to and after year end to determine proper recognition in the appropriate period.

If the client has any written response, it must be incorporated into the internal auditor's final report.

F The client's written comments may be presented in the *report, an appendix, or a cover letter*, not necessarily just in the report.

Disagreements between the internal auditor and the client must be fully resolved before the final engagement communication is issued.

F The internal auditor reaches agreement with the client about results and any necessary plan of corrective action. *Disagreements are fully disclosed*, including both positions and the reasons.

The primary purpose of an exit meeting is to improve relations with engagement clients.

F The primary purpose of an exit meeting is *to ensure the accuracy of the information used by an internal auditor* (or *to present audit findings!!*) A secondary purpose is to improve relations with engagement clients, eliciting client concerns, validating audit findings/conclusions, and previewing the audit report)

To ensure complete cooperation, the internal auditor is responsible for notifying other departments of the existence of the internal audit activity.

F To ensure complete cooperation, *senior management* is responsible for notifying other departments of the existence of the internal audit activity.

Deliver

Iterate draft audit deliverable Secure management's action plan Distribute final audit deliverable

Work programs consist of (6)

Key administrative steps Kick-off meeting Planning steps Fieldwork steps Wrap-up steps Reporting steps

Remember that your remedy should be

SPECIFIC MEASURABLE ACTIONABLE REASONABLE TIME-FOCUSED

In drafting your observations, use the following format

STANDARD: what should be happening CONDITION: what is happening CAUSE: why it happened IMPACT: what effect did it or could it have on the organization REMEDY: what it takes to correct the cause

Plan

Set objectives & scope Understand auditee Identify & assess risks Create test plan Develop work program

Plan

Set objectives & scope Understand auditee Identify & assess risks Create test plan Develop work program

A primary result of engagement planning is the preparation of the work program.

T

Internal audit should submit periodic reports to management on open engagement observations and recommendations.

T

Observing a phenomenon in its natural setting eliminates some experimental bias.

T

Scanning is a use of professional judgment to review accounting data to identify significant or unusual items to test.

T

An unreturned negative confirmation request provides some information regarding existence.

T A *negative confirmation* requests the recipient to respond *only if (s)he disagrees* with the information stated. An *unreturned negative confirmation* request provides some information of existence because it has not been returned with an indication that the addressee is unknown. However, it provides no explicit inference that the intended recipient verified the information. AKA, if a negative confirmation is unanswered, auditor concludes that the amount has been confirmed and *does not follow-up*.

The minimum contents of a final engagement communication are the purpose, scope, and results.

T A final communication may vary by organization or type of engagement. However, it contains *at least the purpose, scope, and results* of the engagement.

The risk assessment in the planning phase of an internal auditing engagement identifies possible "objectives."

T According to Impl. Std. 2210.A1, "Internal auditors must conduct a preliminary assessment of the risks relevant to the activity under review. Engagement objectives must reflect the results of this assessment."

The internal auditor can increase the uniformity of data acquisition through the use of checklists.

T Checklists increase the uniformity of data acquisition. They ensure that a standard approach is taken and minimize the possibility of omitting consideration of factors that can be anticipated.

First-hand observation by the auditor of client personnel performing procedures is the second most persuasive form of evidence.

T First-hand/*direct* observation by the auditor of client personnel performing procedures is the *second most persuasive* form of evidence. ex: direct observation of performance of work by client personnel *Suspect* since what people do when the auditor is watching may not be indicative of what is really going on

When providing negative assurance, the internal auditor takes no responsibility for the sufficiency of the audit scope and procedures.

T Negative assurance, sometimes referred to as limited assurance, is a statement that nothing came to the auditor's attention about an objective, such as the effectiveness of internal control or adequacy of a risk management process. The internal auditor takes no responsibility for the sufficiency of the audit scope and procedures.

Duplicating the client's work and comparing the results is called recalculating.

T Reperformance, or recalculating, consists of duplicating the client's work and comparing the results. This is most useful for checking arithmetic accuracy and the correct posting of amounts from source documents to journals to ledgers.

Internal auditors may be asked by stakeholders to express macro opinions or micro opinions, depending on the scope of the engagement.

T The assurance for the organization as a whole is a macro opinion. The assurance for a component of operations is a micro opinion.

The auditor should be flexible on matters not affecting the substance of the matters communicated but should never negotiate the opinion.

T The auditor should be flexible on matters *not affecting the substance of the matters communicated*. However, the auditor should *never* negotiate the opinion.

The identification of information that is useful to the organization is the ultimate justification for the existence of the internal audit activity.

T The identification of information that is useful to the organization is the ultimate justification for the existence of the internal audit activity.

If a risk management framework does not exist, the chief audit executive uses his or her own judgment of risks.

T The chief audit executive is responsible for developing a risk-based plan. The chief audit executive takes into account the organization's risk management framework. If a framework does not exist, the chief audit executive uses his or her own judgment of risks after consultation with senior management and the board.

Close & Monitor

Wrap up engagement administrative steps Monitor & follow-up on open action plan items Close out audit once entire action plan is cleared

Working Papers

record the evidence that internal auditors collect as support for engagement outcomes - Demonstrate compliance with IIA Standards & all necessary procedures are performed - *Facilitate supervision of engagement and review* of work completed - Support for engagement communications to auditee, senior management and other parties - Provide basis for evaluations as part of quality assurance program


Conjuntos de estudio relacionados

Additional Panopto Lectures (Ch.1+2)

View Set

UWorld Adult Health: Neurological

View Set

Hildebrandt, Old Testament Lit. Lecture 7, Genesis 3, Fall, Cain/Abel--Full M/C Questions (Flashcard Style)

View Set

Investment & Portfolio Midterms (Identification)

View Set

Physiological Aspects of Care, 1.3 Culture EAQ, Culture adaptive quiz, Adaptive quiz: professional identity, 38 Case Study, section 2 1st semester

View Set

Lesson 7: Texas Real Estate License Act AND Lesson 8: Legal Descriptions

View Set

Chapter 12 Test Quizlet, Business-to-Business Marketing, Marketing Cengage

View Set