CIA Test #1
what is most used to supplement an internal quality assessment review?
CAE reviews feedback from engagement clients
the CAE suspects fraud by senior management. who should be notified?
Chairperson of the audit committee
A quality assurance and improvement program should be developed by the organization's ________.
Chief Audit Executive
Coordination of internal auditing can reduce the overall costs. Who is responsible for actual coordination of internal and external audit efforts?
Chief Audit Executive
Internal Quality Assessment Reviews primarily serve the needs of which individual or group?
Chief Audit Executive
Auditors regularly evaluate controls and control procedures. Which describes the concept of control as recognized by internal auditors?
Control procedures should be designed from the "bottom up" to ensure attention to detail.
In beginning an engagement, an internal auditor reviews written procedures that detail segregations of responsibility adopted by management to strengthen internal controls. these written procedures are what attribute?
Criteria
according to the standards, audit findings are the result of
comparing what should be with what is and analyzing the impact
what standard of evidence is satisfied by an original signed document?
competence
When determining the number and experience level of an internal audit staff to be assigned to an engagement, the CAE should consider
complexity of the engagement, available internal audit activity resources, training needs of the internal auditors,
What are the objectives of the COSO risk model?
compliance, financial, operational and strategic
under the IIA code of ethics, an entity that provides internal auditing services is specifically required to
comply with the standards for the professional practice of internal auditing
the most appropriate use of an oral engagement communication is to communicate
conditions that demand immediate action
According to the standards, due professional care call for
consideration of the possibility of material irregularities during every audit assignment
the director of internal auditing is responsible for establishing a program to develop the human resources of the internal auditing department. According to the standards, this program should include
continuing education opportunities and performance appraisals
which component of the COSO model is the most important?
control environment
to be sufficient, audit evidence should be
convincing enough for a prudent person to reach the same conclusion as the auditor
What attributes should observations and recommendations be based on?
criteria, condition, cause and effect
Formal internal assessments can be supplemented by
customer feedback
an annual summary activity report of completed engagement work submitted to senior management and the board by the CAE should
describe the extent to which the internal audit activity has completed its engagement work schedule
According to the standards, the normal course of work for an internal audit is to
provide independent appraisal; provide examination; provide consulting activities as a service to the organization
recommendations should be included in audit reports to
provide management with options for addressing audit findings
the primary purpose of a quality program is to
provide reasonable assurance that internal auditing work conforms with the standards, code of ethics, and other applicable standards
what are the minimum requirements for an engagement final communication?
purpose of the engagement; engagement scope; results of the engagement
what should be included in the final communication?
purpose, scope and results
what are elements of the coordination process with the external auditor?
quality assessment review
the cause can best be described as
reason for the difference between the expected and actual conditions
the primary reason for having written normal audit reports is to
record findings and recommended courses of action
Management can best strengthen internal control over the custody of inventory stored in an off-site warehouse by implementing
regular reconciliation of physical inventories to accounting records
When faced with an imposed scope limitation, the CAE should
communicate the potential side effects of the scope limitation to the audit committee of the board of directors
According to the Standards, an internal auditing department's activity report should
compare audits completed with audits planned
TRUE OR FALSE. Engagement working papers are the property of internal audit
FALSE.
True or False. External auditors must assess the competence and objectivity of internal auditors.
FALSE.
Breaches of the Code of Ethics will be evaluated and administered according to the
Institute's Bylaws and Administrative Guidelines
The Code of Ethics applies to who?
Internal Audit Individuals and Entities
Internal auditing is a dynamic profession. What describes the scope of internal audit as it is developed to date?
Internal auditing has evolved to evaluating all risk management, control and governance systems.
Internal auditors regularly evaluate controls. What describes the concept of control as recognized by internal auditors?
Management takes action to enhance the likelihood that established goals and objectives will be achieved.
According to the standards, the internal audit activity's goals should specify
Measurement criteria and target dates for completion
In assessing the independence and objectivity of the outside service provider, what should be considered by the CAE?
Other services provided by the outside service provider; financial interests in the organization; personal or professional affiliation within the organization
The Code of Ethics includes what two essential components?
Principles and Rules
What would cause an internal auditor to question the adequacy of internal controls in a purchasing function?
Receiving reports are forwarded to purchasing where they are matched to purchase orders and sent to accounts payable
While planning an engagement, an internal auditor established engagement objectives to describe what is to be accomplished. What is a key issue in developing engagement objectives?
Risks associated with the activities to be reviewed.
TRUE OR FALSE. Engagement procedures should be selected in advance and expanded or altered as warranted.
TRUE
TRUE OR FALSE. Engagement proceeds are the mains to attain engagement objectives.
TRUE
TRUE OR FALSE. The charter should be consistent with the standards and approved by the board.
TRUE.
A charter is being drafted for a newly formed internal audit activity. What describes the most appropriate organizational status that should be incorporated into the charter?
The CAE should report functionally to board of directors and administratively to the CEO.
In determining the resources necessary to perform the engagement, what is important?
The number and experience level of the internal audit staff; knowledge, skills and other competencies of the internal audit staff; consideration of the use of external resources; training needs of internal auditors since each engagement serves as a basis for meeting development needs of the internal audit activity
What are the four elements necessary to protect attorney-client privilege?
a communication; a communication between privileged persons; a communication made in confidence; communication for the purpose of seeking, obtaining or providing legal assistance for the client
According to the standards, the CAE should report to
a level within the organization that allows the internal audit activity to accomplish its responsibility
an internal auditor's responsibility regarding control over audit working papers is best typified by
a posture of restricting access to only those who have legitimate power.
describe a preliminary survey?
a process used to become familiar with activities and risks in order to identify areas for engagement emphasis
what is appropriate evidence of supervisor review of engagement working papers?
a supervisor's initials on each working paper; an engagement working paper review checklist; a memorandum specifying the nature, extent and results of the supervisory review of working papers
An element of authority that should be included in the charter of the internal audit activity is
access to records, personnel and physical properties relevant to the performance of the engagements
what are the attributes of communication?
accurate, objective, clear, concise, constructive, complete and timely
In planning the engagement, internal auditors should consider
activity objectives; significant risks to the activity; adequacy and effectiveness of control systems; opportunities for making significant improvement
what structure best depicts the internal audit organizational guidelines contained in the standards?
administratively to the CEO, functionally to the board of directors
Objectivity for internal auditors is achieved through
an independent mental attitude while performing the audit
According to the Standards, a report issued by an internal auditor should contain an expression of opinion when
an opinion will improve communications with the reader of the report
Internal audit "Practice Advisories"
are non-mandatory
the internal auditor's role in follow-up is to
ascertain that appropriate action is taken on reported audit findings
During the risk management process, if requested by management or the audit committee, it is the auditor's responsibility to formulate an opinion on whether the organization's risk management process is sufficient to protect the organization's
assets, reputations, ongoing operations
when should a signed report be issued?
at the conclusion of an engagement
Coordination activities between internal auditors and external auditors include
audit coverage; access to audit programs; access to working papers; exchange of audit reports; exchange of management letters; common understanding of audit terminology
due professional care requires that the auditor's opinions be
based on sufficient factual evidence that warrants the expression of opinions
Due professional care requires that the internal auditor
be alert to conditions where irregularities may occur
According to the Code of Ethics, principles are ______ than rules.
broader
internal auditing has a responsibility for helping to deter fraud. how is this responsibility generally met?
by evaluating the adequacy and effectiveness of controls in light of the potential exposure to risk
the standards require the performance of periodic internal reviews by members of the internal auditing staff. the function is designed primarily to serve the needs of the
chief audit executive
what is related to the follow up process?
determination that corrective action was taken; determine sufficiency of actions taken on external audit recommendations; determine if senior management has accepted the risk of not taking action; ascertain actions taken on engagement observatiosn
the primary purpose of an internal auditing supervisor's review of working papers is to
determine that audit findings are adequately supported
when actions have not been taken by management on reported engagement observations, conclusions and recommendations, the internal auditor should
determine whether management or the board has assumed the risk for not taking corrective action
the internal auditor's responsibility for the prevention of fraud includes
determining if the organizational environment fosters control consciousness; being aware of activities in which fraud is likely to occur; evaluating the effectiveness of actions taken by management to deter fraud
supervision of an internal audit engagement should include
determining that engagement working papers adequately support engagement observations
If there is fraud in the marketing department, what is in the scope of the auditor's responsibility?
determining the effects of the wrongdoing; discussing the wrongdoing with the appropriate level of management; including the wrongdoing in a report that will go to the audit committee
If the CAE believes that the residual risks that management has accepted is too high, what is the best course of action for the CAE?
discuss the issue with management and report to board if not resolved
Internal auditing work papers should be
disposed of in accordance with departmental policy
records of transactions would be classified as what type of audit evidence?
documentary audit evidence
Standardized working papers are often used because they allow working papers to be prepared more
efficiently
Directors, management, external auditors, and internal auditors all play important roles in creating proper control processes. Senior management is primarily responsible for
establishing and maintaining an organizational culture
According to the standards, audit planning should be documented and the planning process should include
establishing audit objectives and scope of work; obtaining background information about the activities to be audited; determining how, when, and to whome the audit will be communicated
Field work is a systematic process of objectivity gather informations about an entity's operations, evaluating it, and determining whether those operations meet acceptable standards. What is part of the work performed during field work?
expanding or altering engagement proceeds if circumstances warrant; applying the engagement work program to accomplish engagement objectives; creating working papers that document the engagement
To properly evaluate the operations of an internal auditing department, a quality assurance program should include
external reviews at least once every five years by qualified persons who are independent of the organization
what are advantages of issuing an interim report?
final report writing time can be minimized; an interim report allows information requiring immediate attention to be communicated; an interim report can be conducted on an informal basis and may be communicated only verbally
which elements of the COSO risk model are controllable?
financial and compliance
the primary objective of standardized working papers is
for efficiency
what factors are generally associated with management fraud?
generous performance based reward systems; a domineering management; a management preoccupation with increased financial performance
internal auditors have a responsibility to exercise "due professional care" with respect to fraud detection. This includes
having sufficient knowledge of fraud to identify the indicators that fraud may have been committed; being alert to opportunities that could allow fraud; evaluating the need for additional investigation
Once the internal auditor becomes reasonably certain that a defalcation is taking place, what should the auditor do next?
immediately report the matter to the appropriate level of management
exit conferences serve to ensure the accuracy f the information used by an internal auditor. A secondary benefit is to
improve relations with auditees
A preliminary report is issued following the detection phase of a fraud investigation. such a report should
include the internal auditor's conclusion as to whether sufficient information exists to conduct an investigation
According to the IIA, internal auditors should abide by and uphold what standards?
integrity, confidentiality, objectivity, competency
The principles of the code of ethics include
integrity, objectivity, confidentiality and competency
The Code of Ethics Principles include
integrity, objectivity, confidentiality, and competency
All internal auditors should be proficient with respect to
internal auditing procedures and techniques
the standards require that the CAE establish and maintain a quality assurance program to evaluate the operations of the internal auditing department. ______ are elements of a quality assurance program
internal reviews of audit work; supervision of audit work; external reviews to assess compliance with the standards
what are examples of detrimental fraud?
kickbacks by purchasing; false claims by vendors; embezzlement
A retention policy for working papers would be devised after consultation with
legal counsel
after completing an investigation, internal auditing has concluded that an employee has stolen a material amount of cash receipts. a draft of the proposed report on this find should be reviewed by
legal counsel
According to the practice advisory, internal auditors are responsible for continuing their education in order to
maintain their proficiency
The purpose of the internal audit's evaluation of the effectiveness of existing risk management processes is to determine that
management directs processes so as to provide reasonable assurance of achieving objectives and goals
When assessing the competency of the outside service provider, what is considered by the CAE?
professional membership, reputation, experience, education and training
the best descriptions of the principle purpose for retaining working papers is to
provide a support for the audit review
the purpose of the exit conference is to
meet with the customer to discuss the audit draft report to ensure that there has been no misunderstanding or misinterpretation of the facts
according to the standards, audit workpapers should be reviewed to ensure that
no issues are open at the conclusion of fieldwork
when an internal auditor identifies multiple factors that have been linked with possible fraudulent conditions and suspects that fraud has taken place, the auditor should
notify the appropriate authorities within the company and recommend an investigation
what is the appropriate content of working papers?
objectives, procedures, facts, conclusions and recommendations
According to the standards, internal assessment should include
ongoing review of the performance of the internal audit activity
Prior to issuing a final communication on a fraud investigation, the internal auditor should submit a proposed draft for review by the
organization's legal counsel
The CAE should develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity and continuously monitors its effectiveness. _______ are included in a quality program
periodic internal assessment; supervision; periodic external assessment
after an internal auditor writes a report describing deficiency findings, the next step is to review the report in draft form with the
personnel responsible for the operations under audit.
Analytical audit procedures would be most useful in which phase of the audit process?
planning
the most appropriate use of analytics would be in
planning
What should working papers document?
planning, risk assessment, evaluation of the adequacy and effectiveness of internal control
What areas should the internal auditor should evaluate to determine the effectiveness of the ethical culture?
positive personnel practices; reference and background checks; regular surveys of employees, suppliers and customers; clear delegation of responsibilities
to comply with the proficiency standard, the internal auditing department must
possess or obtain the knowledge, skills and other competencies needed to perform all or part of the engagement
which element of the professional practices framework is not mandatory?
practice advisories
the best control over the work on which audit opinions is
supervisory review of all audit work
According to the Implementation Standards based on the results of the risk assessment, internal auditors should evaluate internal controls regarding the:
reliability and integrity of financial and operational information; effectiveness and efficiency of operations; safeguarding of assets; compliance with laws, regulations, and contracts
oral reports on significant matters
require the same level of factual support as written reports; can be used when timeliness is a factor; need careful organization; can still make use of visual data
Review notes in working papers should be
retained or discarded as appropriate
one purpose of the exit conference is for the internal auditor to
review and verify the appropriateness of audit report based up auditee input
What should be included as part of the supervision?
review of planning, examination, evaluation, communication and follow-up phases of the audit; staff training, development, performance evaluation and expense control; approval of the audit program; ensuring that engagement objectives are met
According to the standards, the board and the management should receive periodic reports of the results of risk management processes. The corporate processes of the organization should provide communications relative to
risks, risk strategies, and controls
a working paper is complete when it
satisfies the audit objective for which it is developed
when determined the retention period for the working papers of a contract engagement, it is best to
seek the assistance of the legal department to assure compliance with contract provisions
one of the primary roles of an engagement work program is to
serve as a tool for planning and conducting engagement work
the proper organizational role of internal auditing is to
serve as an independent, objective assurance and consulting activity that adds value to operations
Internal auditors may provide consulting services that add value and improve an organization's operations. The performance of these services
should be consistent with the internal audit activity's empowerment reflected in the charter
According to the standards, the organizational status of the internal auditing department
should be sufficient to permit the accomplishment of its audit responsibilities
the organizational status of the internal audit activity
should be sufficient to permit the accomplishment of its responsibilities
what is the most appropriate method of reporting disagreement between the internal auditor and the engagement client concerning engagement observations and recommendation?
state both positions and identify the reasons for the disagreement
What are the attributes of information to be gathered?
sufficient, competent, relevant and useful
internal auditors should gather information that is
sufficient, competent, relevant, and useful
final engagement communications should be distributed to those members of the organization whoa re able to ensure that engagement results are given due consideration. for higher level members of the organization, that requirement can usually be satisfied with
summary reports
What is the most fundamental element of a quality assessment program?
supervision
the most fundamental element of a quality assessment program is
supervision
A quality assessment program includes ________.
supervision, internal assessments, and external assessments
the primary objective in the preparation of working papers is to
support the audit report
According to the standards, a written report should be issued after an audit examination is complete. The report should be approved by
the CAE or designee
the person responsible for engagement communication distribution should be
the CAE or designee
Independence of the internal auditing department could be compromised if
the CAE reports directly to the head of the accounting division
Risk assessment is a systematic process for assessing and integrating professional judgements about probable adverse conditions or events. What is the appropriate action for the CAE to take?
the CAE should generally assign engagement priorities to activities with higher risks
The work program should be approved in writing by the CAE or designee prior to
the commencement of audit work and any adjustments approved promptly
internal auditing is responsible for reporting fraud to senior management or the board when
the incidence of fraud is of material amount and has been established for reasonable certainty
The external quality assessment report should be addressed to
the individual who requests the assessment
the internal auditor prepares working papers primarily for the benefit of
the internal auditing department
What is the responsibility of the internal auditor with respect to fraud?
the internal auditor should have sufficient knowledge to identify the indicators of fraud but is not expected to be expert
In planning an engagement, internal auditors should consider
the objectives of the activity being reviewed and the means by which activity controls performance; the adequacy and effectiveness of the activity's risk management and control systems compared to a relevant control framework model
Describe criteria.
the standard of performance, or what should be
Recommendations in engagement communications, may or may not, actually be implemented. Internal auditing's role in follow-up is
they should follow up to ascertain that appropriate action is taken on engagement recommendations
the purpose of the internal audit activity
to add value and improve an organization's operations
What is the most appropriate use of an oral audit report?
to communicate conditions that demand immediate action before a written report can be prepared
what are primary objectives of a closing/exit conference?
to resolve conflicts; to discuss the engagement observations and recommendations; to identify management's actions and responses to the engagement observations and recommendations
when reviewing working papers, an internal auditing supervisor will primarily be concerned with determining whether the
working papers adequately support the engagement observations, conclusions and recommendations
