Internal Audit Exam 3 Study Guide - Multiple Choice
To identify the amount of obsolete inventory that may exist in an organization, an internal auditor probably should collect information using all of the following procedures except a. confirmation b. scanning c. recomputation d. analytical review
a. confirmation
Vouching entails verifying recorded amounts by examining the underlying documents from the _____ documents to the _____ documents. a. final; original b. final; previous c. original; final d. original; subsequent
a. final; original
An internal auditor has set an engagement objective of ascertaining compliance with a city ordinance forbidding city purchasing from vendors affiliated with elected city officials. Which of the following engagement techniques will best meet this objective? a. inspection of documents b. observation c. inquiry d. analytical review
a. inspection of documents
Which of the following is a false statement about the relationship between internal auditors and external auditors? a. oversight of the work of external auditors is the responsibility of the chief audit executive b. sufficient meetings are scheduled between internal and external auditors to ensure timely and efficient completion of the work c. internal and external auditors may exchange engagement communications and management letters d. internal auditors may provide engagement work programs and working papers to external auditors
a. oversight of the work of external auditors is the responsibility of the chief audit executive - is the responsibility of audit committee
Which of the following represents the most reliable information that a receivable actually exists? a. positive confirmation b. sales invoice c. receiving report d. bill of lading
a. positive confirmation
All of the following are required communications by the chief audit executive (CAE) to senior management and the board except a. results of analysis into staffing needs b. significant interim changes in plans and resources c. effects of any resource limitations d. the internal audit activity's plans and resource requirements
a. results of analysis into staffing needs
Which of the following is an example of misappropriation of assets? a. A foreign official is bribed by the chief operating officer (COO) to facilitate approval of a new product. b. A small amount of petty cash is stolen. c. A duplicate bill is sent to a customer in hopes that they will pay it twice. d. A journal entry is modified to improve reported financial results.
b. A small amount of petty cash is stolen.
Documentary evidence is one of the principal types of corroborating information used by an internal auditor. Which one of the following examples of documentary evidence generally is considered the most reliable? a. A credit memorandum prepared by the credit manager. b. A vendor's invoice obtained from the accounts payable department. c. A copy of a sales invoice prepared by the sales department. d. A receiving report obtained from the receiving department.
b. A vendor's invoice obtained from the accounts payable department.
The possibility of someone maliciously shutting down an information system is most directly an element of: a. Access risk. b. Availability risk. c. Confidentiality risk. d. Deployment risk.
b. Availability risk.
The internal audit function's responsibilities with respect to fraud are limited to: a. Monitoring any calls received through the organization's whistleblower hotline but not necessarily conducting a follow-up investigation. b. Being aware of fraud indicators, including those relating to financial reporting fraud, but not necessarily possessing the expertise of a fraud investigation specialist. c. The organization's operational and compliance activities only because financial reporting matters are the responsibility of the independent outside auditor. d. Ensuring that all employees have received adequate fraud awareness training.
b. Being aware of fraud indicators, including those relating to financial reporting fraud, but not necessarily possessing the expertise of a fraud investigation specialist.
Which of the following is the best source of IT audit guidance within the IPPF? a. Control Objectives for Information and Related Technologies (COBIT). b. Global Technology Audit Guides (GTAGs). c. National Institute of Standards and Technology (NIST). d. Information Technology Infrastructure Library (ITIL).
b. Global Technology Audit Guides (GTAGs).
Which of the following is not something all levels of employees should do? a. Report suspicions of incidences of fraud. b. Investigate suspicious activities that they believe may be fraudulent. c. Have a basic understanding of fraud and be aware of the red flags. d. Understand their role within the internal control framework.
b. Investigate suspicious activities that they believe may be fraudulent.
Professional skepticism means that internal auditors beginning an assurance engagement should: a. Assume client personnel are dishonest until they gather evidence that clearly indicates otherwise. b. Neither assume client personnel are honest nor assume they are dishonest. c. Assume that internal controls are designed inadequately and/or operating ineffectively. d. Assume client personnel are honest until they gather evidence that clearly indicates otherwise.
b. Neither assume client personnel are honest nor assume they are dishonest.
Which of the following is true about new and emerging technologies? a. New technologies have security login controls built into them b. New technologies take time for the users to transition and adapt to the new technology, so training is critical. c. New technologies always come from large multinational companies. d. New technologies often have new and some innovative controls embedded in them .
b. New technologies take time for the users to transition and adapt to the new technology, so training is critical.
Which of the following activities undertaken by the internal auditor might be in conflict with the standard of independence? a. Risk management consultant. b. Product development team leader. c. Ethics advocate. d. External audit liaison.
b. Product development team leader.
The CAE is attempting to expand the coverage of the internal audit function in the area of cybersecurity. The best way to accomplish this goal would be to: a. Ask management to include internal auditors when debriefing after a cybersecurity incident. b. Provide consulting engagements on cybersecurity c. Conduct training for internal auditors on cybersecurity d. Purchase software to detect cybersecurity incidents
b. Provide consulting engagements on cybersecurity
Who is ultimately responsible for determining that the objectives for an internal audit engagement have been met? a. The individual internal audit staff member. b. The CAE. c. The audit committee. d. The internal audit engagement supervisor.
b. The CAE.
Which of the following is not a responsibility of the CAE? a. To communicate the internal audit function's plans and resource requirements to senior management and the board for review and approval. b. To oversee the establishment, administration, and assessment of the organization's system of internal controls and risk management processes. c. To follow up on whether appropriate management actions have been taken on significant issues cited in internal audit reports. d. To establish a risk-based plan to accomplish the objectives of the internal audit function consistent with the organization's goals.
b. To oversee the establishment, administration, and assessment of the organization's system of internal controls and risk management processes.
An internet firewall is designed to provide protection against: a. Data mistakes. b. Unauthorized access from external sources. c. Lightning strikes and power surges. d. Arson.
b. Unauthorized access from external sources.
Which of the following is not one of the top 10 technology risks facing organizations? a. Cybersecurity. b. Use of older technology. c. IT governance. d. Mobile computing.
b. Use of older technology.
Documents provide information with differing degrees of persuasiveness. If the engagement objective is to obtain information that payment has actually been made for a specific invoice from a vendor, which of the following documents ordinarily is the most persuasive? a. an entry in the engagement client's cash disbursements journal supported by a voucher package containing the vendor's invoice b. a canceled check, made out to the vendor and referenced to the invoice, include in a cutoff bank statement that the internal auditor received directly from the bank c. an accounts payable subsidiary ledge that shows payment of the invoice d. a vendor's original invoice stamped "PAID" and referenced to a check number
b. a canceled check, made out to the vendor and referenced to the invoice, include in a cutoff bank statement that the internal auditor received directly from the bank
Which of the following is a false statement about the reliability of audit evidence? a. the more effective the organization's internal control, the more assurance it provides about the accounting data b. a copy of a document is as reliable as the original c. evidence obtained from independent sources outside the organization is more reliable than evidence obtained from internal sources d. the auditor's direct personal knowledge is more reliable than information obtained indirectly
b. a copy of a document is as reliable as the original
When evaluating the propriety of a payment to a consultant, the most appropriate information for the internal auditor to obtain and review is a. oral information in the form of opinions of operating management b. documentary information in the form of a contract c. analytical information in the form of comparisons with prior years' expenditures on consultants d. physical information in the form of the consultant's report
b. documentary information in the form of a contract
During an engagement to review the personnel function, an internal auditor notes that there are several employee benefit programs and that participation in some of the programs is optional. Which of the following is the best information for assessing the acceptability of various benefit programs to employees? a. discuss satisfaction levels with program participants b. evaluate program participation ratios and their trends c. discuss satisfaction levels with the director of personnel d. evaluate methods used to make employees aware of available program options
b. evaluate program participation ratios and their trends
Written policies and procedures relative to managing the internal audit activity should a. ensure compliance with its performance standards b. give considerations to its structure and the complexity of the work performed c. results in consistent job performance d. prescribe the format and distribution of engagement communications and the classification of observations
b. give considerations to its structure and the complexity of the work performed
The dean at a prestigious private performing arts college was reading about the 20 amazing students graduating with honors in the spring. The dean wants to gather the following information from the students' families: Why did the students choose this college? How did the students go through the decision-making process? What method would the college's audit manager most likely suggest for gathering this information? a. sending a questionnaire to the students' families b. interviewing the students' families via telephone c. having the students complete a rating scale survey d. observing the activates of the students
b. interviewing the students' families via telephone
According to the International Professional Practices Framework, the internal audit activity is effectively managed when a. policies on responsibilities of the internal audit activity are included in the organization's operations manual b. its individual members conform with the Code of Ethics and the Standards c. Management oversees the day-to-day operations of the internal audit activity d. It has the skill set and knowledge to help the organization achieve its objectives
b. its individual members conform with the Code of Ethics and the Standards
The most conclusive information to support supplier account balances is obtained by a. reviewing the vendor statements obtained from the accounts payable clerk b. obtaining confirmations of balances from the suppliers c. performing analytical account analysis d. interviewing the accounts payable manager to determine the internal controls maintained over accounts payable processing
b. obtaining confirmations of balances from the suppliers
The chief audit executive (CAE) is best defined as the a. inspector general b. person responsible for the internal audit functions c. outside provider of internal audit services d. person responsible for overseeing the contract with the outside provider of internal audit services
b. person responsible for the internal audit functions
Which of the following is responsible for coordination of internal and external audit work? a. the board b. the chief audit executive c. internal auditors d. external auditors
b. the chief audit executive
What is the reason the CAE must have direct and unrestricted access to the board? a. the board is composed of financial experts and are a great resource for collaboration on financial decisions b. the internal audit activity needs to achieve organizational independence c. stock exchanges require that all listed organizations have an audit committee d. the CAE must build and maintain strong constructive relationships with managers and other stakeholders
b. the internal audit activity needs to achieve organizational independence
An internal auditor must weigh the cost of an engagement procedure against the persuasiveness of the evidence to be gathered. Observation is one engagement procedure that involves cost-benefit trade-offs. Which of the following statements regarding observation as an engagement technique is (are) true? 1. observation is limited because individuals may react differently when being observed 2. When testing financial statements balances, observation is more persuasive for the completeness assertion than it is for the existence assertion 3. observation is effective in providing information about how the organization's processes differ from those specified by written policies a. 1 only b. 2 only c. 1 and 3 only d. 1, 2, and 3
c. 1 and 3 only
Which of the following types of companies would most likely need the strongest anti-fraud controls? a. A manufacturer of popular athletic shoes. b. An internet-based electronics retailer. c. A bank. d. A grocery store.
c. A bank.
Per the Standards, internal audit functions must establish: a. Internal quality assurance and improvement program assessments. b. External quality assurance and improvement program assessments. c. Both internal and external quality assurance and improvement program assessments. d. Neither internal nor external quality assurance and improvement program assessments.
c. Both internal and external quality assurance and improvement program assessments.
Which of the following statement(s) regarding an internal audit function's continuous auditing responsibilities is/are true? I. The internal audit function is responsible for assessing the effectiveness of management's continuous monitoring activities. II. In areas of the organization in which management has implemented effective monitoring activities, the internal audit function can conduct less stringent continuous assessments of risks and controls. a. Only statement I is true. b. Only st
c. Both statements I and II are true.
Cash receipts should be deposited on the day of receipt or the following business day. Select the most appropriate engagement procedure to determine that cash is promptly deposited. a. Review the functions of cash handling and maintaining accounting records for proper segregation of duties. b. Review the functions of cash receiving and disbursing for proper segregation of duties. c. Compare the daily cash receipts totals with the bank deposits. d. Review cash register tapes prepared for each sale.
c. Compare the daily cash receipts totals with the bank deposits.
Which of the following is not a technique to conceal inventory shrinkage? a. Altering the yearly physical inventory counts. b. Writing off inventory after physical inventory counts. c. Counting and valuing physical inventory at the end of each year. d. Understating the value of physical inventory counts.
c. Counting and valuing physical inventory at the end of each year.
An internal auditor must weigh the cost of an audit procedure against the persuasiveness of the evidence to be gathered. Observation is one audit procedure that involves cost-benefit tradeoffs. Which of the following statements regarding observation as an audit procedure is/are correct? I. Observation is limited because individuals may react differently when being watched. II. Observation is more effective for testing completeness than it is for testing existence. III. Observation provides evidence about whether certain controls are operating as designed. a. II only. b. I, II, and III. c. I and III. d. I only.
c. I and III
Which of the following is not a typical "rationalization" of a fraud perpetrator? a. The company owes me because I'm underpaid. b. It's in the organization's best interest. c. I'm smarter than the rest of them. d. I want to get back at my boss (revenge).
c. I'm smarter than the rest of them.
Which of the following activities are designed to provide feedback on the effectiveness of an internal audit activity? I. Proper supervision. II. Proper training. III. Internal assessments. IV. External assessments. a. I, II, and III only. b. I, II, and IV only. c. I, III, and IV only. d. All of these.
c. I, III, and IV only.
Which of the following is not an IT technical control? a. System software control b. Application-based controls c. IT governance controls d. System development controls
c. IT governance controls
After anonymous tips/complaints and pure accident as a source of fraud discovery, the next highest source according to the 2020 ACFE Report to the Nations survey was: a. External auditors. b. Vendors. c. Internal auditors. d. Customers.
c. Internal auditors.
The software that manages the interconnectivity of the system hardware devices is the: a. Application software. b. Utility software. c. Operating system software. d. Database management system software.
c. Operating system software.
A production manager of MSM Company ordered excessive raw materials and had them delivered to a side business he operated. The manager falsified receiving reports and approved the invoices for payment. Which of the following procedures would most likely detect this fraud? a. Confirm the amounts of raw materials purchased, purchase prices, and dates of shipment with vendors. b. Vouch cash disbursements to receiving reports and invoices. c. Perform ratio and trend analysis. Compare the cost of raw materials purchased with the cost of goods produced. d. Observe the receiving dock and count materials received. Compare the counts with receiving reports completed by receiving personnel.
c. Perform ratio and trend analysis. Compare the cost of raw materials purchased with the cost of goods produced.
Requiring a user ID and password would be an example of what type of control? a. Detective. b. Corrective. c. Preventive. d. Reactive.
c. Preventive.
The Standards requires the CAE to share information and coordinate activities with other internal and external providers of assurance services. With regard to the independent outside auditor, which of the following would not be an appropriate way for the CAE to meet this requirement? a. Holding a meeting between the CAE and the independent outside audit firm's partner to discuss the upcoming audit of the financial statements. b. Providing the independent outside auditor with access to the workpapers for an audit of third-party contractors. c. Requiring the independent outside auditor to have the CAE's approval of their annual audit plan for conducting the financial statement audit. d. Requesting that the internal audit function receive a copy of the independent outside auditor's management letter.
c. Requiring the independent outside auditor to have the CAE's approval of their annual audit plan for conducting the financial statement audit.
During an engagement to evaluate travel expenses, the accounting supervisor tells the internal auditor that each expense report is reviewed and approved before costs are reimbursed to the traveler. Which of the following is the best course of action for the internal auditor to take? a. Request the supervisor to put the statement in writing. b. Corroborate this information with the controller. c. Review a sample of expense reports for proper approval. d. Conserve engagement resources by accepting the statement and redirect work into another area.
c. Review a sample of expense reports for proper approval.
Which of the following is a valid statement about the detection of fraud? a. Internal controls, when properly designed, are almost bullet proof in terms of preventing fraud. b. For the purposes of understanding how fraud is discovered, whistleblower hotlines are the only method proven to detect fraud. c. The combined frequency of tips and accidents in discovering fraud exceeds the combined frequency of internal and external audits. d. Law enforcement plays a significant role in the detection of white collar (economic) crimes.
c. The combined frequency of tips and accidents in discovering fraud exceeds the combined frequency of internal and external audits.
Which of the following is the best reason for the CAE to consider the organization's strategic plan in developing the annual internal audit plan? a. To emphasize the importance of the internal audit function to the organization. b. To make recommendations to improve the strategic plan. c. To ensure that the internal audit plan supports the overall business objectives. d. To provide assurance that the strategic plan is consistent with the organization's values.
c. To ensure that the internal audit plan supports the overall business objectives.
If a sales transaction record was rejected during input because the customer account number entered was not listed in the customer master file, the error was most likely detected by a: a. Completeness check. b. Limit check. c. Validity check. d. Reasonableness check.
c. Validity check.
Your audit objective is to determine whether purchases of office supplies have been properly authorized. If purchases of office supplies are made through the purchasing department, which of the following procedures is most appropriate? a. Vouch receiving reports to approved purchase orders. b. Inspect purchase requisitions for proper approval. c. Vouch purchase orders to approved purchase requisitions. d. Trace approved purchase requisitions to purchase orders.
c. Vouch purchase orders to approved purchase requisitions.
One engagement procedure for an engagement to evaluate facilities and equipment is to test the accuracy of recorded depreciation. Which of the following is the best source of information that the equipment in question is in service? a. a review of depreciation policies and procedures b. a comparison of depreciation schedules with a listing of insurance appraisals for the same equipment c. a comparison of depreciation schedules with the maintenance and repair logs for the same equipment d. a review of inventory documentation for the equipment
c. a comparison of depreciation schedules with the maintenance and repair logs for the same equipment
An internal auditor has set an engagement objective of identifying the existence of personality conflicts that are detrimental to productivity. Which of the following engagement techniques will best meet the objective? a. inspection of documents b. observation c. inquiry d. analytical review
c. inquiry
Observation is considered a reliable audit procedure but one that is limited in usefulness. However, it is used in a number of different audit situations. Which of the following statements is true regarding observation as an audit technique? a. it is the most effective method to use in filling out internal control questionnaires b. it is the most persuasive method to learn how transactions are really processed during the period under audit c. it is most persuasive about the performance of a process but is limited to the moment in time at which the observation takes place d. it is the most persuasive procedure for determining whether fraud has occurred
c. it is most persuasive about the performance of a process but is limited to the moment in time at which the observation takes place
The most reliable information an internal auditor can assess when determining an organization's legal title to inventories is a. monthly gross profit and inventory levels b. purchase orders c. paid vendor invoices d. records of inventories stored at off-site locations
c. paid vendor invoices
Which of the following types of tests is the most persuasive if an internal auditor wants assurance of the existence of inventory stored in a warehouse? a. examining the shipping documents that support recorded transfers to and from the warehouse b. obtaining written confirmation from management c. physically observing the inventory in the warehouse d. examining warehouse receipts contained in the engagement client's records
c. physically observing the inventory in the warehouse
In most cases, an internal audit activity should document policies and procedures to ensure the consistency and quality of its work. The exception to this principle is directly related to a. departmentation b. division of labor c. size of the internal audit activity d. authority
c. size of the internal audit activity
Which of the following statements is false regarding the administration of the internal audit activity? a. management oversees the day-to-day operations of the internal audit activity b. an internal audit manager may be assigned to monitor internal audit processes and emerging issues c. the audit committee is responsible for creating the operating and financial budget for the internal audit functions d. selection criteria for hiring internal auditors should be well-developed
c. the audit committee is responsible for creating the operating and financial budget for the internal audit functions - CAE is responsible
Which of the following procedures is the internal auditor most likely to perform at the beginning of an engagement? a. prepare a rough draft of the report b. evaluate the adequacy of and effectiveness of controls c. tour the engagement client's facilities d. consult with and review the work of the predecessor internal auditor
c. tour the engagement client's facilities
The Standards requires policies and procedures to guide the internal audit staff. Which of the following statements is false with respect to this requirement? a. A small internal audit function may be managed informally through close supervision and written memos. b. Formal administrative and technical audit manuals may not be needed by all internal audit functions. c. The CAE should establish the function's policies and procedures. d. All internal audit functions should have a detailed policies and procedures manual.
d. All internal audit functions should have a detailed policies and procedures manual.
Which of the following is not an example of a fraud prevention program element? a. Background investigations of new employees. b. Establishing authority limits related to purchasing commitments. c. Exit interviews of departing employees. d. Analyzing cash disbursements to determine whether any duplicate payments have been made.
d. Analyzing cash disbursements to determine whether any duplicate payments have been made.
An organization's IT governance committee has several important responsibilities. Which of the following is not normally such a responsibility? a. Aligning investments in IT with business strategies. b. Overseeing changes to IT systems. c. Monitoring IT security procedures. d. Designing IT application-based controls.
d. Designing IT application-based controls.
According to the IPPF, internal auditors should possess which of the following skills? I. Internal auditors should understand human relations and be skilled in dealing with people. II. Internal auditors should be able to recognize and evaluate the materiality and significance of deviations from good business practices. III. Internal auditors should be experts on subjects such as economics, commercial law, taxation, finance, and IT. IV. Internal auditors should be skilled in oral and written communication a. II only. b. I and III only. c. III and IV only. d. I, II, and IV only.
d. I, II, and IV only.
Which of the following is not a fictitious revenue scheme? a. Conditional sales. b. Premature revenue recognition. c. Channel stuffing. d. Matching expenses to revenues.
d. Matching expenses to revenues.
What fraud schemes were reported to be most common in the ACFE's 2020 Report to the Nations? a. Corruption. b. Inappropriately reporting revenues in published financial results. c. Fraudulent billing. d. Misappropriation of assets by employees.
d. Misappropriation of assets by employees.
According to the IPPF, the independence of the internal audit activity is achieved through: a. Staffing and supervision. b. Continuing professional development and due professional care. c. Human relations and communications. d. Organizational status and objectivity.
d. Organizational status and objectivity.
Audit committees are most likely to participate in the approval of: a. Audit staff promotions and salary increases. b. The internal audit report observations and recommendations. c. Audit work schedules. d. The appointment of the CAE.
d. The appointment of the CAE.
Audit evidence is generally considered sufficient when: a. It is appropriate. b. It is relevant, reliable, and free from bias. c. It has been obtained via random sampling. d. There is enough of it to support well-founded conclusions.
d. There is enough of it to support well-founded conclusions.
What is the best way to prevent and detect conflicts of interest? a. Bank reconciliations. b. Segregation of duties. c. An effective control environment, including an ethical tone at the top. d. Transparent and full disclosure.
d. Transparent and full disclosure.
An internal auditor has set an engagement objective of determining whether the planned rate of return on investment in international operations has been achieved. Which of the following engagement procedures will best meet this objective? a. inspection of documents b. observation c. inquiry d. analytical review
d. analytical review
Which of the following is an essential factor in evaluating the sufficiency of information? The information must a. be well documented and cross-referenced in the workpapers b. be based on references that are considered competent c. bear a direct relationship to the observation and include all of the elements of an observation d. be convincing enough for a prudent person to reach the same decision
d. be convincing enough for a prudent person to reach the same decision
Which of the items below most likely reflect differences between the policies of a relatively large and a relatively small internal audit activity? The policies for the large activity should a. define the scope of internal auditing b. contain the authority to carry out engagements c. be specific as to activities to be carried out d. be in considerable detail
d. be in considerable detail
Reliable information is a. supportive of the engagement observations and consistent with the engagement objectives b. helpful is assisting the organization in meeting prescribed goals c. factual, adequate, and convincing so that a prudent person would reach the same conclusion as the internal auditor d. competent and the best attainable through the use of appropriate engagement techniques
d. competent and the best attainable through the use of appropriate engagement techniques
To determine whether refunds granted to customers were properly approved, and internal auditor should vouch accounts receivable entries to a. sales invoices b. remittance advices c. shipping documents d. credit memos
d. credit memos
Which of the following audit committee activities is of the greatest benefit to the internal audit activity? a. review and approval of engagement work programs b. assurance that the external auditor will rely on the work of the internal audit activity whenever possible c. review and endorsement of all internal auditing engagement communications prior to their release d. determine whether scope limitations impede the ability of the internal audit activity to execute its responsibilities
d. determine whether scope limitations impede the ability of the internal audit activity to execute its responsibilities
A major reason for establishing an internal audit activity is to a. relieve overburdened management of the responsibility for establishing effective controls b. safeguard resources entrusted to the organization c. ensure the reliability and integrity of financial and operational information d. evaluate and improve the effectiveness of control processes
d. evaluate and improve the effectiveness of control processes
Which of the following procedures would provide the most reliable information? a. inquires of the client's employees held in private b. inspection of prenumbered client purchase orders filed in the vouchers payable department c. analytical procedures performed by the internal auditor on the entity's trail balance d. inspection of bank statements obtained directly from the client's financial institution
d. inspection of bank statements obtained directly from the client's financial institution
The internal audit activity is responsible for implementing 1. risk management 2. governance 3. control a. 1 only b. 2 only c. 3 only d. none of the answers are correct
d. none of the answers are correct - these are managements responsibilities
Which of the following is most essential for guiding the internal audit staff? a. quality program assessments b. position descriptions c. performance appraisals d. policies and procedures
d. policies and procedures
An internal auditor has set an engagement objective of determining whether all cash receipts are deposited intact daily. To satisfy this objective, the internal auditor interviewed the controller who gave assurances that all cash receipts are deposited as soon as is reasonably possible. As information that can be used to satisfy the stated engagement objective, the controller's assurances are a. sufficient but not reliable or relevant b. sufficient, reliable, and relevant c. not sufficient, reliable or relevant d. relevant but not sufficient or reliable
d. relevant but not sufficient or reliable
The proper organizational role of internal auditing is to a. assist the external audit to reduce external audit fees b. perform studies to assist in the attainment of more efficient operations c. serve as the investigative arm of the board d. serve as an independent, objective assurance and consulting activity that adds value to operations
d. serve as an independent, objective assurance and consulting activity that adds value to operations
In deciding whether recorded sales are valid, which of the following items of information is most reliable? a. a copy of the customer's purchase order b. a memorandum from the director of the shipping department stating that another employee verified the personal delivery of the merchandise to the customer c. accounts receivable record showing cash collections from the customer d. the shipping document, independent bill of lading, and the invoice of the merchandise
d. the shipping document, independent bill of lading, and the invoice of the merchandise
Which one of the following must be included in the internal audit charter?
internal audit responsibility
Which of the following statements regarding audit evidence would be the least appropriate for an internal auditor to make? a. "I do not perform procedures that provide persuasive evidence because I must obtain convincing evidence." b. "I am seldom absolutely certain about the conclusions I reach based on the evidence I examine." c. "I evaluate both the usefulness of the evidence I can obtain and the cost to obtain it." d. "I consider the level of risk involved when deciding the kind of evidence I will gather."
a. "I do not perform procedures that provide persuasive evidence because I must obtain convincing evidence."
Senior management has requested that the internal audit function perform an operational review of the telephone marketing operations of a major division and recommend procedures and policies for improving management control over the operation. The internal audit function should: a. Accept the audit engagement because independence would not be impaired. b. Accept the engagement, but indicate to management that recommending controls would impair audit independence so that management knows that future audits of the area would be impaired. c. Not accept the engagement because internal audit functions are presumed to have expertise on accounting controls, not marketing controls. d. Not accept the engagement because recommending controls would impair future objectivity of the department regarding this auditee.
a. Accept the audit engagement because independence would not be impaired.
How should an organization handle an anonymous accusation from an employee that a supervisor in the organization has manipulated time reports? a. Assess the facts provided by the anonymous party against pre-established criteria to determine whether a formal investigation is warranted. b. Make a record of the accusation but do nothing, as anonymous accusations are typically not true. c. Turn the issue over to the HR department because this type of anonymous accusation is usually just a human resource issue. d. Assign a staff internal auditor to review all time reports for the past six months in the supervisor's area.
a. Assess the facts provided by the anonymous party against pre-established criteria to determine whether a formal investigation is warranted.
Which of the following IT devices can present the most significant risk to the organization? a. BYOD. b. Servers within the enterprise that are controlled by the centralized technical support. c. Laptops that are bought by the organization. d. Printers attached to the network.
a. BYOD.
Which of the following best describes an auditor's responsibility after noting some indicators of fraud? a. Expand activities to determine whether an investigation is warranted. b. Report the possibility of fraud to senior management and ask how to proceed. c. Consult with external legal counsel to determine the course of action to be taken. d. Report the matter to the audit committee and request funding for outside specialists to help investigate the possible fraud.
a. Expand activities to determine whether an investigation is warranted.
Which of these does the Cressey fraud triangle not include as one of its vertices? a. Fraudster personality. b. Rationalization. c. Opportunity. d. Pressure.
a. Fraudster personality.
In developing a new system, change management is extremely important. What are two main reasons to assess change management controls? a. Increased regulatory requirements around IT and controls and the ubiquity of technology b. Increased organizational and internal audit expense budgets c. Reduce IT employees performing IT management and increase focus on IT project management d. Increase internal security and limit segregation of duties.
a. Increased regulatory requirements around IT and controls and the ubiquity of technology
Internal audit engagement teams prepare working papers primarily for the benefit of the: a. Internal audit function. b. Auditee. c. Independent outside auditor. d. Board and senior management.
a. Internal audit function
Competent evidence is best defined as evidence that: a. Is reasonably free from error and bias and faithfully represents that which it purports to represent. b. Is obtained by observing people, property, and events. c. Is supplementary to other evidence already gathered and that tends to strengthen or confirm it. d. Proves an intermediate fact, or group of facts, from which still other facts can be inferred.
a. Is reasonably free from error and bias and faithfully represents that which it purports to represent.
Organizational independence exists if the CAE reports <List A> to some other organizational level than the CEO or similar head of the organization as long as the internal audit activity <List B> without interference: a. List A: administratively; List B: controls the scope and performance of work and reporting of results. b. List A: administratively; List B: approved the internal audit budget and risk-based internal audit plan. c. List A: functionally; List B: controls the scope and performance of work and reporting of results. d. List A: functionally; List B: approves the internal audit budget and risk-based internal audit plan.
a. List A: administratively; List B: controls the scope and performance of work and reporting of results.
An internal auditor is concerned that fraud, in the form of payments to fictitious vendors, may exist. Company purchasers, responsible for purchases of specific product lines, have been granted the authority to approve expenditures up to $10,000. Which of the following applications of generalized audit software would be most effective in addressing the auditor's concern? a. List all major vendors by product line. Select a sample of major vendors and examine supporting documentation for goods or services received. b. List all major vendors by product line. Select a sample of major vendors and send negative confirmations to validate that they actually provided goods or services. c. Take a random sample of all expenditures under $10,000 to determine whether they were properly approved. d. List all purchases over $10,000 to determine whether they were properly approved.
a. List all major vendors by product line. Select a sample of major vendors and examine supporting documentation for goods or services received.
Which of the following most completely describes the appropriate content of internal audit assurance engagement working papers? a. Objectives, procedures, facts, conclusions, and recommendations. b. Subject, purpose, sampling information, and analysis. c. Objectives, procedures, and conclusions. d. Purpose, criteria, techniques, and conclusions.
a. Objectives, procedures, facts, conclusions, and recommendations
Which of the following represents the most competent evidence that trade receivables actually exist? a. Positive confirmations. b. Sales invoices. c. Bills of lading. d. Receiving reports.
a. Positive confirmations.
Workpaper summaries, if prepared, can be used to: a. Promote efficient workpaper review by internal audit supervisors. b. Document the full development of engagement observations and recommendations. c. Replace the detailed workpaper files for permanent retention. d. Serve as an engagement final communication to senior management.
a. Promote efficient workpaper review by internal audit supervisors.
The purpose of logical security controls is to: a. Restrict access to data. b. Limit access to hardware. c. Record processing results. d. Ensure complete and accurate processing of data.
a. Restrict access to data.
Engagement information is usually considered relevant when it is A. Derived through valid statistical sampling. B. Objective and unbiased. C. Factual, adequate, and convincing. D. Consistent with the engagement objectives.
D. Consistent with the engagement objectives.
