ACC-590 Practice Exam 1, ACC-590 Chapter 3 Textbook MC, ACC-590 Chapter 2 Textbook MC, ACC-590 Chapter 1 Textbook MC, ACC-590 Quizzes 1-6
*Which of the following is the globally accepted certification for demonstrating internal audit competence?* A. CISA B. CPA C. CFE D. CIA
D. CIA
*According to the Standards, how is the independence of the internal audit function achieved?* A. Staffing and supervision. B. Human relations and communications. C. Quality assurance and internal review. D. Organizational status and objectivity.
D. Organizational status and objectivity.
*The purpose of the Code of Ethics is to________* A. establish a basis for the evaluation of the internal audit function. B. Develop consistency in internal auditing practices. C. Provide a codification of best practices. D. Promote an ethical culture in the internal auditing profession.
D. Promote an ethical culture in the internal auditing profession.
*The IIA's Code of Ethics is composed of 4 Principles and 12:* A. Guidelines B. Rules C. Standards D. Attributes
B. Rules
(PT. 3) You are the director of internal audit at Sargon Industries, a large publicly traded manufacturing company. You recently met with the manager of data processing and expressed the desire to establish a more effective relationship between the two departments. Subsequently, the manager of data processing requested your assistance on a new computerized accounts payable system being developed. The manager recommended that the internal audit function assume line responsibility for examining suppliers' invoices prior to payment. The manager also requested that the internal audit function make suggestions during the development of the system, assist in its installation, and approve the completed system after making a final review. Evaluate each of the following requests made by the manager of data processing within the context of The IIA's International Professional Practices Framework (that is, the Definition of Internal Auditing, the Standards, the Code of Ethics, Implementation Guides, etc.) in terms of its potential impact on internal auditors' objectivity. *(A) The request that the internal auditor be responsible for examining suppliers' invoices prior to payment. (B)The request that the internal auditor make suggestions during the development of the system. (C) The request that the internal auditor assist in the installation of the system and approve the system after making a final review.*
(A). This would impair the internal auditors' objectivity. Standard 1130.A1 state that an internal auditor's objectivity has been impaired if they assumed operating responsibility for an area they audited during the past year. Examining suppliers' invoices is a management function that should not be performed by internal auditors. (B). This would not impair internal auditors' objectivity. There is nothing in the Standards or Code of Ethics that prohibits suggestions or recommendations (C). This would impair internal auditors' objectivity. Involvement in the installation of the system and providing a final approval as requested involve operating responsibilities that internal auditors must avoid according to Standards 1100, 1120, and 1130.A1.
(PT. 4) (a) Explain the "three lines of defense" model
(a) *~1st Line~* -Responsible for managing risks and maintaining effective internal controls -Identifies, assesses, mitigates, monitors and reports on risks -Bottom Up Risk Assessments include: --Risk Control Self Assessment (RCSA) --Key Risk Indicators (KRI's) --Risk Profile --Escalation *~2nd Line~* - Designs and implements risk program - Provides framework used by 1st line to assess and manage risk - Connects dots by taking a portfolio view of risks across the enterprise - Coordinates risk governance process - Provides compliance function to monitor various specific risks - Provides top down view relative to strategy and risk appetite *~3rd Line - Independent assessment or 1st and 2nd line~* *-Assessing* -- Design and effectiveness of risk management framework --Adequacy of and testing compliance with policies and standards --Design and testing effectiveness of 1st line controls *-Testing* -- Effectiveness of 2nd line functions --Completeness and accuracy of information reported to management, the board, and external users *- Keeping Audit Committee and management informed on issues requiring resolution*
(PT. 2) *(a) The IIA Standards require an internal audit function to have an internal audit charter. What is the purpose of the internal audit charter? (b) Who is responsible for developing the internal audit charter? Besides that responsible person, who else should be involved in determining the charter's content? (c). What are four specific points that should be addressed in the internal audit charter? (There are more than four.)*
(a) The charter is a formal document that defines the agreed upon purpose, authority, and responsibility of the internal audit function. (b)The CAE is responsible for developing the charter. Senior management and the audit committee (board). (c) *Any Four* of the following: (1) The internal audit activity's position within the organization (2) Authorization for access to records, personnel, and physical properties relevant to the performance of engagements (3) The scope of internal audit activities (4) The type of assurance and consulting services (5) That the activity will conform to Definition, Core Principles, Code of Ethics, and Standards of IA (6) Selection and removal process for CAE
(PT. 6) a) What should be the reporting lines of the CAE? (b) What are the primary differences between internal and external financial reporting assurance services?
(a) To ensure transparency and thwart collusion and conflicts of interest, best practice indicates that the internal audit activity should have a dual reporting relationship, The CAE should report to executive management for assistance in establishing direction, support, and administrative interface; and to the organization's most senior oversight group - typically, the audit committee -for strategic direction, reinforcement, and accountability.The Standards require that the CAE report to a level within the organization that allows the internal audit activity to fulfill its responsibilities. To achieve necessary independence, best practices suggest the CAE should report directly to the audit committee or its equivalent. For day-to-day administrative purposes, the CAE should report to the most senior executive (i.e., the chief executive officer [CEO]) of the organization. (b) The primary difference between internal financial reporting assurance services and external financial reporting assurance services is the audience. Internal auditors provide financial reporting assurance services primarily for the benefit of management and the board of directors. Independent outside auditors provide financial reporting assurance services primarily for the benefit of third parties.
(PT. 4 Cont.) (b) For each line provide an example of a function that would be considered to be a part of that line.
(b) *1st Line of Defense* = Line management/operating management *2nd Line of Defense* = - Financial control - Security - Risk management - Quality - Health and safety - Inspection - Compliance - Legal - Environmental - Supply chain *3rd Line of Defense* = Independent assurance, internal audit
(PT. 4 Cont.) (c) What benefit does the application of this model bring to an organization?
(c) The Three Lines of Defense model provides a simple and effective way to enhance communications on risk management and control by clarifying essential roles and duties.
*Which of the following does Moody's advocate as a "best practice" for internal auditing in its report Best Practices in Audit Committee Oversight of Internal Audit?* A. Audit engagement reports should include a clear grading or ranking. B. The internal audit function should report to head of risk management. C. The internal audit function should rely on the organizations ERM system to determine its risk-based audit plan. D. The internal audit function should be outsourced to a 3rd party service provider to increase the function's independence.
A. Audit engagement reports should include a clear grading or ranking.
*A primary purpose of the IIA Standards is to:* A. Establish a basis for evaluating internal audit performance. B. Develop consistency in internal audit practices. C. Promote coordination of internal and external audit efforts. D. Provide a codification of existing practices.
A. Establish a basis for evaluating internal audit performance.
*According to the IIA Standards, what is the role of internal audit as it relates to risk management?* A. Evaluate the effectiveness of the risk management process. B. Determine the risk appetite of the organization. C. Identify and assess significant risk within the organization. d. Communicate relevant risk information to appropriate people within the organization.
A. Evaluate the effectiveness of the risk management process.
*In addition to the International Standards for the Professional Practice of Internal Auditing, some internal audit departments follow other standards in conducting their work, either because of regulatory requirements or by choice. When these other standards are inconsistent with the IIA Standards, what should the audit department do?* A. Follow the standard that is most restrictive. B. Follow the standard that is least restrictive. C. Follow IIA Standards. D. Follow the other standards
A. Follow the standard that is most restrictive.
*Internal audit can strengthen and support any number of standing or special committees of senior management and the governing body. However, before inviting internal audit in, it is critical that the organization consider how internal audit would operate within these committees, including clearly defining internal audit's role and setting proper precautions to protect continued independence and objectivity. Which of the following is not a safeguard that should be put i place to protect IA independence and objectivity?* A. Internal audit should be a voting member of the committee. B. The audit committee should guide the extent of internal audit's participation C. Internal audit's contributions are in the form of questions and insights, not conclusions or advocacy.. D. Internal audit's role on committees should be clearly delineated in the internal audit charter.
A. Internal audit should be a voting member of the committee.
*Which of the following is a Core Principles for the Professional Practice of Internal Auditing?* A. Is appropriately positioned and adequately resourced. B. Maintains confidentiality. C. Promote an ethical culture in the internal auditing profession. D. Develops consistency in internal auditing practices.
A. Is appropriately positioned and adequately resourced.
*To determine to whom the CAE needs to send the final results of an audit engagement, one would consult:* A. The Performance Standards: Assurance Services Implementation Standards. B. The Attribute Standards: Consulting Services Implementation Standards. C. The Performance Standards: Consulting Services Implementation Standards. D. The Attribute Standards: Assurance Services Implementation Standards.
A. The Performance Standards: Assurance Services Implementation Standards.
*Which of the following components of the IPPF are mandatory? (multiple answers possible)* A. The Standards B. The Code of Ethics C. Core Principles D. Practice Guides E. Implementation Guides
A. The Standards B. The Code of Ethics C. Core Principles
*Which of the following is a requirement of The International Standards for the Professional Practice of Internal Auditing?* A. To assess whether the information technology governance of the organization sustains and supports the organization's strategies and objectives. B. To evaluate annually the effectiveness of the audit committee. C. To obtain an annual representation from management acknowledging management's responsibility for the design and implementation of internal controls to prevent illegal acts. D. To issue annually an overall opinion on the adequacy of internal controls in the organization. E. To certify that all error or irregularities in the accounting records discovered within the fiscal year have been reported to the external auditors.
A. To assess whether the information technology governance of the organization sustains and supports the organization's strategies and objectives.
*Attribute Standards:* A. describe the nature of internal audiitng. B. address the attributes of the internal audit function and the individuals performing audit services. C. provide quality criteria against which performance of audit services can be evaluated. D. provide the requirements applicable to assurance or consulting activities.
B. address the attributes of the internal audit function and the individuals performing audit services.
*Which of the following would be considered a second line of defense in the Three Lines of Defense model?* A. A bank's internal audit team conducting an engagement to provide assurance on the compliance of the company's anti-money laundering program. B. A staff member of the corporate compliance and ethics office conducting a review of employee certifications that they have reviewed the organization's code of ethics C. A production line supervisor inspecting a sample of finished goods to ensure quality standards are met. D. An accounting supervisor conducting a monthly review to ensure all reconciliations were completed properly.
B. A staff member of the corporate compliance and ethics office conducting a review of employee certifications that they have reviewed the organization's code of ethics
The 2020 American Corporate Governance Index gave a score for corporate governance health in the U.S. is a grade of: A. A B. B- C. D+ D. C
B. B-
*Who was Cynthia Cooper's (the chief audit executive at WorldCom) direct supervisor?* A. Melvin Dick and Kenny Avery, the Arthur Andersen's audit partners for WorldCom engagement. B. Scott Sullivan the CFO C. Bernard Ebbers the CEO. D. Max Bobbitt, the audit committee chair.
B. Scott Sullivan the CFO
*Which of the following would be consider an assurance service?* A. Conducting a training workshop on internal control for new managers. B. The CAE serves on a committee to select a new external audit firm. C. An engagement to review compliance with the EU new privacy regulations. D. Reviewing and commenting on a draft of a new work-at- home policy HR is developing.
C. An engagement to review compliance with the EU new privacy regulations.
*Which of the following statements regarding the distinctions between internal and external audit is true?* A. The internal auditing profession was created primarily in response to the 1933 and 1934 Securities Exchange Act, external auditing was a concept that came from the stock exchange rules. B. The external auditor reports directly to the audit committee, internal audit reports to the CFO. C. Internal auditors concentrate on the reliability of the accounting data input and subsequent systems processing; external auditors concentrate on the validity of the accounting data output and the underlying supporting evidence. D. Internal auditors hold fiduciary responsibility to shareholders; external auditors hold only a contractual obligation to the corporation retaining the audit service .
C. Internal auditors concentrate on the reliability of the accounting data input and subsequent systems processing; external auditors concentrate on the validity of the accounting data output and the underlying supporting evidence.
*ABC Company's new CFO has asked the company's CAE to meet with her to discuss the role of the internal audit function. The CAE should inform the CFO that the overall responsibility of internal audit is to:* A. Assess the company's methods for safeguarding its assets and, as appropriate, verify the existence of the assets. B. Review the integrity of financial and operating information and the methods used to accumulate and report information. C. Serve as an independent assurance and consulting activity designed to add value and improve the company's operations. D. Determine whether the company's system of internal controls provides reasonable assurance that information is effectively and efficiently communicated to management.
C. Serve as an independent assurance and consulting activity designed to add value and improve the company's operations.
(PT. 5) In February 2019 Wells Fargo issued a 103-page business-standards report ("Learning from the past, transforming for the future") to address changes the bank has made in response to a string of scandals. In particular, the report identifies the following root causes for the problems in their retail banking operations: We had performance management and incentive programs and a high-pressure sales culture in the Community Bank that drove behaviors that were both inappropriate and inconsistent with our values. We had a decentralized business model that granted too much authority and autonomy to the Community Bank's senior management, deemphasized corporate oversight, and encouraged deference to individual businesses (which housed their own key control functions, such as Risk and Human Resources). The culture of substantial deference accorded to the lines of business carried over into the control functions. Certain control functions often adopted a narrow "transactional" approach to issues as they arose. Tight control over information about the Community Bank also hampered the ability of control functions outside the Community Bank and the Board to accurately assess the problem and work toward a solution. As a result of our decentralization and lack of sufficient corporate oversight, we took too long to understand the seriousness and scope of the problems — so actions taken over the years to address the problems proved inadequate. To address this cause over the past two years Wells Fargo has increased head count within its auditing division by about one-third, to 1,350 employees. *However, more auditors alone was not considered sufficient. Given the root causes identified what else would you recommend be changed in terms of the internal audit function?*
The IA activities need be reporting to a strong central audit function without having to go through divisional management. The function should have sufficient status in the organization so that divisional management cannot suppress issues or limit access. This is also true of other 2nd line functions such as risk management, compliance, and control review. Audit committee should require annual statements from the CAE and discuss the IA function's organizational independence.
*Directors, management, external auditors, and internal auditors all play important roles in creating proper control procedures. Senior management is primarily responsible for:* a. Establishing and maintaining an organizational culture. b. Implementing and monitoring controls designed by the board of directors. c. Reviewing the reliability and integrity of financial and operational information. d. Determining the organization's risk appetite. e. Ensuring that external and internal auditors oversee the administration of the system of risk management and control processes.
a. Establishing and maintaining an organizational culture.
Which of the following would not be considered a first line of defense in the Three Lines of Defense model? a. A divisional controller conducts a peer review of compliance with financial control standards. b. An accounts payable clerk reviews supporting documents before processing an invoice for payment. c. An accounting supervisor conducts a monthly review to ensure all reconciliations were completed properly. d. A production line worker inspects finished goods to ensure the company's quality standards are met.
a. A divisional controller conducts a peer review of compliance with financial control standards.
Which of the following would be considered a first line of defense in the Three Lines of Defense model? a. An accounts payable supervisor conducting a weekly review to ensure all payments were issued by the required payment date. b. A divisional compliance and ethics officer conducting a review of employee training records to ensure that all marketing and sales staff have completed the required FCPA training. c. The external audit team observes the counting of inventory on December 31. d. An internal audit team conducting an engagement to provide assurance on the company's Sarbanes-Oxley compliance with internal controls over financial reporting.
a. An accounts payable supervisor conducting a weekly review to ensure all payments were issued by the required payment date.
*Which of the following most likely constitutes a violation of the IIA's Code of Ethic?* a. Auditor A is content as an internal auditor and has come to look at it as a regular 9-to-5 job. Auditor A has not engaged in continuing professional education or other activities to improve effectiveness during the last 3 years. However, Auditor A feels performance of quality work is the same as before. b Auditor B discovered an internal financial fraud during the year. The books were adjusted to reflect properly the loss associated with the fraud. Auditor B discussed the fraud with the external auditor when the external auditor reviewed working papers detailing the incident. c. Auditor C has accepted an assignment to perform an engagement at the electronics manufacturing division. However, Auditor C has recently joined the internal audit function coming from public accounting. Auditor C was senior auditor for the external audit of the division and has audited many electronics organizations during the past 2 years. d. Auditor D has been promoted to associate auditor director and assigned to oversee auditing of the organization's Asian operations. In the past 3 years, Auditor D completed several large consulting engagements for the operations in China and Korea - including serving on the SAP implementation team as a representative of internal audit to do pre-implementation reviews of controls. e. Auditor E has been assigned to perform an engagement at the warehousing function 6 months from now. Auditor E has no expertise in that area but accepted the assignment anyway. Auditor E has signed up for continuing professional education courses in warehousing that will be completed ore the engagement begins.
a. Auditor A is content as an internal auditor and has come to look at it as a regular 9-to-5 job. Auditor A has not engaged in continuing professional education or other activities to improve effectiveness during the last 3 years. However, Auditor A feels performance of quality work is the same as before.
Which of the following is one of the 5 Cs essential to success as an internal auditor? a. Courage. b. Consistency. c. Collaboration. d. Candidness.
a. Courage.
Which of the following are typically governance responsibilities of senior management? I. Delegating its tolerance levels to risk managers. II. Monitoring day-to-day performance of specific risk management activities. III. Establishing a governance committee of the board. IV. Ensuring that sufficient information is gathered to support reporting to the board. a. I and IV. b. II and III. c. I, II, and IV. d. I, II, III, and IV.
a. I and IV.
Within the context of internal auditing, assurance services are best defined as: a. Objective examinations of evidence for the purpose of providing independent assessments. b. Advisory services intended to add value and improve an organization's operations. c. Professional activities that measure and communicate financial and business data. d. Objective evaluations of compliance with policies, plans, procedures, laws, and regulations.
a. Objective examinations of evidence for the purpose of providing independent assessments.
An internal auditor provides income tax services during the tax season. For which of the following activities would the auditor most likely be considered in violation of The IIA's Code of Ethics? a. Preparing, for a fee, a division manager's personal tax returns. b. Appearing on a local radio show to discuss retirement planning and tax issues. c. Receiving a stipend for teaching an evening tax class at the local junior college. d. Working on weekends for a friend who has a small CPA firm.
a. Preparing, for a fee, a division manager's personal tax returns.
AVF Company's new CFO has asked the company's CAE to meet with him to discuss the role of the internal audit function. The CAE should inform the CFO that the overall responsibility of internal audit is to: a. Serve as an independent assurance and consulting activity designed to add value and improve the company's operations. b. Assess the company's methods for safeguarding its assets and, as appropriate, verify the existence of the assets. c. Review the integrity of financial and operating information and the methods used to accumulate and report information. d. Determine whether the company's system of internal controls provides reasonable assurance that information is effectively and efficiently communicated to management.
a. Serve as an independent assurance and consulting activity designed to add value and improve the company's operations.
Which of the following is not a role of the internal audit function in best practice governance activities? a. Support the board in enterprisewide risk assessment. b. Ensure the timely implementation of audit recommendations. c. Monitor compliance with the corporate code of conduct. d. Discuss areas of significant risks.
a. Support the board in enterprisewide risk assessment.
Independent outside auditors provide financial reporting assurance services primarily for: a. The benefit of third parties. b. Management. c. Board of directors. d. The CEO.
a. The benefit of third parties.
Which of the following would be considered a second line of defense in the Three Lines of Defense model? a. An accounts payable supervisor conducting a weekly review to ensure all payments were issued by the required payment date. b. A divisional compliance and ethics officer conducting a review of employee training records to ensure that all marketing and sales staff have completed the required FCPA training. c. A shift supervisor inspecting a sample of finished goods to ensure quality standards are met. d. An internal audit team conducting an engagement to provide assurance on the company's Sarbanes-Oxley compliance with internal controls over financial reporting.
b. A divisional compliance and ethics officer conducting a review of employee training records to ensure that all marketing and sales staff have completed the required FCPA training.
Which of the following is the premier certification sponsored by The IIA? a. Certification in Control Self-Assessment. b. Certified Internal Auditor. c. Certification in Risk Management Assessment. d. Certified Information Systems Auditor.
b. Certified Internal Auditor.
*Coordination of internal and external auditing can reduce the overall costs. Who is responsible for actual coordination of internal and external auditing efforts?* a. External audit or engagement partner. b. Chief audit executive. c. CFO. d. Audit committee chair. e. CEO.
b. Chief audit executive.(CAE)
While planning an internal audit, the internal auditor obtains knowledge about the auditee to, among other things: a. Develop an attitude of professional skepticism about management's assertions. b. Develop an understanding of the auditee's objectives and risks. c. Make constructive suggestions to management concerning internal control improvements. d. Evaluate whether misstatements in the auditee's performance reports should be communicated to senior management and the audit committee.
b. Develop an understanding of the auditee's objectives and risks.
The internal audit function should not: a. Assess the organization's governance and risk management processes. b. Provide advice about how to improve the organization's governance and risk management processes. c. Oversee the organization's governance and risk management processes. d. Coordinate its governance and risk management-related activities with those of the independent outside auditor.
c. Oversee the organization's governance and risk management processes.
*Which of the following would be a violation of IIA's Code of Ethics?* a. An internal auditor was subpoenaed in a court case in which a joint venture partner that claimed to have been defrauded by the auditor's company. The auditor divulged confidential audit information to the court during testimony. b. During an audit, an internal auditor learned that the company was about to introduce a new product that would revolutionize the industry. Because of the probable success of the new product, the product manager suggested that the auditor buy additional stock in the company, which the auditor did. c. An internal auditor's husband inherited 25,000 shares of company stock when his grandfather died. They have held the stock for over two years. d. An internal auditor works weekends doing tax returns for a friend who owns a small CPA firm.
b. During an audit, an internal auditor learned that the company was about to introduce a new product that would revolutionize the industry. Because of the probable success of the new product, the product manager suggested that the auditor buy additional stock in the company, which the auditor did.
Which of the following would be a violation of The IIA's Code of Ethics? a. An internal auditor was subpoenaed in a court case in which a joint venture partner claimed to have been defrauded by the auditor's company. The auditor divulged confidential audit information to the court during testimony. b. During an audit, an internal auditor learned that the company was about to introduce a new product that would revolutionize the industry. Because of the probable success of the new product, the product manager suggested that the internal auditor buy additional stock in the company, which the auditor did. c. An internal auditor's husband inherited 25,000 shares of company stock when his grandfather died. They have held the stock for more than two years. d. An internal auditor works weekends doing tax returns for a friend who owns a small CPA firm.
b. During an audit, an internal auditor learned that the company was about to introduce a new product that would revolutionize the industry. Because of the probable success of the new product, the product manager suggested that the internal auditor buy additional stock in the company, which the auditor did.
A primary purpose of the Standards is to: a. Promote coordination of internal and external audit efforts. b. Establish a basis for evaluating internal audit performance. c. Develop consistency in internal audit practices. d. Provide a codification of existing practices.
b. Establish a basis for evaluating internal audit performance.
Which of the following types of IPPF guidance require(s) public exposure? I. A new Implementation Guide. II. A new standard. III. New Supplemental Guidance for auditing cybersecurity. IV. A new definition in the Standards Glossary. a. III only. b. II and IV. c. II, III, and IV. d. I, II, III, and IV.
b. II and IV.
*In the IIA's International Professional Practice Framework (IPPF), which of the following are mandatory guidance?* *I. Practice Advisories II. The Code of Ethics III. Practice Guides IV. The Definition of Internal Auditing V. The International Standards for the Professional Practice of Internal Auditing. VI. Core Principles for the Professional Practice of Internal Auditing* a. I, II, III, IV, V and VI. b. II, IV, V, and VI only. c. V and IV only. d. II and V only. e. I and III only.
b. II, IV, V, and VI only.
*Within the context of internal auditing, assurance services are best defined as:* a. Advisory services intended to add value and improve an organization's operations. b. Objective examinations of evidence for the purpose of providing independent assessments. c. Objective evaluations of compliance with policies, plans, procedures, laws, and regulations. d. Professional activities that measure and communicate financial and business data.
b. Objective examinations of evidence for the purpose of providing independent assessments.
According to the Standards, how is the independence of the internal audit function achieved? a. Staffing and supervision. b. Organizational status and objectivity. c. Human relations and communications. d. Quality assurance and internal review.
b. Organizational status and objectivity.
Which of the following represents the best governance structure? *1. Operating MGT.* *2. Exec. MGT* *3. Internal Auditing* a. Responsibility for risk/Oversight role/Advisory role. b. Oversight role/Responsibility for risk/Advisory role c. Responsibility for risk/Advisory role/Oversight role d. Oversight role/Advisory role/Responsibility for risk
b. Oversight role/Responsibility for risk/Advisory role
Who is responsible for establishing the strategic objectives of an organization? a. The board of directors. b. Senior management. c. Consensus among all levels of management. d. The board and senior management jointly.
b. Senior management.
Who is ultimately responsible for identifying new or emerging key risk areas that should be covered by the organization's governance process? a. The board of directors. b. Senior management. c. Risk owners. d. The internal audit function.
b. Senior management.
Which of the following statements regarding corporate governance is not correct? a. Corporate control mechanisms include internal and external mechanisms. b. The compensation scheme for management is part of the corporate control mechanisms. c. The dilution of shareholders' wealth resulting from employee stock options or employee stock bonuses is an accounting issue rather than a corporate governance issue. d. The internal audit function of a company has more responsibility than the board for the company's corporate governance.
b. The compensation scheme for management is part of the corporate control mechanisms.
According to the Standards, which of the following must the internal audit manager think about when considering appropriate due care while planning an assurance engagement? a. The opportunity to cross-train internal audit staff. b. The cost of assurance in relationship to potential benefits. c. Job openings in the area that may be of interest to internal auditors assigned to the engagement. d. The potential to deliver consulting services to the auditee.
b. The cost of assurance in relationship to potential benefits.
The Internal Audit Foundation exists to help audit leaders, practitioners, students, and academics experience continuous growth in their careers to propel them to become: a. Strong assurance providers. b. Trusted advisors. c. Independent outside auditors. d. CAEs.
b. Trusted advisors.
An internal auditor is auditing a division in which the division's chief financial officer (CFO) is a close, personal friend. The auditor learns that the friend is to be replaced after a series of critical contract negotiations with the Department of Defense. The auditor relays this information to the friend. Which principle of The IIA's Code of Ethics has been violated? a. Integrity. b. Objectivity. c. Confidentiality. d. Privacy.
c. Confidentiality.
*Due professional care calls for:* a. Detailed review of all transactions related to a particular function. b. Testing in sufficient detail to give absolute assurance that noncompliance does not exist. c. Consideration of the possibility of material irregularities during every engagement. d. Infallibility and extraordinary performance when the system of internal controls is known to be weak. e. Consideration of industry best practices on each engagement.
c. Consideration of the possibility of material irregularities during every engagement.
Which of the following are "mandatory guidance" in The IIA's IPPF? I. Implementation Guides. II. The Code of Ethics. III. The Definition of Internal Auditing. IV. The Standards. a. I, II, and IV. b. II and IV. c. II, III, and IV. d. I, II, III, and IV.
c. II, III, and IV.
ABC utility company sells electricity to residential customers and is a member of an industry association that provides guidance to electric utilities, lobbies on behalf of the industry, and facilitates sharing among its members. From ABC's perspective, what type of stakeholder is this industry association? a. Directly involved in the operation of the company. b. Interested in the success of the company. c. Influences the company. d. Not a stakeholder.
c. Influences the company.
Companies in industries that are heavily regulated may be subject to audits by the regulator's auditors. While not specifically covered in the Three Lines of Defense model, such auditors would most likely be considered: a. Part of the first line of defense. b. Part of the second line of defense. c. Part of the third line of defense. d. Not a line of defense.
c. Part of the third line of defense.
Internal auditors must have competent interpersonal skills. Which of the following does not represent an attribute of interpersonal skills? a. Communication. b. Leadership. c. Project management. d. Team capabilities.
c. Project management.
Which of the following is not an appropriate governance role for an organization's board of directors? a. Evaluating and approving strategic objectives. b. Influencing the organization's risk-taking philosophy. c. Providing assurance directly to third parties that the organization's governance processes are effective. d. Establishing broad boundaries of conduct, outside of which the organization should not operate.
c. Providing assurance directly to third parties that the organization's governance processes are effective.
*Audit report content and format may vary; but according to The International Standards of Professional Practice of Internal Auditing which of the following is a necessary element?* a. Status of findings from prior reports. b. The auditee's views about the engagement's conclusions. c. Scope of what was cover in the engagement. d. Documentation of previous oral communications with area management.
c. Scope of what was cover in the engagement.
Which of the following is recommended guidance within the IPPF? a. The Definition of Internal Auditing. b. The Standards. c. Supplemental guidance. d. None of the above.
c. Supplemental guidance.
*The critical characteristics that individuals, teams, and organizations must have to provide effective internal audit services are described in:* a. The Definition of Internal Auditing b. The Code of Ethics c. The Attribute Standards d. The Implementation Standards e. The Performance Standards
c. The Attribute Standards
*To whom did Cynthia Cooper, the Chief Audit Executive for WorldCom, directly report at the time of the WorldCom fraud?* a. The chair of the audit committee. b. The KPMG audit partner for WorldCom. c. The CFO. d. The CEO. e. The General Counsel.
c. The CFO.
Which of the following is a framework that can help individual internal auditors and internal audit functions assess their current competency levels and identify areas for improvement? a. Internal Control - Integrated, Framework. b. International Professional Practices Framework. c. The Global Internal Auditor Competency Framework. d. Enterprise Risk Management Framework.
c. The Global Internal Auditor Competency Framework.
The IIA's Standards require internal auditors to exercise due professional care while conducting assurance engagements. Which of the following is not something an internal auditor is required to consider in determining what constitutes the exercise of due care in an assurance engagement of treasury operations? a. The audit committee has requested assurance on the treasury function's compliance with a new policy on use of financial instruments. b. Treasury management has not instituted any risk management policies. c. The independent outside auditors have requested to see the engagement report and working papers. d. The treasury function just completed implementation of a new real-time investment tracking system.
c. The independent outside auditors have requested to see the engagement report and working papers.
*Which of the following is a requirement of The International Standards for the Professional Practice of Internal Auditing?* a. To evaluate annually the effectiveness of the audit committee. b. To obtain an annual representation from management acknowledging management's responsibility for the design and implementation of internal controls to prevent illegal acts. c. To evaluate the effectiveness of the organization's ethics-related objectives, programs, and activities. d. To certify that all error or irregularities in the accounting records discovered within the fiscal year have been reported to the external auditors. e. To issue annually an overall opinion on the adequacy of internal controls in the organization.
c. To evaluate the effectiveness of the organization's ethics-related objectives, programs, and activities.
In which of the following situations does the internal auditor potentially lack objectivity? a. A payroll accounting employee assists an internal auditor in verifying the physical inventory of small motors. b. An internal auditor discusses a significant issue with the vice president to whom the auditee reports prior to drafting the audit report. c. An internal auditor recommends standards of control and performance measures for a contract with a service organization for the processing of payroll and employee benefits. d. A former purchasing assistant performs a review of internal controls over purchasing four months after being transferred to the internal audit department.
d. A former purchasing assistant performs a review of internal controls over purchasing four months after being transferred to the internal audit department.
Which of the following are components of the definition of internal auditing? a. Independence and objectivity. b. A systematic and disciplined approach. c. Helping the organization accomplish its objectives. d. All of the above.
d. All of the above.
Which of the following are required of the internal audit function per the Standards? a. Evaluate the effectiveness of the audit committee annually. b. Issue an overall opinion on the adequacy of the organization's system of internal controls annually. c. Obtain an annual representation from management acknowledging management's responsibility for the design and implementation of internal controls to prevent illegal acts. d. Assess whether the IT governance of the organization sustains and supports the organization's strategies and objectives.
d. Assess whether the IT governance of the organization sustains and supports the organization's strategies and objectives.
*Which of the following statements is not true about business objectives?* a. Establishing meaningful business objectives is a prerequisite to effective internal control. b. Establishing meaningful business objectives is a key component of the management process. c. The measurable steps the organization takes to achieve its strategy. d. Business objectives are management's means of employing resources and assigning responsibilities. e. Business objectives represent targets of performance.
d. Business objectives are management's means of employing resources and assigning responsibilities.
Which of the following statements is not true about business objectives? a. Business objectives represent targets of performance. b. Establishing meaningful business objectives is a prerequisite to effective internal control. c. Establishing meaningful business objectives is a key component of the management process. d. Business objectives are management's means of employing resources and assigning responsibilities.
d. Business objectives are management's means of employing resources and assigning responsibilities.
Which of the following is the ultimate position of a career internal auditor? a. CEO. b. CFO. c. CRO. d. CAE.
d. CAE.
What types of business events tend to drive new legislation and guidance? a. Economic downturns. b. Fraud or other corporate wrongdoing. c. Elections or other political changes. d. Economic growth.
d. Economic growth.
In addition to the Standards, some internal audit departments follow other standards in conducting their work, either because of regulatory requirements or by choice. When these other standards are inconsistent with IIA Standards, what should the audit department do? a. Follow IIA Standards. b. Follow the other standards. c. Follow the standard that is least restrictive. d. Follow the standard that is most restrictive.
d. Follow the standard that is most restrictive.
Which of the following is/are components of the Standards? I. Statements. II. Interpretations. III. Glossary. a. I only. b. I and II. c. I and III. d. I, II, and III.
d. I, II, and III.
*As part of a company-sponsored award program, an internal auditor was offered an award of significant monetary value by a division in recognition of the cost savings that resulted from the auditor's recommendations. According to the International Professional Practices Framework, what is the most appropriate action for the auditor to take?* a. Accept the gift since the engagement is already concluded and the report issued. b. Accept the award under the condition that any proceeds go to charity. c. Accept the gift on condition it is spread across all the members of the audit team. d. Inform audit management and ask for direction on whether to accept the gift. e. Decline the gift and advise the division manager's superior.
d. Inform audit management and ask for direction on whether to accept the gift.
Which of the following is a Core Principle for the Professional Practice of Internal Auditing? a. Maintain confidentiality. b. Promote an ethical culture in the internal audit profession. c. Develop consistency in internal audit practices. d. Is appropriately positioned and adequately resourced.
d. Is appropriately positioned and adequately resourced.
*Which of the following is an appropriate responsibility of the board?* a. Performing a review of the procurement function of the organization. b. Recommending the assignment of specific internal audit staff members for specific engagements. c. Performing the internal review of the internal audit function's quality assurance and improvement program. d. Reviewing the CAE-supplied internal audit function's engagement work plan. e. Reviewing the engagement records of the external auditor to determine their competence.
d. Reviewing the CAE-supplied internal audit function's engagement work plan.
To determine what needs to be done regarding follow-up on an assurance engagement the internal audit staff just completed, one would consult: a. The Attribute Standards: Assurance Services Implementation Standards. b. The Performance Standards: Consulting Services Implementation Standards. c. The Attribute Standards: Consulting Services Implementation Standards. d. The Performance Standards: Assurance Services Implementation Standards.
d. The Performance Standards: Assurance Services Implementation Standards.
Which of the following is mandatory guidance within the IPPF? a. Implementation guidance. b. Supplemental guidance. c. The value proposition. d. The core principles.
d. The core principles.
Assurance, Insight, and Objectivity comprise: a. The mission of internal auditing. b. The three lines of defense model. c. The objectives of internal auditing. d. The value proposition.
d. The value proposition.
*An internal auditor who encounters an ethical dilemma not explicitly addressed by The IIA's Code of Ethics should always:* a. Seek counsel from an independent attorney to determine the personal consequences of potential actions. b. Consult with your organizations General Counsel. c. Seek the counsel of the audit committee before deciding on an action. d. Act consistently with the employing organization's code of ethics even if such action would not be consistent with The IIA's Code of Ethics. e. Take action consistent with the principles embodied in The IIA's Code of Ethics.
e. Take action consistent with the principles embodied in The IIA's Code of Ethics.