CIA PT 2

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which of the following is the proper way for an internal auditor to resolve conflict?By the guidelines set out in the organization's code of conduct 1.By the guidelines set out in 2.The IIA's Code of Ethics 3.The procedures designated by the CAE

2. only really dumb An internal auditor is first and foremost an internal auditor. Thus, in the performance of all services, the internal auditor is guided by The IIA's Code of Ethics and the Standards.

Which of the following is not a true statement about the relationship between internal auditors and external auditors? A. External auditors must assess the competence and objectivity of internal auditors. B. Internal auditors may provide engagement work programs and working papers to external auditors. C. There may be an exchange of engagement communications and management letters. D. There may be periodic meetings between internal and external auditors to discuss matters of mutual interest.

A. External auditors must assess the competence and objectivity of internal auditors. The external auditor assesses the objectivity and competence of the internal auditors only if (s)he intends to rely on their work.

Internal auditors must develop and document a plan for each engagement. The planning process should include all the following except A. Obtaining background information about the activities to be reviewed. B. Determining how, when, and to whom the engagement results will be communicated. C. Identifying sufficient information to achieve engagement objectives. D. Establishing engagement objectives and scope of work.

C. Identifying sufficient information to achieve engagement objectives. Internal auditors must develop and document a plan for each engagement, including the engagement's objectives, scope, timing, and resource allocations (Perf. Std. 2200). Identifying sufficient information to achieve engagement objectives is done during field work, not planning.

An organization's oversight of and responsibility for an outsourced internal audit activity (IAA) is most likely demonstrated by A. Hiring specialized consultants B. Establishing field offices C. Maintaining a quality program D. Selecting appropriate internal audit staff

C. Maintaining a quality program An organization's oversight of and responsibility for an outsourced IAA is demonstrated through the quality assurance and improvement program (QAIP). It assesses conformance with the Code of Ethics and the Standards (Inter. Std. 2070). The QAIP should include (1) ongoing monitoring, (2) periodic self-assessments, and (3) external assessments.

The reliability and integrity of all critical information of an organization, regardless of the media in which the information is stored, is the responsibility of A. All employees B. IT department C. Management D. Shareholders

C. Management Internal auditors determine whether senior management and the board have a clear understanding that information reliability and integrity is a management responsibility. Information reliability and integrity includes accuracy, completeness, and security.

An engagement objective is to verify that the correct goods or services are received on time, at the right price, and in the right quantity. Based on this objective, the function to be reviewed is the A. Payroll department. B. Manufacturing department C. Purchasing department D. Receiving department

C. Purchasing department The primary function of a purchasing department is to ensure the authorized acquisition of goods and services of a specified quality and quantity on a timely basis at an economical price. User departments should authorize purchases based upon need and within budget. The purchasing department executes the purchase transaction upon appropriate authorization.

Direct staff as a percentage of total staff is an example of which of the following types of efficiency measures? A. Operating ratio B. Productivity ratio C. Resource utilization rate D. Productivity index

A. Operating ratio The operating ratio measures the operational efficiency of an organization. Staffing is a component of operations, and direct staff as a percentage of total staff is an example of an operating ratio. The productivity ratio measures output relative to input. The resource usage rate measures resource use relative to available resources. The productivity index measures production potential.

Which of the following does the internal auditor of a contracting company not have to review as thoroughly in a lump-sum contract? A. Work completed in accordance with the contract. B. Adjustments to labor costs. C. Progressive payments. D. Incentives associated with the contract.

A. Work completed in accordance with the contract. The internal auditor usually has little to evaluate when the work is performed in accordance with the contract. Further, the internal auditor may lack the technical expertise to know if the contract is being completed according to the terms.

Which of the following is least likely to be placed on the agenda for discussion at a pre-engagement meeting? A. Client personnel needed. B. Expected starting and completion dates. C. Sampling plan and key criteria. D. Objectives and scope of the engagement.

C. Sampling plan and key criteria. Possible objectives and scope for the engagement, the client personnel to whom the auditors need access, and the expected start and completion dates for the engagement are all appropriate matters for discussion at a pre-engagement meeting. The sampling plan cannot be drafted until risk is assessed and the engagement objectives are set.

Who reviews and approves a summary of the internal audit plan? A. Senior management only. B. The chief audit executive (CAE) only. C. Senior management and the board. D. The audit committee and the board.

C. Senior management and the board. According to Perf. Std. 2020, senior management and the board review and approve the internal audit plan.

Freedom from monitoring best defines A. Privacy of information. B. Personal privacy. C. Privacy of space. D. Privacy of communication.

D. Privacy of communication. Privacy may encompass (1) personal privacy (physical and psychological), (2) privacy of space (freedom from surveillance), (3) privacy of communication (freedom from monitoring), and (4) privacy of information (collection, use, and disclosure of personal information by others).

Which of the items below most likely reflects differences between the policies of a relatively large and a relatively small internal audit activity? The policies for the large activity should A. Contain the authority to carry out engagements. B. Be in considerable detail. C. Be specific as to activities to be carried out. D. Define the scope of internal auditing.

B. Be in considerable detail.

Written policies and procedures relative to managing the internal audit activity should A. Result in consistent job performance. B. Give consideration to its structure and the complexity of the work performed. C. Prescribe the format and distribution of engagement communications and the classification of observations. D. Ensure compliance with its performance standards.

B. Give consideration to its structure and the complexity of the work performed. The form and content of policies and procedures are dependent upon the size and structure of the internal audit activity and the complexity of its work (Inter. Std. 2040).

The function of internal auditing, as related to communicating results, is to A. Review the expenditure items and match each item with the expenses incurred. B. Identify inadequate controls that increase the likelihood of unauthorized expenditures. C. Determine whether any employees are expending funds without authorization. D. Ensure compliance with reporting procedures.

B. Identify inadequate controls that increase the likelihood of unauthorized expenditures. The internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement (Perf. Std. 2130).

Which of the following is an effective tool for uncovering unethical or illegal activity in an organization? A. The screening of applicants. B. The ethics questionnaire. C. The background check. D. The ethics interview.

B. The ethics questionnaire. An effective tool for uncovering unethical or illegal activity is the ethics questionnaire. Each employee of the organization should receive a questionnaire that asks whether the employee is aware of kickbacks, bribes, or other wrongdoing. NOTE- ACTIVELY

Which internal audit planning tool is general in nature and is used to ensure adequate engagement coverage over time? A. The engagement work program. B. The internal audit activity's charter. C. The audit plan. D. The internal audit activity's budget.

C. The audit plan. According to Perf. Std. 2010, the CAE must establish a risk-based audit plan to determine the priorities of the internal audit activity. Such a plan ensures adequate engagement coverage over time.

Johnny Hagert, Chief Audit Executive, is determining the sufficiency of his resource allocation. Mr. Hagert must consider all of the following except A. Consequences of not completing the engagement on time. B. Knowledge of the internal audit staff. C. The audit universe. D. Communication received from management and the board.

C. The audit universe. Sufficiency relates to the quantity of resources needed to accomplish the approved audit plan. However, the resource allocation applies to the approved audit plan, not to the universe of all possible audits within the organization.

Internal audit resources should be appropriate, sufficient, and effectively deployed. Consequently, A. The chief audit executive ultimately must ensure the adequacy of resources. B. Resource planning should be limited to expected activities. C. The chief audit executive should perform a periodic skills assessment. D. Only members of the internal audit staff should perform internal audit activities.

C. The chief audit executive should perform a periodic skills assessment. The skills, technical knowledge, and capabilities of the internal audit staff should be appropriate for the planned work. Thus, the chief audit executive should perform a periodic skills assessment based on the needs identified in the risk assessment and the audit plan.

T/F: One advantage of formal questionnaires is that they are easy to prepare

FALSE Although formal questionnaires can be very useful in obtaining an understanding of the client's controls, they are difficult to prepare and time-consuming to administer.

When determining the number and experience level of an internal audit staff to be assigned to an engagement, the chief audit executive should consider which of the following? 1. Complexity of the engagement 2. Length of the engagement 3. Available internal audit activity resources 4. Lapsed time since the last engagement

1 & 3 only. The complexity of the engagement determines the experience and skills required of the assigned staff. Available resources also are a factor in a staffing decision.

Which of the following types of engagements, if any, involve an internal auditor conducting performance audits to measure how well an organization is achieving its targets for its key performance indicators? 1. An assurance engagement 2. A consulting engagement

1 Only In an assurance engagement, internal auditors conduct performance audits to measure how well an organization is achieving its targets for its key performance indicators.

Which of the following are approaches to a control self-assessment (CSA) program? 1. Facilitation 2. Cost-benefit 3. Survey 4. Self-certification

1,3,&4

In selecting a sample of items for variables testing, an auditor must consider the desired precision, the standard deviation, and the A. Acceptable risk level. B. Sampling interval. C. Recorded monetary amount of the population. D. Expected occurrence rate.

A. Acceptable risk level. Four factors determine the size of a classical variables sample: the confidence coefficient, the estimated standard deviation of the population, the population size, and the tolerable misstatement (desired precision).

The organization's inventories are under the administration of three production managers. The internal auditors perform a standard limited test of finished goods inventory balances every year. During this year's engagement concerning inventories, the internal auditors noted finished goods inventories were abnormally high, sales were consistent with prior years, and returns and allowances appeared normal. The internal auditors performed the usual random sample recount of several finished goods inventory cards without discrepancy and then extended the testing to include 10 raw materials and 10 work-in-process cards, noting no exceptions. The following statement was included in the engagement workpapers: "Our standard test of finished goods inventories revealed no exceptions to the inventory count. We extended our tests this year to include both raw materials and work-in-process without exception. At the time of our engagement, the supervising inventory managers were not available; however, the division secretary indicated that performance standards were on file. It appears that there is adequate awareness and understanding of the performance standards." Which of the following informational criteria isnotviolated? A. All criteria are violated B. Sufficiency C. Relevance D. Reliability

A. All criteria are violated The conclusion violates the criteria of sufficiency, reliability, and relevance. The sufficiency criterion is violated because recounting several inventory items is insufficient given the abnormally high inventory. The reliability criterion is violated because the performance standard information is not the best attainable. The internal auditors should interview inventory managers to determine their awareness and understanding of the performance standards. The relevance criterion is violated because the information related to raw materials and work-in-process does not pertain to the finished goods inventory.

Engagements must be properly supervised to ensure objectives are achieved, quality is assured, and staff is developed (Perf. Std. 2340). A. An on-site ombudsperson, backed by a nonretaliation policy. B. An in-house representative, backed by a retaliation policy. C. An off-site attorney who can better protect attorney-client privilege. D. An expert from the legal department, backed by a nonretaliation policy.

A. An on-site ombudsperson, backed by a nonretaliation policy. Although an attorney monitoring the hotline is better able to protect attorney-client and work-product privileges, one study observed that employees have little confidence in hotlines answered by the legal department or by an outside service. The same study showed that employees have even less confidence in write-in reports or an off-site ombudsperson, but have the most confidence in hotlines answered by an in-house representative (or an on-site ombudsperson) and backed by a nonretaliation policy.

The most reliable forms of documentary evidence are those documents that are A. Authorized by a responsible official. B. Prenumbered. C. Easily duplicated. D. Internally generated.

A. Authorized by a responsible official. Externally generated documents are deemed to be more reliable than those produced by the auditee. However, the evidentiary value of the latter is enhanced if they are subject to effective control. Accordingly, authorization by an appropriate party lends credibility to a document because it increases the probability that the underlying transaction is valid.

With regard to providing an assurance service for the organization's privacy framework, the internal audit activity (IAA) assesses the adequacy of risk identification and controls. The IAA also A. Considers practices in relevant jurisdictions. B. Devises and implements controls. C. Confirms to the board that information security is the IAA's responsibility. D. Performs a consulting engagement to provide advice on information security protocols.

A. Considers practices in relevant jurisdictions. The IAA assesses the adequacy of (1) management's risk identification and (2) the controls that reduce those risks. Moreover, the IAA evaluates the privacy framework, identifies significant risks, and makes recommendations. It also considers (1) laws, regulations, and practices in relevant jurisdictions; (2) the advice of legal counsel; and (3) the security efforts of IT specialists.

When an internal auditor's sampling objective is to obtain a measurable assurance that a sample will contain at least one occurrence of a specific critical exception existing in a population, the sampling approach to use is A. Discovery B. Variables C. Random D. Probability-proportional-to-size

A. Discovery Discovery sampling is a form of attribute sampling used to identify critical deviations in a population. The occurrence rate is assumed to be at or near 0%, and the method cannot be used to evaluate results statistically if deviations are found in the sample. Hence, discovery sampling is used for tests of controls, but it is appropriate only when one deviation is critical. The sample size is calculated so that the sample will contain at least one example of a deviation if it occurs in the population at a given rate.

Which of the following is not included in the statement of scope in an engagement final communication? A. Engagement objectives. B. Activities not reviewed. C. Nature and extent of the work performed. D. Period covered by the engagement.

A. Engagement objectives. Scope statements identify the audited activities and may include supportive information such as time period reviewed and related activities not reviewed to delineate the boundaries of the engagement. They may describe the nature and extent of engagement work performed. Engagement objectives are included in the purpose paragraph.

An auditor frequently uses flowcharts to determine whether there is A. Inefficiency and lack of controls. B. Sufficient but not excessive personnel assigned to an operation. C. Satisfactory performance of an operation. D. Authority to meet the performance criteria.

A. Inefficiency and lack of controls. Flowcharts are graphical representations of the step-by-step progression of transactions including document (information) preparation, authorization, flow, storage, etc. Flowcharting allows the internal auditor to analyze a system and to identify the strengths and weaknesses of the purported internal controls and the appropriate areas of audit emphasis.

Internal auditors should be active listeners to gain the most information in an internal audit interview. Which of the following best describes how an active listener behaves in an interview? The listener A. Listens with acceptance, empathy, and intensity. B. Avoids looking directly at the speaker and interrupting his or her train of thought. C. Judges and evaluates the information as it is presented. D. Formulates arguments and conclusions as pieces of the speaker's information fit together.

A. Listens with acceptance, empathy, and intensity. The most reliable form of engagement information is that obtained through the internal auditor's direct experience. Thus, a physical inspection provides the best information about the current condition of equipment.

The internal audit activity of a large organization has established its operating plan and budget for the coming year. The operating plan is restricted to the following categories: a prioritized listing of all engagements, staffing, a detailed expense budget, and the commencement date of each engagement. Which of the following best describes the major deficiency of this operating plan? A. Measurability criteria and targeted dates of completion are not provided. B. Opportunities to achieve operating benefits are ignored. C. Requests by management for special projects are not considered. D. Knowledge, skills, and other competencies required to perform work are ignored.

A. Measurability criteria and targeted dates of completion are not provided. The goals of the internal audit activity should be capable of accomplishment within given operating plans and budgets and should be measurable to the extent possible. They should be accompanied by measurement criteria and targeted dates of accomplishment.

After completing an engagement work program step regarding materials movement between storage and assembly, the internal auditor would most likely prepare a(n) A. Observation B. Conclusion C. Opinion D. Report

A. Observation A finding (observation) is a relevant statement of fact about the results of audit testwork without interpretation or commentary. After performing testwork, the next step for the internal auditor is to draft his or her findings/observations.

In a sampling application, the group of items about which the auditor wants to estimate some characteristic is called the A. Population B. Sampling unit C. Sample D. Attribute of interest

A. Population The population is the group of items about which an auditor wishes to draw conclusions.

In evaluating an attribute sample, the range within which the estimate of the population characteristic is expected to fall is called A. Precision B. Expected error rate C. Upper error limit D. Confidence level

A. Precision The precision of an attribute sample (also called the confidence interval or allowance for sampling risk) is an interval around the sample statistic that the auditor expects to contain the true value of the population. In attribute sampling (used in tests of controls), precision is determined by subtracting the expected error rate from the tolerable error rate in the population.

Which of the following statements describes an internal control questionnaire? It A. Provides indirect evidence that might need corroboration. B. Provides detailed evidence regarding the substance of the control system. C. Requires that the internal auditor be in attendance to properly administer it. D. Takes less of the engagement client's time to complete than other control evaluation devices.

A. Provides indirect evidence that might need corroboration. An internal control questionnaire consists of a series of questions about the controls designed to prevent or detect errors or irregularities. Answers to the questions help the internal auditor to identify specific internal control policies and procedures relevant to specific assertions and to design tests of controls to evaluate the effectiveness of their design and operation. The questionnaire provides a framework to assure that specific concerns are not overlooked, but it is not a sufficient means of understanding the entire system. Thus, the evidence obtained is indirect and requires corroboration by means of observation, interviews, flowcharting, examination of documents, etc.

During an interview with a data input clerk to discuss a computerized system used to track employee training requirements and compliance, an internal auditor identifies a potentially significant weakness in the system. The internal auditor should A. Conduct a second interview after determining whether the weakness actually exists. B. Ask indirect questions that will help get more factual information relating to the potential weakness. C. Not mention the weakness, directly or indirectly, to avoid making the clerk uncomfortable. D. Ask the clerk about the weakness and determine immediately whether the observation should be communicated.

B. Ask indirect questions that will help get more factual information relating to the potential weakness. Indirect questions may allow the internal auditor to obtain some information without making the clerk feel accused. An interviewee who has been put at ease and does not feel threatened is more likely to be cooperative.

An operational engagement relating to the production function includes a procedure to compare actual costs with standard costs. The purpose of this engagement procedure is to A. Determine the accuracy of the system used to record actual costs. B. Assist management in its evaluation of effectiveness and efficiency. C. Measure the effectiveness of the standard cost system. D. Assess the reasonableness of standard costs.

B. Assist management in its evaluation of effectiveness and efficiency. An operational engagement (audit) assesses the efficiency and effectiveness of an organization's operations. A comparison of actual and standard costs addresses efficiency and effectiveness.

According to IIA guidance, when an engagement final communication contains a significant error, the chief audit executive is required to do which of the following? A. Issue a written report to the audit committee and senior management. B. Communicate corrected information to all individuals who received the original communication. C. Issue a written report to individuals who can ensure that engagement results are given due consideration. D. Communicate corrected information to all those who might have relied on the original communication.

B. Communicate corrected information to all individuals who received the original communication. If a final engagement communication contains a significant error or omission, the CAE must communicate corrected information to all who received the original communication (Perf. Std. 2421). Thus, the Standardsdo not require a written report.

In sampling applications, the standard deviation represents a measure of the A. Level of confidence desired. B. Degree of data variability C. Expected error rate D. Extent of precision achieved

B. Degree of data variability The standard deviation measures the variability within a population.

The appropriate sampling plan to use to identify at least one irregularity, assuming some number of such irregularities exist in a population, and then to discontinue sampling when one irregularity is observed is A. Stop-or-go sampling. B. Discovery sampling. C. Attribute sampling D. Variables sampling

B. Discovery sampling. Discovery sampling is a form of attribute sampling applied when a control is critical and a single deviation is important, for example, commission of a material fraud. The expected deviation rate should be at or near zero, and the sample size is calculated so that the sample will include at least one example of a deviation if it occurs in the population at a given rate.

In documenting the procedures used by several interacting departments the internal auditor will most likely use a(n) A. Vertical flowchart B. Horizontal (or systems) flowchart. C. Internal control questionnaire. D. Gantt chart.

B. Horizontal (or systems) flowchart. Flowcharting is a useful tool for systems development as well as understanding the internal control structure. A flowchart is a pictorial diagram of the definition, analysis, or solution of a problem in which symbols are used to represent operations, data flow, equipment, etc. A systems flowchart provides an overall view of the inputs, processes, and outputs of a system, such as a set of interacting departments.

If all other factors in a sampling plan are held constant, changing the measure of tolerable misstatement to a smaller value will cause the sample size to be A. Unchanged B. Larger C. Smaller D. Indeterminate

B. Larger The size of the precision interval in a variables test is based upon the tolerable misstatement that is determined by materiality judgments. As this value decreases, for example, because of a decrease in tolerable misstatement, the size of the required sample increases accordingly, and vice versa. Hence, tolerable misstatement (precision) and sample size are inversely related.

Fact Pattern:The chief audit executive is reviewing some of the basic concepts inherent in the performance of an engagement with three internal auditors who are on a rotation assignment. After 6 months in the internal audit activity, they will move back to line positions. Each of them has fairly extensive organizational experience and is on a fast track to a high-level management line position. To develop their analytical decision-making abilities, the CAE pulls some old engagement working papers, holding back the review notes and clearing comments. The CAE asks the team to indicate the informational criteria that are violated. In an engagement to evaluate the effectiveness and validity of a subsidiary's marketing expenditures, the internal auditors identified the following information: 1. Analytical comparisons of advertising expenditures and changes in shopping patterns and item sales 2. Direct observation of various advertising media used 3. Review of a marketing survey of general public reaction to the marketing plan Which of the following informational criteria, if any, is violated? A. Reliability B. No criteria are violated C. Sufficiency D. Relevance

B. No criteria are violated The identified information is sufficient (factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions), reliable (the best attainable through the use of appropriate engagement techniques), and relevant (supports engagement observations and recommendations and is consistent with the objectives for the engagement) (Inter. Std. 2310).

The statistical quality control department prepares a control chart showing the percentages of defective production. Simple statistical calculations provide control limits that indicate whether assignable causes of variation are explainable on chance grounds. The chart is particularly valuable in determining whether the quality of materials received from outside vendors is consistent from month to month. What is the best term for this chart? A. X-bar chart B. P chart C. C chart D. R chart

B. P chart The question states that "the statistical quality control department prepares a control chart showing the percentages of defective production." P charts show the percentage of defects in a sample.

If a financial institution overstated revenue by charging too much of each loan payment to interest income and too little to repayment of principal, which of the following audit procedures would be least likely to detect the error? A. Using test data and submitting interest payments for various loans in the test portfolio to determine if they are recorded correctly. B. Performing an analytical review by comparing interest income this period as a percentage of the loan portfolio with the interest income percentage for the prior period. C. Using an integrated test facility (ITF) and submitting interest payments for various loans in the ITF portfolio to determine if they are recorded correctly. D. Using generalized audit software to select a random sample of loan payments made during the period, calculating the correct posting amounts, and tracing the postings that were made to the various accounts.

B. Performing an analytical review by comparing interest income this period as a percentage of the loan portfolio with the interest income percentage for the prior period. Analytical review is the least effective procedure. It provides only a comparison with the prior period when the same error may have been made. Moreover, it is a global test that does not isolate the cause of a suspected misstatement.

An internal audit staffer has just completed an assessment of the engagement client's operating and financial controls. The auditor's preliminary conclusion is that controls are adequately designed to achieve management's operating and financial objectives. The auditor's next step is to A. Present his or her findings to the chief audit executive. B. Report his or her results to the auditor in charge. C. Prepare a plan for testing internal controls. D. Prepare a preliminary report on internal controls for presentation to the board.

B. Report his or her results to the auditor in charge. The auditor in charge of the engagement is responsible for coordinating the results of audit work and ensuring that work performed supports conclusions and opinions. For this reason, internal audit staff must report the results of audit work to the auditor in charge.

One purpose of the exit meeting is for the internal auditor to A. Present the final engagement communication to management. B. Review and verify the appropriateness of the engagement communication based upon client input. C. Review the performance of internal auditors assigned to the engagement. D. Require corrective action.

B. Review and verify the appropriateness of the engagement communication based upon client input. The primary purpose of an exit meeting is to present audit findings. A secondary purpose, among others, is to review and verify the appropriateness of the engagement communication based upon client input.

Scope statements identify the audited activities and may include supportive information such as time period reviewed and related activities not reviewed to delineate the boundaries of the engagement. They may describe the nature and extent of engagement work performed. Engagement objectives are included in the purpose paragraph. A. Recommendations that are generated in relationship to a specific engagement client. B. The risk assessment used in selecting the area for engagement investigation. C. The engagement objectives for a specific engagement client. D. The evaluations based on a preliminary survey of an engagement client.

B. The risk assessment used in selecting the area for engagement investigation. Internal auditors need to be skilled in oral and written communications so that they can clearly and effectively convey such matters as engagement objectives, evaluations, conclusions, and recommendations. The internal auditor's risk assessment is not specifically mentioned.

In deciding whether recorded sales are valid, which of the following items of information is most reliable? A. A memorandum from the director of the shipping department stating that another employee verified the personal delivery of the merchandise to the customer. B. The shipping document, independent bill of lading, and the invoice for the merchandise. C. Accounts receivable records showing cash collections from the customer. D. A copy of the customer's purchase order.

B. The shipping document, independent bill of lading, and the invoice for the merchandise. Reliable information is the best information attainable through the use of appropriate engagement techniques (Inter. Std. 2310). Information is ordinarily more reliable if it is obtained from a source independent of the client. The shipping document and invoice provide direct information that the sale was made, and the bill of lading is externally generated documentation that the merchandise was shipped.

How does stop-or-go attribute sampling differ from fixed-sample-size attribute sampling? A. Desired reliability does not have to be specified in advance B. Total expected sample size will always be smaller C. It cannot be used to determine the assessed level of control risk D. Nonsampling error is smaller

B. Total expected sample size will always be smaller The objective of stop-or-go sampling, sometimes called sequential sampling, is to reduce the sample size when the auditor believes the error rate in the population is low. Thus, total expected sample size is always lower for stop-or-go sampling.

One standard deviation corresponds to what approximate percentage of the area under a bell curve? A. 90% B. 95.5% C. 68% D. 34%

C. 68% A person selecting an item at random from a normally distributed population (one with a bell curve) can be 68% confident that the value of the item is within 1.0 standard deviation of the mean. Thus, that area under the curve corresponds to the 68% confidence level.

Fact Pattern: An excerpt from an engagement observation indicates that travel advances exceeded prescribed maximum amounts. Organizational policy provides travel funds to authorized employees for travel. Advances are not to exceed 45 days of anticipated expenses. Organizational procedures do not require justification for large travel advances. Employees can and do accumulate large, unneeded advances. The cause of the engagement observation is that A. Travel advances have not been cleared in timely manner. B. Organizational policy is to provide travel funds to authorized employees. C. Advance procedures do not require specific justification. D. Employees accumulate large travel advances.

C. Advance procedures do not require specific justification. The cause is the reason for the difference between the expected and actual condition. Thus, the cause provides the answer to the question "Why?" and should be the basis for corrective action. The cause of the observation is that advance procedures do not require specific justification.

The use of an analytical review to verify the correctness of various operating expenses would not be a preferred approach if A. Operations are relatively stable and have not changed much over the past year. B. Operating expenses vary in relation to other operating expenses, but not in relation to revenue. C. An auditor notes strong indicators of a specific fraud involving these accounts. D. An auditor would like to identify large, unusual, or non-recurring transactions during the year.

C. An auditor notes strong indicators of a specific fraud involving these accounts. Analytical auditing procedures assist internal auditors in identifying conditions that may require subsequent engagement procedures. Accordingly, if the auditor already suspects fraud involving operating expenses, a more directed audit approach is appropriate.

After partially completing an internal control review of the accounts payable department, an auditor suspects that some type of fraud has occurred. To ascertain whether the fraud is present, the best sampling approach is to use A. Judgmental sampling to select a sample of vouchers processed by clerks identified by the department manager as acting suspiciously. B. Probability-proportional-to-size sampling to select a sample of vouchers processed by the department during the past year. C. Discovery sampling to select a sample of vouchers processed by the department during the past year. D. Simple random sampling to select a sample of vouchers processed by the department during the past year.

C. Discovery sampling to select a sample of vouchers processed by the department during the past year. The purpose is to determine whether fraud has occurred rather than to estimate its overall frequency. Discovery sampling is a method designed specifically for this purpose. It is a form of attribute sampling used to identify critical deviations in a population. The occurrence rate is assumed to be 0%, and statistical evaluation of results is impossible if deviations are found. Thus, discovery sampling is only appropriate when one deviation is critical.

The Standards of The IIA apply to assurance services and consulting services performed by the internal audit activity (IAA). Which of the following is addressed only in a performance standard? A. Planning considerations B. Engagement objectives C. Engagement supervision D. Documentation

C. Engagement supervision Engagements must be properly supervised to ensure objectives are achieved, quality is assured, and staff is developed (Perf. Std. 2340).

Monetary-unit sampling (MUS) is most useful when the internal auditor A. Expects to find several material misstatements in the sample B. Is testing the accounts payable balance C. Is concerned with overstatements D. Cannot cumulatively arrange the population items

C. Is concerned with overstatements MUS, also called probability-proportional-to-size (PPS) sampling, is a modified version of attribute sampling that relates deviation rates to monetary amounts. It uses the monetary unit as the sampling unit. MUS is appropriate for testing account balances, such as those for inventory and receivables, in which some items may be far larger than others in the population. In effect, MUS stratifies the population because the larger account balances have a greater chance of being selected.

An internal auditor takes a photograph of the engagement client's workplace. The photograph is a form of what kind of information? A. Documentary B. Testimonial C. Physical D. Analytical

C. Physical Physical information results from the verification of the actual existence of things, activities, or individuals by observation, inspection, or count. It may take the form of photographs, maps, charts, or other depictions.

An auditor tested a population by examining 60 items selected judgmentally and found one error. The main limitation of the auditor's sample is the inability to A. Determine whether the sample is random B. Project the population's error rate C. Quantify sampling risk D. Quantify the acceptable error rate

C. Quantify sampling risk The limitation of all nonstatistical sampling techniques is the auditor's inability to quantify sampling risk. Based on past experience and intuition, the auditor may conclude that the sampling risk is acceptable, but the auditor is not able to quantify this risk.

An auditor applying a discovery-sampling plan with a 5% risk of overreliance may conclude that there is A. Greater than a 95% probability that the actual rate of occurrence in the population is less than the critical rate if no exceptions are found. B. A 95% probability that the actual rate of occurrence in the population is less than the critical rate if only one exception is found. C. A 95% probability that the actual rate of occurrence in the population is less than the critical rate if the occurrence rate in the sample is less than the critical rate. D. A 95% probability that the actual rate of occurrence in the population is less than the critical rate if no exceptions are found.

D. A 95% probability that the actual rate of occurrence in the population is less than the critical rate if no exceptions are found. Discovery sampling is a form of attribute sampling that is appropriate when even a single deviation would be critical. The sample size is calculated so that it will include at least one instance of a deviation if deviations occur in the population at a given rate. If no exceptions are found, the correct conclusion is that the probability is 95% that the occurrence rate is less than the critical rate.

Which type of workpaper summary is typically used to consolidate numerical data scattered among several schedules? A. Pyramid summaries B. Segment summaries C. Results summaries D. Statistical summaries

D. Statistical summaries Summarization of facts in the workpapers is a means of emphasizing important information, establishing perspective, providing an overview, aiding memory, training staff, facilitating supervisory review, and controlling engagements. By the use of indexing and cross-referencing, summaries may be used to relate different workpapers that concern a given point. A statistical summary condenses the related numerical information from engagement work programs.

Which of the following is a true statement comparing a horizontal flowchart with a vertical flowchart? A. A horizontal flowchart does not provide as broad a picture at a glance. B. A horizontal flowchart provides more room for written descriptions that parallel the symbols. C. A horizontal flowchart is usually longer. D. A horizontal flowchart brings into sharper focus the assignment of duties and independent checks on performance.

D. A horizontal flowchart brings into sharper focus the assignment of duties and independent checks on performance. A horizontal or systems flowchart depicts the functions or departments involved in a process successively from left to right. Thus, the steps performed by a function or department are presented in the same column. A vertical flowchart displays step-by-step processes effectively, but it does not delineate the system's components as well. By emphasizing the flow of processing between departments or people, a horizontal flowchart more clearly shows any inappropriate separation of duties and lack of independent checks on performance.

Which of the following is not a major purpose of an engagement communication? A. Get results B. Inform C. Persuade D. Assign responsibility

D. Assign responsibility According to Sawyer's Internal Auditing (5th ed., p. 689), "Internal auditors should seek to inform (tell what they found), persuade (convince management of the worth and validity of the audit findings), and get results (move management toward change and improvement)."

Reliable information is A. Supportive of the engagement observations and consistent with the engagement objectives. B. Helpful in assisting the organization in meeting prescribed goals. C. Factual, adequate, and convincing so that a prudent person would reach the same conclusion as the internal auditor. D. Competent and the best attainable through the use of appropriate engagement techniques.

D. Competent and the best attainable through the use of appropriate engagement techniques. Reliable information is the best attainable information through the use of appropriate engagement techniques (Inter. Std. 2310). An original document is the prime example of such information. NOT THESE BECAUSE A = Relevant information supports engagement observations and is consistent with engagement objectives. B = Useful information assists the organization in meeting goals. C = Sufficient information is factual, adequate, and convincing to a prudent person.

When engagement conclusions are challenged, the internal auditor's factual rebuttal is best facilitated by A. Summaries in the engagement work program. B. Pro forma workpapers. C. Explicit procedures in the engagement work program. D. Cross-referencing of the workpapers.

D. Cross-referencing of the workpapers. Each workpaper should have an index or reference number. Indexing permits cross-referencing, which simplifies supervisory review either during the engagement or subsequently by creating an information trail of related items through the workpapers. It thus facilitates preparation of the final engagement communication, later engagements involving the same client, internal and external quality assessments, and factual rebuttal of challenges by clearly identifying sources and locations of facts.

Management is legally required to prepare a shipping document for all movement of hazardous materials. The document must be filed with bills of lading. Management expects 100% compliance with the procedure. Which of the following sampling approaches is most appropriate? A. Targeted sampling B. Attribute sampling C. Variables sampling D. Discovery sampling

D. Discovery sampling Discovery sampling is a form of attribute sampling used to identify critical errors or irregularities, i.e., when the occurrence rate is assumed to be 0%.

The internal auditor for a construction contractor finds materials costs increasing as a percentage of billings and suspects that materials billed to the organization are being delivered to another contractor. What type of information will best enable the internal auditor to determine whether erroneous billings occurred? A. Physical examination B. Analytical C. Confirmation D. Documentary

D. Documentary Documentary information exists in some permanent form, such as checks, invoices, shipping records, receiving reports, and purchase orders. It includes both external information, e.g., shipping documents provided by carriers, and documents originating within the engagement client's organization. By matching invoices received from vendors with receiving documents prepared by organizational personnel, the nonreceipt of items billed to the organization can be detected. Also, the invoices received may well indicate that delivery was made to an address other than the organization's storage area or a construction site.

What computer-assisted audit technique (CAAT) would an auditor use to identify a fictitious or terminated employee? A. Parallel simulation of payroll calculations. B. Recalculations of net pay. C. Tagging and tracing of payroll tax-rate changes. D. Exception testing for payroll deductions.

D. Exception testing for payroll deductions. Exception testing for payroll deductions is a type of CAAT that can identify employees who have no deductions. Fictitious or terminated employees generally do not have deductions.

In selecting a sample of items for attributes testing, an auditor must consider the confidence level factor, the desired precision, and the A. Recorded monetary amount of the population. B. Sampling interval. C. Standard deviation in the population. D. Expected occurrence rate.

D. Expected occurrence rate. The expected occurrence rate, also called the expected deviation rate, is one of the three necessary factors in determining sample size for an attribute test.

An internal auditor interviewed client personnel and obtained an understanding of the auditee department's operations. The auditor then performed testwork. The auditor's presentation of the results of the testwork will usually take the form of a A. Recommendation B. Meeting with senior management C. Conclusion D. Finding

D. Finding A finding (observation) is a relevant statement of fact about the results of audit testwork without interpretation or commentary.

The most appropriate methodology for drawing a sample from 3,000 time cards to check for signatures would be A. Variables sampling B. Stratified sampling C. Cluster sampling D. Interval sampling

D. Interval sampling Systematic (interval) sampling is accomplished by selecting a random start and taking every nth item in the population, if n is the sampling interval, computed by dividing the population by the size of the sample. The random start should be within the first interval. A systematic sampling plan assumes the items are arranged randomly in the population. If the auditor discovers that this is not true, a random selection method should be used. The population of time cards may be in random order.

Internal auditors need to consider protection of personally identifiable information obtained during an audit. Applicable laws most likely A. Require personal information to be encrypted when recorded and stored in digital form. B. Do not establish requirements for an organization to implement privacy controls. C. Permit personal information to be used for any purpose if disclosure of a purpose was made at collection. D. May prohibit recording personal information in engagement records in some cases.

D. May prohibit recording personal information in engagement records in some cases. Accessing, retrieving, reviewing, manipulating, or using personal information in conducting certain engagements may be inappropriate or illegal. If the internal auditor accesses personal information, procedures may be necessary to safeguard this information. For example, the internal auditor may not record personal information in engagement records in some situations.

Privacy of space is best defined as freedom from A. Disclosure of personal information by others. B. Invasion of physical privacy. C. Monitoring of communications. D. Surveillance

D. Surveillance Protection of personal information prevents such negative organizational consequences as legal liability and loss of reputation. The following are various definitions of privacy: (1) personal privacy (physical and psychological), (2) privacy of space (freedom from surveillance), (3) privacy of communication (freedom from monitoring), and (4) privacy of information (collection, use, and disclosure of personal information by others).

The auditor wishes to sample the perpetual inventory records to develop an estimate of the monetary amount of misstatement, if any, in the account balance. The account balance is made up of a large number of small-value items and a small number of large-value items. The auditor has decided to audit all items over US $50,000 plus a random selection of others. This audit decision is made because the auditor expects to find a large amount of errors in the perpetual inventory records but is not sure that it will be enough to justify taking a complete physical inventory. The auditor expects the errors to vary directly with the value recorded in the perpetual records. The most efficient sampling procedure to accomplish the auditor's objectives is A. Stratified mean-per-unit sampling. B. Attribute sampling. C. Monetary-unit sampling. D. Ratio estimation.

D. Ratio estimation. Ratio estimation estimates the population misstatement by multiplying the recorded amount of the population by the ratio of the total audit amount of the sample to its total recorded amount. It is reliable and efficient when small errors predominate and are not skewed. Thus, ratio estimation should be used in this situation because the auditor is not sampling the very large items and the errors are not skewed (they vary directly with the size of the recorded values). IF ERRORS ARE KNOWN, PROBS NEED TO USE RATIO

An internal auditor is planning to use monetary-unit sampling for testing the monetary value of a large accounts receivable population. The advantages of using monetary-unit sampling (MUS) include all of the following except that it A. Does not require the normal distribution approximation required by variables sampling. B. Can be applied to a group of accounts because the sampling units are homogenous. C. Is an efficient model for establishing that a low error rate population is not materially misstated. D. Results in a smaller sample size than classical variables sampling for larger numbers of misstatements.

D. Results in a smaller sample size than classical variables sampling for larger numbers of misstatements. MUS, also called probability-proportional-to-size (PPS) sampling, is a modified version of attribute sampling that relates deviation rates to monetary amounts. It uses a monetary unit as the sampling unit. In effect, MUS stratifies the population because the larger account balances have a greater chance of being selected. However, as the number of expected misstatements increases, MUS requires a larger sample size than classical variables sampling.

A letter to the internal auditor in response to an inquiry is an example of which type of information? A. Analytical B. Physical C. Documentary D. Testimonial

D. Testimonial Information may consist of authoritative documentation, calculations by the internal auditor, internal control, interrelationships among the data, physical existence, subsequent events, subsidiary records, and testimony by stakeholders. Oral or written statements (e.g., letters to the internal auditor) derived from inquiries or interviews are testimonial information.

An auditor is using the mean-per-unit method of variables sampling to estimate the correct total value of a group of inventory items. Based on the sample, the auditor estimates, with precision of ±4% and confidence of 90%, that the correct total is US $800,000. Accordingly, A. There is a 4% chance that the actual correct total is less than US $720,000 or more than US $880,000. B. The probability that the inventory is not significantly overstated is between 6% and 14%. C. The inventory is not likely to be overstated by more than 4.4% (US $35,200) or understated by more than 3.6% (US $28,800). D. The chance that the actual correct total is less than US $768,000 or more than US $832,000 is 10%.

D. The chance that the actual correct total is less than US $768,000 or more than US $832,000 is 10%. A 90% confidence level implies that 10% of the time the true population total will be outside the computed range. Precision of ±4% gives the boundaries of the computed range: US $800,000 × 4% = US $32,000. Hence, the range is US $768,000 to US $832,000.

The standard error of a sample reflects A. The average rate of error in the sample B. The projected population error based on error in the sample C. The error in the population that the auditor can accept D. The degree of variation in sample items

D. The degree of variation in sample items The standard error of the sample enables the auditor to assess the precision (confidence interval) used to describe the population. The greater the standard error, the higher the precision the auditor must use.

Systematic selection can be expected to produce a representative sample when A. Random number tables are used to determine the items included in the sample. B. The sample is determined using multiple random starts and includes more items than required. C. Judgmental sampling is used by the auditor to offset any sampling bias. D. The population is arranged randomly with respect to the audit objective.

D. The population is arranged randomly with respect to the audit objective. A sample selected using a systematic sampling procedure and a random start will behave as if it were a random sample when the population is randomly ordered with respect to the audit objective. Sampling bias due to systematic selection will be small when the population items are not arranged in a pattern.

During discussions with senior management, the chief audit executive identified several strategic business issues to consider in preparing the annual audit work schedule. Which of the following does not represent a strategic issue for this purpose? A. A monthly budgeting process will be implemented. B. An international marketing campaign will be started to develop product recognition and also to leverage the new organization-based advertising department. C. Joint-venture candidates will be sought to provide manufacturing and sourcing capabilities in European and Asian markets. D. A human resources database will be established to ensure consistent administration of policies and to improve data retention.This answer is incorrect.Establishing a human resources database is a strategic issue. The assumptions and ongoing activities related to a human resources database will require consideration in the planning of the internal audit activity.

A. A monthly budgeting process will be implemented. Implementing a monthly budgeting process is an operating decision, not a strategic decision. (It does, however, involve a major change in operations.)

An organization is considering purchasing a small toxic waste disposal business. The internal auditors are part of the team doing a due diligence review for the acquisition. The scope of the internal auditors' work will most likely not include A. An evaluation of the merit of lawsuits currently filed against the acquiree. B. A review of the acquiree's procedures for acceptance of waste material and comparison with legal requirements. C. Assessment of the efficiency of the operations of the acquiree. D. Analysis of the acquiree's compliance with, and disclosure of, loan covenants.

A. An evaluation of the merit of lawsuits currently filed against the acquiree. An evaluation of the merit of lawsuits requires legal expertise.

Audit committees have been identified as a major factor in promoting the independence of both internal and external auditors. Which of the following is the most important limitation on the effectiveness of audit committees? A. Audit committees may be composed of independent directors. However, those directors may have close personal and professional friendships with management. B. Audit committee members are compensated by the organization and thus favor an owner's view. C. Audit committee members do not normally have degrees in the accounting or auditing fields. D. Audit committees devote most of their efforts to external audit concerns and do not pay much attention to the internal audit activity and the overall control environment.

A. Audit committees may be composed of independent directors. However, those directors may have close personal and professional friendships with management. The audit committee is a subcommittee made up of outside directors who are independent of management. Its purpose is to help keep external and internal auditors independent of management and to ensure that the directors are exercising due care. However, if independence is impaired by personal and professional friendships, the effectiveness of the audit committee may be limited.

Which of the following activities represents the greatest risk to a post-merger manufacturing organization and is therefore most likely to be the subject of an internal audit engagement? A. Combining purchasing functions. B. Combining legal functions. C. Combining imprest funds. D. Combining marketing functions.

A. Combining purchasing functions. The financial exposure in the purchasing function is ordinarily greater than in, for example, the legal and marketing functions. Also, purchasing functions ordinarily represent the greatest exposure to loss of the items listed and are therefore most likely to be evaluated. After a merger, risk is heightened because of the difficulty of combining the systems of the two organizations. Thus, the likelihood of an engagement is increased.

A chief audit executive's performance report should A. Compare engagements completed with engagements planned. B. List the material engagement observations of major engagements. C. Report the weekly activities of the individual internal auditors. D. List uncorrected reported conditions.

A. Compare engagements completed with engagements planned. The CAE must report periodically to senior management and the board on the internal audit activity's purpose, authority, responsibility, and performance relative to its plan and on conformance with the Code of Ethics and the Standards (Perf. Std. 2060). Therefore, the performance report should compare engagements completed with engagements planned.

Monitoring is an important component of internal control. Which of the following items would not be an example of monitoring? A. Data processing management regularly reconciles batch control totals for items processed with batch controls for items submitted. B. Management has asked internal auditing to perform regular audits of the controls over cash processing. C. Management regularly compares divisional performance with budgets for the division. D. Data processing management regularly generates exception reports for unusual transactions or volumes of transactions and follows up with investigation as to causes.

A. Data processing management regularly reconciles batch control totals for items processed with batch controls for items submitted. Monitoring assesses the quality of internal control over time. Management considers whether internal control is properly designed and operating as intended and modifies it to reflect changing conditions. Reconciling batch control totals is a processing control over a single instance of accounting activity.

As part of planning an engagement, the internal auditor in charge does all of the following except A. Determine to whom engagement results will be communicated. B. Conduct meetings with management responsible for the activity under review. C. Determine the period covered. D. Distribute reports from meetings with management.

A. Determine to whom engagement results will be communicated. The CAE determines how, when, and to whom engagement results will be communicated.

As a means of controlling projects and avoiding time-budget overruns, decisions to revise time budgets for an engagement should normally be made A. Immediately after the survey. B. Immediately after expanding tests to establish reliability of observations. C. When inexperienced staff are assigned to an engagement. D. When a significant risk exposure has been substantiated.

A. Immediately after the survey. If appropriate, a survey should be conducted to (1) become familiar with the activities, risks, and controls to identify areas for engagement emphasis and (2) invite comments and suggestions from engagement clients. This survey may lead to a determination that activities other than or in addition to those contemplated by the long-range engagement work schedule are necessary. Consequently, revision of the time budget may then be indicated.

Which statement about consulting engagements is true? A. Internal auditors keep senior management and the board informed about how audit resources are being deployed. B. The internal audit activity may assume management responsibility to the extent agreed upon with the client. C. Documentation requirements applicable to assurance engagements apply to consulting engagements. D. Work programs for formal consulting engagements address policies and issues related to ownership of consulting engagement records to protect the organization and avoid any potential misunderstandings.

A. Internal auditors keep senior management and the board informed about how audit resources are being deployed. Internal auditors disclose to management, the board, or other governing body of the organization the nature, extent, and overall results of formal consulting engagements along with other reports of internal audit activities. Internal auditors keep senior management and the board informed about how audit resources are being deployed. Neither detail reports of these consulting engagements nor the specific results and recommendations are required to be communicated.

An internal auditor performed a formal consulting engagement for XYZ Corporation on June 1, Year 1. When is the earliest time the auditor can perform assurance services for XYZ Corporation and be considered independent and objective? A. June 1, Year 2. B. June 2, Year 1. C. July 1, Year 1. D. January 1, Year 2.

A. June 1, Year 2. Independence and objectivity may be impaired if assurance services are provided within 1 year after a formal consulting engagement. Steps can be taken to minimize the effects of impairment by assigning different auditors to perform each of the services, establishing independent management and supervision, defining separate accountability for the results of the projects, and disclosing the presumed impairment.

Although all the current members of an internal audit activity have good records of performance, the manager is not sure if any of the members are ready to assume a management role. Which of the following is an advantage of bringing in an outsider rather than promoting from within? A. Management training costs are reduced when a qualified outsider is hired. B. The manager can be sure that the new position will be filled by a competent employee. C. The "modeling" effect is strengthened by bringing in a new role model. D. Bringing in an outsider is a less expensive alternative than promoting from within.

A. Management training costs are reduced when a qualified outsider is hired. Hiring an experienced manager reduces management training costs because the person has already been trained.

An engagement to review payroll is least likely to include A. Observing the physical distribution of paychecks. B. Tests of computations for gross and net wages. C. Comparison of payroll costs to budget. D. Tracing a sample of employee names to employment records in the personnel department.

A. Observing the physical distribution of paychecks. Most organizations large enough to have an internal audit activity do not physically distribute paychecks on a regular basis. Moreover, observing the physical distribution of paychecks is usually regarded as an extended procedure most applicable to fraud engagements.

The chief audit executive was reviewing recent reports that had recommended additional engagements because of risk exposures to the organization. Which of the following represents the greatest risk and should be the next assignment? A. Payment had been made for routine inventory items without a purchase order or receiving report. B. Several times cash receipts had been held over an extra day before depositing. C. There were several purchase orders issued without purchase requisitions. D. Three prenumbered receiving reports were missing.

A. Payment had been made for routine inventory items without a purchase order or receiving report. Payment vouchers for merchandise should be supported by (1) a properly authorized purchase requisition, (2) a purchase order executing the transaction, (3) a receiving report indicating all goods ordered have been received in good condition, and (4) a vendor invoice confirming the amount owed. Lack of such support for cash payments suggests a high risk of fraud.

To avoid creating conflict between the chief executive officer (CEO) and the audit committee, the chief audit executive (CAE) should A. Request board establishment of policies covering the internal audit activity's relationships with the audit committee. B. Discuss all pending engagement communications to the CEO with the audit committee. C. Strengthen independence through organizational status. D. Submit copies of all engagement communications to the CEO and audit committee.

A. Request board establishment of policies covering the internal audit activity's relationships with the audit committee. Independence is not sufficient to prevent conflict unless reporting relationships are well defined.

Which of the following is not an engagement objective related to the purchasing function? A. Run background checks on unauthorized vendors. B. Determine whether goods received are properly reflected in purchasing records. C. Determine whether purchases eligible for competitive bids are properly reviewed and authorized. D. Determine whether receiving reports are independently verified.

A. Run background checks on unauthorized vendors. Engagement objectives are "broad statements developed by internal auditors that define intended engagement accomplishments" (The IIA Glossary). Thus, engagement objectives may be stated in various ways, but it should be clear what assurance is provided. Running background checks is an engagement procedure, not an engagement objective. The related objective is to determine whether vendors are authorized in accordance with management criteria.

The auditor used a questionnaire during interviews to gather information about the nature of claims processing. Unfortunately, the questionnaire did not cover a number of pieces of information offered by the person being interviewed. Consequently, the auditor did not document the potential problems for further audit investigation. The primary deficiency with the process is that A. The auditor failed to consider the importance of the information offered. B. A questionnaire was used in a situation in which a structured interview should have been used. C. Questionnaires do not allow for opportunities to document other information. D. All of the answers are correct.

A. The auditor failed to consider the importance of the information offered. The major problem is that the auditor was too oriented to the questionnaire and failed to give appropriate consideration to the other information offered. Questionnaires are limited, and the auditor needs to be flexible enough to gather other information when it is offered.

After the chief audit executive receives approval from the board to offer consulting services, what should be done? A. The internal audit charter should be amended B. The CAE should get approval from the internal auditors C. The board should develop appropriate policies and procedures for conducting such engagements D. The CAE should begin performing consulting services

A. The internal audit charter should be amended The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter (Attr. Std. 1000). The nature of consulting services must be defined in the internal audit charter (Impl. Std. 1000.C1).

In reviewing a unit-price construction contract for a new catalog showroom, the internal auditor should be cognizant of the risk that A. The man-hours used to complete the project are overstated. B. Payroll taxes may have been inappropriately omitted from billings. C. Income taxes related to construction equipment depreciation may have been calculated erroneously. D. The contractor could be charging for the use of equipment not used in the construction.

A. The man-hours used to complete the project are overstated. Under unit-price contracts, the price of the project is determined using a measure of work. The disadvantage of this arrangement is that the contractor may be tempted to overstate the measure of work used to compute the cost of the project. In this case, the measure of work could be man-hours needed to complete the project. Consequently, internal auditors should be involved in monitoring economy and efficiency not only during the earliest phases of construction but also from the beginning of the planning process.

An auditor assesses control risk because it A. Is relevant to the auditor's understanding of the control environment. B. Affects the level of detection risk that the auditor may accept. C. Provides assurance that the auditor's materiality levels are appropriate. D. Indicates to the auditor where inherent risk may be the greatest.

B. Affects the level of detection risk that the auditor may accept. Inherent risk and control risk exist independently of the engagement and must be assessed by the auditor, who then sets detection risk in response.

Which of the following best describes an internal auditor's initial responsibility regarding errors uncovered during a financial statement audit? A. Report the material errors B. Assess the risk of misrepresentation C. Inform the audit committee D. Discuss the situation with the engagement client

B. Assess the risk of misrepresentation The internal auditor's initial responsibility when discovering errors is to assess the risk of misrepresentation. Only errors having a material effect on the financial statements must be reported to the client and audit committee.

An internal audit activity is often requested to coordinate its work with that of the external auditors. Which of the following activities is most likely to be restricted to the external auditor? A. Reviewing the system established to ensure compliance with laws, regulations, and contracts. B. Attesting to the fairness of presentation of cash position. C. Evaluating the system of controls over cash collections and similar transactions. D. Evaluating the adequacy of the organization's overall system of internal controls.

B. Attesting to the fairness of presentation of cash position. Professional standards place sole responsibility for the attest function on the external auditors. Only the external auditors have the necessary independence to permit the provision of assurance to external parties. Unlike circumstances in which the external auditors use the work of other independent auditors, the responsibility cannot be shared with the internal auditors.

One remote unit's petty cash custodian, because of the small staff, also had responsibility for the imprest fund checking account reconciliation. The cashier concealed a diversion of funds by altering the beginning balance on the monthly reconciliations sent to the group office. A possible engagement procedure to detect this fraud is to A. Determine whether any employees have high personal debt. B. Compare monthly balances and use change and trend analysis. C. Require additional monitoring by headquarters whenever improper segregation of duties exists at remote units. D. Determine whether any employees are leading expensive lifestyles.

B. Compare monthly balances and use change and trend analysis. Comparing the beginning balance one month with the ending balance of the prior month is a means of uncovering this fraud. Applying analytical procedures is also a way to detect the diversion of funds. It will isolate unexpected and unexplained fluctuations. NOT C CUZ: Requiring additional monitoring whenever improper segregation of duties exists is not always possible or desirable and is not necessarily cost justified.

An internal auditor is considering whether the amount of cash is accurately recorded on the financial statements. All of the following are appropriate engagement procedures for the objective except A. Examining bank reconciliations and confirming bank balances. B. Comparing cash receipt lists with the receipts journal and bank deposit slips. C. Verifying cutoff of receipts and disbursements. D. Adding totals of reconciliations and comparing with cash account balances.

B. Comparing cash receipt lists with the receipts journal and bank deposit slips. Comparing cash receipt lists with the receipts journal and bank deposit slips is an appropriate engagement procedure relevant to the objective of safeguarding cash receipts. But it does not provide evidence of accuracy.

In which of the following arrangements should an internal auditor be most concerned about the lack of an incentive for economy and efficiency? A. Unit-price contract. B. Cost-plus contract. C. Source code escrow clause. D. Fixed-price contract.

B. Cost-plus contract. Cost-plus contracts are ways to cope with uncertainties about costs by setting a price equal to (1) cost plus a fixed amount or (2) cost plus a fixed percentage of cost. A problem is that the contractor may have little incentive for economy and efficiency, a reason for careful review by the internal auditors. These contracts may have provisions for (1) maximum costs, with any savings shared by the parties, or (2) incentives for early completion.

An auditor is conducting a review of an organization's balanced scorecard. The organization's main objective is to increase market share by 7% in the coming year. Management diverted 5% of the operating budget from the customer service department to the research and development department to increase product innovation. Management had predicted that increased product innovation would increase market share. However, market share did not increase substantially in the first quarter. Which measure should the auditor review as a result of the failure to increase market share? A. Product innovation. B. Customer satisfaction. C. Employee development. D. Market share.

B. Customer satisfaction. The balanced scorecard approach uses multiple measures of performance to determine whether a manager is achieving certain objectives at the expense of others that may be equally or more important. For example, an improvement in product innovation at the expense of customer satisfaction would be apparent using this approach. The scorecard is a goal congruence tool that informs managers about the nonfinancial factors that top management believes to be important. Measures may be financial or nonfinancial, internal or external, and short term or long term. A typical scorecard includes measures in four categories: (1) financial; (2) customer; (3) internal; and (4) learning, growth, and innovation. Key results in customer satisfaction help predict future sales. The effect of diverting funds from the customer service department can be analyzed by reviewing any changes affecting customer satisfaction on the performance scorecard.

Monitoring is an important component of internal control. Which of the following items would not be an example of monitoring? A. Data processing management regularly generates exception reports for unusual transactions or volumes of transactions and follows up with investigation as to causes. B. Data processing management regularly reconciles batch control totals for items processed with batch controls for items submitted. C. Management has asked internal auditing to perform regular audits of the controls over cash processing. D. Management regularly compares divisional performance with budgets for the division.

B. Data processing management regularly reconciles batch control totals for items processed with batch controls for items submitted. Monitoring assesses the quality of internal control over time. Management considers whether internal control is properly designed and operating as intended and modifies it to reflect changing conditions. Reconciling batch control totals is a processing control over a single instance of accounting activity.

Fact Pattern:A certified internal auditor is the chief audit executive for a large city and is planning the engagement work schedule for the next year. The city has a number of different funds, some that are restricted in use by government grants and some that require compliance reports to the government. One of the programs for which the city has received a grant is job retraining and placement. The grant specifies certain conditions a participant in the program must meet to be eligible for the funding. The internal auditors must determine the applicable laws and regulations. Which of the following procedures is the least effective in learning about the applicable laws and regulations? A. Review prior-year working papers and inquire of officials as to changes. B. Discuss the matter with the board and make inquiries as to the nature of the requirements and the board's objectives for the engagement. C. Make inquiries of the city's chief financial officer, legal counsel, or grant administrators. D. Review applicable grant agreements.

B. Discuss the matter with the board and make inquiries as to the nature of the requirements and the board's objectives for the engagement. Discussing the matter with the board would not be helpful. The members are not likely to know the applicable laws and regulations. The board's oversight activities do not provide specific expertise needed to help the internal auditors understand the applicable laws and regulations.

The internal audit activity has recently experienced the departure of two internal auditors who cannot be immediately replaced due to budget constraints. Which of the following is the least desirable option for efficiently completing future engagements, given this reduction in resources? A. Using self-assessment questionnaires to address audit objectives. B. Eliminating consulting engagements from the engagement work schedule. C. Filling vacancies with personnel from operating departments that are not being audited. D. Employing information technology in audit planning, sampling, and documentation.

B. Eliminating consulting engagements from the engagement work schedule. The chief audit executive must ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan (Perf. Std. 2030). The audit schedule is reduced as a last resort once all other alternatives have been explored, including the request for additional resources.

Which of the following factors is least likely to be considered in determining the audit work schedule? A. The effectiveness of risk management and control processes. B. Engagement work programs. C. Issues relating to organizational governance. D. Workload requirements.

B. Engagement work programs. Development of work programs occurs during the planning phase of an individual engagement.

Several members of an organization's senior management have questioned whether the internal audit activity should report to the newly established quality audit function as part of the total quality management process within the organization. The chief audit executive (CAE) has reviewed the quality audit standards and the programs that the quality audit manager has proposed. The CAE's response to senior management should include which of the following? A. Changing the applicable standards for internal auditing within the organization to provide compliance with quality audit standards. B. Identifying appropriate liaison activities with the quality audit function to ensure coordination of audit schedules and overall audit responsibilities. C. Estimating departmental cost savings that would result from the elimination of the internal audit activity. D. Changing the qualification requirements for new staff members to include quality audit experience.

B. Identifying appropriate liaison activities with the quality audit function to ensure coordination of audit schedules and overall audit responsibilities. The CAE should share information, coordinate activities, and consider relying upon the work of other internal and external assurance and consulting providers to ensure proper coverage and minimize duplication of efforts (Perf. Std. 2050). The quality audit function is an internal assurance and consulting provider. Thus, whether reporting administratively to the quality audit function or to senior management, the CAE should identify appropriate liaison activities with the quality audit function to ensure coordination of audit schedules and overall audit responsibilities.

Which of the following actions is an appropriate response by organizations wishing to improve the public's perception of their financial reporting? A. Viewing internal auditing as a transient profession—a stepping stone to managerial positions. B. Increased adoption of audit committees composed of outside directors. C. Requiring internal auditors to report all significant observations of illegal activity to the chief executive officer. D. Keeping external and internal auditing work separated to maintain independence.

B. Increased adoption of audit committees composed of outside directors. The audit committee consists of outside directors who are independent of management. Its purpose is to help keep external and internal auditors independent of management and to assure that the directors are exercising due care. This committee (1) selects the external auditors; (2) reviews their overall audit plan; (3) examines the results of external and internal auditing engagements; (4) meets regularly with the CAE; and (5) reviews the internal audit activity's engagement work schedule, staffing plan, and financial budget. These functions should increase public confidence that financial statements are fairly presented.

A measurement of the reduction in employee turnover is reported in which of the categories of a balanced scorecard? A. Internal B. Learning, growth, and innovation C. Financial D. Customer

B. Learning, growth, and innovation Employee turnover most likely is included in the learning, growth, and innovation category. These measures are the basis for future success and include people and infrastructure.

Which of the following statements is false regarding the administration of the internal audit activity? A. Selection criteria for hiring internal auditors should be well-developed. B. Management oversees the day-to-day operations of the internal audit activity. C. The audit committee is responsible for creating the operating and financial budget for the internal audit function. D.

B. Management oversees the day-to-day operations of the internal audit activity. Budgeting is included in the administrative activities of the internal audit activity. The CAE, not the audit committee, is responsible for creating the operating and financial budget for the internal audit function. Generally, the CAE, audit managers, and the internal audit activity work together to develop the budget annually. The budget is then submitted to management and the board for their review and approval.

Is Action 5 inappropriate? To save time, the CAE no longer required that a standard internal control questionnaire be completed for each engagement. A. No. Internal auditors may omit necessary procedures if there is a time constraint. It is a matter of professional judgment. B. No. Internal auditors are not required to fill out internal control questionnaires on every engagement. C. Yes. Internal control should be evaluated on every engagement, and the internal control questionnaire is the most efficient method to do so. D. Yes. Internal control should be evaluated on every engagement, but the internal control questionnaire is not the mandated approach to evaluate the controls.

B. No. Internal auditors are not required to fill out internal control questionnaires on every engagement. The internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement (Perf. Std. 2130). However, internal auditors are not required to fill out standard internal control questionnaires. The information documented in questionnaires may be found in other working papers, such as flowcharts, checklists, and narratives.

A city operates a job retraining program funded by a governmental agency that requires periodic reports on the program's effectiveness. The internal auditors randomly select participants in the job retraining program for the past year to determine how many have retained a job. This type of engagement relates to A. Economy and efficiency. B. Program results. C. Compliance. D. Operational effectiveness.

B. Program results. Internal auditors may conduct an operational audit to assess the efficiency and effectiveness of an organization's operations. A program-results engagement attempts to measure accomplishments and relative success of the program.

A subsidiary president terminated a controller and hired a replacement without the required organizational approvals. Sales, cash flow, and profit statistics were then manipulated by the new controller and president via accelerated depreciation and sale of capital assets to obtain larger performance bonuses for the controller and the subsidiary president. An approach that might detect this fraudulent activity is A. Periodic changes of outside public accountants. B. Regular analytical review of operating divisions. C. Analysis of overall management control for segregation of duties. D. Required exit interviews for all terminated employees.

B. Regular analytical review of operating divisions. Analytical procedures permit evaluations of financial information made by a study and comparison of the relationships among data. The premise is that certain relationships prevail in the absence of known conditions to the contrary. Analytical procedures identify such things as the existence of unusual transactions and events and amounts, ratios, and trends that might indicate matters that have financial statement ramifications. Deviations from expectations should be investigated and the reasons therefore determined.

To avoid creating conflict between the chief executive officer (CEO) and the audit committee, the chief audit executive (CAE) should A. Strengthen independence through organizational status. B. Request board establishment of policies covering the internal audit activity's relationships with the audit committee. C. Submit copies of all engagement communications to the CEO and audit committee. D. Discuss all pending engagement communications to the CEO with the audit committee.

B. Request board establishment of policies covering the internal audit activity's relationships with the audit committee. Independence is not sufficient to prevent conflict unless reporting relationships are well defined.

Which of the following procedures would provide the best evidence of the effectiveness of a credit-granting function? A. Ask the credit manager about the effectiveness of the function. B. Review the trend in receivables write-offs. C. Observe the process. D. Check for evidence of credit approval on a sample of customer orders.

B. Review the trend in receivables write-offs. The purpose of the credit-granting function is to minimize write-offs while accepting sales likely to result in collection. Trend (time-series) analysis is an analytical procedure that relies on experience, i.e., the change in a variable over time. Thus, reviewing the trend in write-offs will provide some insight concerning the minimization of write-offs.

One of the primary roles of an engagement work program is to A. Provide for a standardized approach to the engagement. B. Serve as a tool for planning and conducting engagement work. C. Assess the risks associated with the activity under review. D. Document an internal auditor's evaluations of controls.

B. Serve as a tool for planning and conducting engagement work. Among other things, work programs state the objectives of the engagement, identify technical requirements, and state the nature, extent, and timing of testing required.

Which of the following is the most important provision for an internal auditor to recommend for inclusion in a contract for the purchase of a business application system from a small start-up company? A. Copyright clause. B. Source code escrow clause. C. Limitation-of-liabilities clause. D. Right-to-audit clause.

B. Source code escrow clause. A source code escrow clause requires the application source code to be held in escrow by a trusted third party. The third party releases the source code to the purchaser, or licensee, on the occurrence of an event, or events, specified in the clause.

Which of the following is not ordinarily considered an essential criterion for developing engagement work programs? A. Specificity as to the controls to be tested. B. Specificity as to the methodology to be used for the engagement procedures. C. Description of the objectives of the engagement client operation to be evaluated. D. Specificity as to procedures to be followed.

B. Specificity as to the methodology to be used for the engagement procedures. Work programs are a necessary part of engagement planning. They consist of the specific work steps required for the engagement, but they must allow for some flexibility. Thus, they may be modified, provided that adjustments are approved promptly.

In the preparation of an engagement work program, which of the following items is least essential? A. A review of criteria established by management to determine whether operating goals and objectives have been accomplished. B. The preparation of a budget identifying the costs of resources needed. C. A review of material from prior engagement communications. D. The performance of a preliminary risk assessment.

B. The preparation of a budget identifying the costs of resources needed. Internal auditors must determine appropriate and sufficient resources to achieve engagement objectives based on an evaluation of the nature and complexity of each engagement, time constraints, and available resources (Perf. Std. 2230). Thus, it is implicit that the work program state the resources necessary to carry out the detailed tasks specified. However, quantification of costs is not essential to writing the work program.

In the AICPA's audit risk model, which of the following is a definition of control risk? A. The risk that the auditor's assessment of internal controls will be at less than the maximum level. B. The risk that a material misstatement will not be prevented or detected on a timely basis by the client's internal controls. C. The susceptibility of material misstatement assuming there are no related internal control policies or procedures. D. The risk that the auditor will not detect a material misstatement.

B. The risk that a material misstatement will not be prevented or detected on a timely basis by the client's internal controls. Control risk is the risk that internal control will not prevent or detect on a timely basis a material misstatement that could occur in a relevant assertion. The risk that the auditor will not detect a material misstatement. = DETECTION RISK

Which of the following is true of benchmarking? A. Benchmarking can be performed by using only qualitative comparisons. B. Benchmarking is typically accomplished by comparing an organization's performance with the performance of its closest competitors. C. Benchmarking is accomplished by comparing an organization's performance to that of the best-performing organizations. D. Benchmarking is normally limited to manufacturing operations and production processes.

C. Benchmarking is accomplished by comparing an organization's performance to that of the best-performing organizations. Benchmarking is one of the primary tools used in the implementation of a total quality management approach. It is a means of helping organizations with productivity management and business process review. It is therefore a source of consulting engagements for the internal auditors. Benchmarking is a continuous evaluation of the practices of the best organizations in their class and the adaptation of processes to reflect the best of these practices. It entails analysis and measurement of key outputs against those of the best organizations. This procedure also involves identifying the underlying key actions and causes that contribute to the performance difference. Benchmarking is an ongoing process that entails quantitative and qualitative measurement of the difference between the organization's performance of an activity and the performance by the best in the world. The benchmark organization need not be a competitor.

In managing internal audit resources, the CAE considers all of the following except A. Resourcing needs. B. Staff evaluation and development. C. Benchmarking. D. Succession planning.

C. Benchmarking. Benchmarking is a continuous evaluation of the practices of the best organizations in their class and the adaptation of processes to reflect the best of these practices. It is not used in managing internal audit resources. In managing internal audit resources, the CAE considers succession planning, staff evaluation and development, and other human resource disciplines. The CAE also addresses resourcing needs, including whether those skills are present in the internal audit staff.

Management is evaluating the need for an environmental audit program. Which one of the following should not be included as an overall program objective? A. Evaluate waste minimization opportunities.This answer is incorrect.An objective in a pollution prevention audit is to evaluate waste minimization opportunities. B. Verify organizational compliance with all environmental laws C. Conduct site assessments at all waste-producing facilities. D. Ensure management systems are adequate to minimize future environmental risks.

C. Conduct site assessments at all waste-producing facilities. Site assessment is a procedure, not an objective.

Engagement information is usually considered relevant when it is A. Factual, adequate, and convincing. B. Derived through valid statistical sampling. C. Consistent with the engagement objectives. D. Objective and unbiased.

C. Consistent with the engagement objectives.

The internal auditor reviewed documentation showing that a customer had recently returned three expensive products to the regional service center for warranty replacement. The documentation also showed that the warranty clerk had rejected the claim and sent it to the customer's local distributor. The claim was rejected because the serial numbers listed in the warranty claim were not found in the computer's sales history file. Subsequently, the distributor supplied three different serial numbers, all of which were validated by the computer system, and the clerk completed the warranty claim for replacements. What is the best course of action for the internal auditor under the circumstances? A. Summarize this item along with other valid transactions in the internal auditor's test of warranty transactions. B. Notify the appropriate authorities within the organization that there are sufficient indicators that a fraud has been committed. C. Determine if the original serial numbers provided by the customer can be traced to other records, such as production and inventory records. D. Verify with the appropriate supervisor that the warranty clerk had followed relevant procedures in the processing and disposition of this claim.

C. Determine if the original serial numbers provided by the customer can be traced to other records, such as production and inventory records. The internal auditor should determine whether the related equipment was actually reported in a sales transaction. This procedure allows the auditor to draw preliminary conclusions as to whether this is a case of error or of fraud.

Which of the following audit committee activities is of the greatest benefit to the internal audit activity? A. Assurance that the external auditor will rely on the work of the internal audit activity whenever possible. B. Review and endorsement of all internal auditing engagement communications prior to their release. C. Determine whether scope limitations impede the ability of the internal audit activity to execute its responsibilities. D. Review and approval of engagement work programs.

C. Determine whether scope limitations impede the ability of the internal audit activity to execute its responsibilities. The CAE should report functionally to the board (audit committee) to achieve organizational independence and allow the internal audit activity to fulfill its responsibilities. Functional reporting to the board typically involves, among other things, making appropriate inquiries of management and the CAE to determine whether audit scope or budgetary limitations impede the ability of the internal audit activity to fulfill its responsibilities.

Vouching entails verifying recorded amounts by examining the underlying documents from the _____ documents to the _____ documents. A. Original; subsequent. B. Final; previous. C. Final; original. D. Original; final.

C. Final; original. Vouching entails verifying recorded amounts by examining the underlying documents from the final documents to the original documents. The engagement objective of working backward is to provide information that recorded amounts reflect valid transactions. Vouching supports the existence or occurrence assertion. Vouching is irrelevant to the completeness assertion, because the existence of records of some transactions does not prove that all transactions were recorded.

An organization wants to improve on its performance measures for a new business line. Which type of benchmarking is most likely to provide information useful for this purpose? A. Competitive B. Internal C. Functional D. Generic

C. Functional The type of benchmarking most likely to help improve performance measures for a new business line is functional benchmarking. Comparison with organizations that perform related functions within the same technological area provides information about what is being achieved elsewhere in the new business line.

In developing an engagement work program and communicating engagement results, the internal auditor should be alert for a condition that might reflect low materiality of an observation but high relative risk to the overall operation of the organization. Which of the following conditions would reflect such a situation? A. The cashier is commingling personal funds with a US $1,000 imprest cash fund. B. Many random clerical errors arise from the desire of employees to meet production quotas. C. No written quality-assurance procedure exists for a high-volume production line item with low unit cost that has a 15% scrap experience. D. Levels of approval authority for purchasing personnel are not set forth in the manual of purchasing procedures.

C. No written quality-assurance procedure exists for a high-volume production line item with low unit cost that has a 15% scrap experience. Certain transactions (e.g., cash) are subject to a greater risk of fraud, and engagement procedures for them may need to be carried out in a more conclusive manner. Materiality relates to the qualitative or quantitative significance of an item. Thus, in planning the engagement, internal auditors consider, among other things, significant risks and opportunities for significant improvements (Perf. Std. 2201). A 15% scrap experience for a high-volume item with a low unit cost may not be material, but the absence of a quality assurance program suggests a high probability of errors or fraud (relative risk).

The internal auditors' ultimate responsibility for information security includes: A. Identifying technical aspects, risks, processes, and transactions to be examined. B. Documenting engagement procedures. C. Periodically assessing information security practices. D. Determining the scope and degree of testing to achieve engagement objectives.

C. Periodically assessing information security practices. Internal auditors should periodically assess the organization's information security practices and recommend, as appropriate, enhancements to, or implementation of, new controls and safeguards. Following an assessment, an assurance report should be provided to the board. Such assessments can either be conducted as separate stand-alone engagements or as multiple engagements integrated into other audits or engagements conducted as part of the approved audit plan.

Fact Pattern:You are the chief audit executive of a parent organization that has foreign subsidiaries. Independent external audits performed for the parent are not conducted by the same firm that conducts the foreign subsidiary audits. Because the internal audit activity occasionally provides direct assistance to both external firms, you have copies of audit programs and selected working papers produced by each firm. The foreign subsidiary's external audit firm wants to rely on an audit of a function at the parent organization. The audit was conducted by the internal audit activity. To place reliance on the work performed, the foreign subsidiary's auditors have requested copies of the working papers. What is the most appropriate response to the foreign subsidiary's auditors? A. Ask the board for permission to release the working papers. B. Ask the parent's audit firm if it is appropriate to release the working papers. C. Provide copies of the working papers. D. Refuse to provide the working papers under any circumstances.

C. Provide copies of the working papers. Coordination involves access to each other's work programs, working papers, and reports (IG 2050). Access is provided to external auditors for them to be satisfied as to the acceptability, for external audit purposes, of relying on the internal auditors' work.

No incentive for efficiency or economy may exist in a cost-plus construction contract for small, unique projects. The potential exists for inflated costs. An appropriate control to encourage efficiency and economy in these contracts is A. Elimination of change orders to the contract. B. Use of an agreed-upon price for each unit of work. C. Provision for maximum costs and sharing any savings. D. A checklist approach to the review of contract costs.

C. Provision for maximum costs and sharing any savings. Under a cost-plus contract, the contractor receives a sum equal to cost plus a fixed amount or a percentage of cost. This arrangement has the benefit to the contractor of allowing for the effects of events that cannot be specifically anticipated. The disadvantages are that the contractor's incentive for controlling costs is reduced and the opportunity to overstate costs is created. Consequently, the contract should include a provision for maximum costs and sharing of any savings. The contractor will be encouraged to be efficient.

According to the International Professional Practices Framework, internal audit resources are effectively deployed when A. According to the International Professional Practices Framework, internal audit resources are effectively deployed when B. There are more opportunities to achieve operating benefits for the engagement client. C. They are used in a way that optimizes the achievement of the approved plan. D. The internal audit staff has the necessary attributes for the planned activities.

C. They are used in a way that optimizes the achievement of the approved plan. According to the Interpretation of Standard 2030, "Resources are effectively deployed when they are used in a way that optimizes the achievement of the approved plan." The CAE is primarily responsible for the sufficiency and management of resources, including communication of needs and status to senior management and the board. Resources are effectively deployed by assigning qualified auditors and developing an appropriate resourcing approach and organizational structure.

Which of the following is an appropriate statement of an engagement objective? A. To search for the existence of obsolete inventory by computing inventory turnover by product line. B. To observe the physical inventory count. C. To determine whether inventory stocks are sufficient to meet projected sales. D. To include information about stockouts in the final engagement communication.

C. To determine whether inventory stocks are sufficient to meet projected sales. An engagement objective is a broad statement developed by internal auditors to define intended engagement accomplishments (The IIA Glossary). Determining whether inventory stocks are sufficient to meet projected sales is an engagement objective because it defines an audit accomplishment, not an engagement procedure. A procedure is designed to gather information that corroborates and documents conclusions about objectives.

An internal audit team is performing a due diligence audit to assess plans for a potential merger/acquisition. Which of the following would be the least valid reason for a company to merge with or acquire another company? A. To respond to government policy. B. To diversify risk. C. To increase stock prices. D. To reduce labor costs.

C. To increase stock prices. A due diligence engagement is a service to determine the business justification for a major transaction, such as a business combination, and whether that justification is valid. Thus, the internal auditors and others may be part of a team that reviews the acquiree's operations, controls, financing, or disclosures of financial information. Increasing stock prices is not often a valid reason for a merger or acquisition. A business combination should be undertaken because it offers long-term fundamental competitive advantages. Increasing stock prices is an effect that can be achieved through other methods that directly improve the organization's performance.

The primary difference between operational engagements and financial engagements is that, in the former, the internal auditors A. Are not concerned with whether the client entity is generating information in compliance with financial accounting standards. B. Start with the financial statements of the client entity and work backward to the basic processes involved in producing them. C. Can use analytical skills and tools that are not necessary in financial engagements. D. Are seeking to help management use resources in the most effective manner possible.

D. Are seeking to help management use resources in the most effective manner possible. The primary objective of a financial engagement is to express an opinion on the fairness of the financial statements. Operational engagements evaluate accomplishment of established objectives and goals for operations or programs and economical and efficient use of resources.

The chief audit executive for a retail merchandise sales organization is considering engagement assignments for inclusion in the work schedule for the upcoming year. The following areas have not been evaluated recently, and there are no known reasons that they should be given immediate attention. If resources are scarce, which project should be given priority? A. Budget preparation and forecasts. B. Corporate code of ethics and conflict of interest policy. C. Employee time reporting system. D. Cash management and credit policy.

D. Cash management and credit policy. Of the areas listed, cash management and credit policy in a retail merchandise sales organization would likely rank the highest in financial exposure and risk of potential loss.

The chief audit executive plans to meet with the independent external auditor to discuss joint efforts regarding an upcoming external audit of the organization's pension plan. The independent external auditor has performed all external audit work in this area in the past. The CAE's objective is to A. Ascertain which account balances have been tested by the independent external auditor so that the internal auditors may test the internal controls to determine the reliability of these balances. B. Determine whether work in this area could not be performed exclusively by the internal auditors. C. Determine whether the independent external auditor's techniques, methods, and terminology should be used by internal auditors in this area to conform with past work or to use techniques consistent with those used by other internal auditors. D. Coordinate the external audit so as to fulfill professional responsibilities and not duplicate work of the independent external auditor.

D. Coordinate the external audit so as to fulfill professional responsibilities and not duplicate work of the independent external auditor. Planned audit activities of internal and external auditors need to be discussed to ensure that audit coverage is coordinated and duplicate efforts are minimized if possible.

On a balanced scorecard, which of the following is not a customer satisfaction measure? A. Market share B. Response time C. Customer retention D. Economic value added

D. Economic value added Customer satisfaction measures include market share, retention, response time, delivery performance, number of defects, and lead time. Economic value added, or EVA, is a profitability (financial) measure.

The phase of the benchmarking process in which the team must be able to justify its recommendations is the A. Prioritize benchmarking projects phase. B. Researching and identifying best in class performance phase. C. Data analysis phase. D. Implementation phase.

D. Implementation phase. Leadership is most important in the implementation phase of the benchmarking process because the team must be able to justify its recommendations. Also, the process improvement teams must manage the implementation of approved changes.

The internal audit activity of a large organization has established its operating plan and budget for the coming year. The operating plan is restricted to the following categories: a prioritized listing of all engagements, staffing, a detailed expense budget, and the commencement date of each engagement. Which of the following best describes the major deficiency of this operating plan? A. Opportunities to achieve operating benefits are ignored. B. Requests by management for special projects are not considered. C. Knowledge, skills, and other competencies required to perform work are ignored. D. Measurability criteria and targeted dates of completion are not provided.

D. Measurability criteria and targeted dates of completion are not provided. The goals of the internal audit activity should be capable of accomplishment within given operating plans and budgets and should be measurable to the extent possible. They should be accompanied by measurement criteria and targeted dates of accomplishment.

The internal auditor finds a situation in which one person has the ability to collect receivables, make deposits, issue credit memos, and record receipt of payments. The internal auditor suspects the individual may be stealing from cash receipts. Which of the following engagement procedures is most effective in discovering fraud in this scenario? A. Send positive confirmations to a random selection of customers. B. Send negative confirmations to all outstanding accounts receivable customers. C. Take a sample of bank deposits and trace the detail in each bank deposit back to the entry in the cash receipts journal. D. Perform a detailed review of debits to customer discounts, sales returns, or other debit accounts, excluding cash posted to the cash receipts journal.

D. Perform a detailed review of debits to customer discounts, sales returns, or other debit accounts, excluding cash posted to the cash receipts journal. Debits to customer discounts, sales returns, etc., are the most likely accounts to be affected if this person were attempting to conceal a theft of cash payments without alerting customers. Seeking confirmation from customers and tracing bank balances will not detect the fraud because neither customer statements nor bank records will contain evidence of fraud.

In which type of assurance engagement should an auditor focus on organizational objectives? A. Financial audit engagement B. Operational audit engagement C. Quality audit engagement D. Performance audit engagement

D. Performance audit engagement In a performance audit engagement, auditors perform efficient and cost-effective audits by focusing on achievement of organizational objectives, that is, key performance indicators.

An audit found that the cost of some material installed on capital projects had been transferred to the inventory account because the capital budget had been exceeded. Which of the following would be an appropriate technique for the internal audit activity to use to monitor this situation? A. Identify variances between amounts capitalized each month and the capital budget. B. Compare inventory receipts with debits to the inventory account and investigate discrepancies. C. Analyze a sample of capital transactions each quarter to detect instances in which installed material was transferred to inventory. D. Review all journal entries that transferred costs from capital to inventory accounts.

D. Review all journal entries that transferred costs from capital to inventory accounts. Some transfers from capital accounts to inventory may be legitimate, for example, because materials previously transferred from inventory were unused. However, the transfer of costs actually incurred for capital projects back to inventory misstates both accounts and undermines the budget process. Accordingly, the auditors should review all journal entries that transferred costs from capital to inventory accounts.

The chief audit executive for a large decentralized organization has developed a manual containing comprehensive detailed written procedures as a guide for the decentralized engagement work groups, each of which has 20 to 30 internal auditors. The organization recently acquired a small organization that has an internal audit activity consisting of a supervisor and two staff personnel. Which of the following actions is the most practical in providing administrative guidance for this new internal audit activity? A. Adopt the administrative procedures being followed by the internal auditors of the acquired organization. B. Use informal supervisory direction for engagement management issues. C. Use the already developed manual. D. Select key procedures from the manual and use informal supervisory direction for other engagement management issues.

D. Select key procedures from the manual and use informal supervisory direction for other engagement management issues. Orientation to acquaint the acquired organization's staff with the established environment should be through exposure to selected key procedures from the formal manual. The form and content of policies and procedures are dependent upon the size and structure of the internal audit activity and the complexity of its work (Inter. Std. 2040). Thus, a small internal audit activity may be managed informally, for example, through daily close supervision and written memoranda.

Which of the following statements most accurately reflects the chief audit executive's responsibilities for internal audit resources? A. The CAE is responsible for evaluating the detailed summary of audit resources presented by management to the board. B. The CAE is responsible for ensuring that audit coverage is based on the periodic skills assessment. C. The CAE is not responsible for such human resource functions as evaluation and development. D. The CAE is responsible for communicating resource needs to the board but has no explicit responsibility for administering the organization's compensation program.

D. The CAE is responsible for communicating resource needs to the board but has no explicit responsibility for administering the organization's compensation program. The CAE must ensure that internal audit resources are appropriate, sufficient, and effectively deployed to achieve the approved plan. This includes the effective communication of resource needs and reporting of status to senior management and the board. Responsibility for administering the organization's compensation program normally resides in the human resources (personnel) area.

An example of a competitive financial benchmark is A. A data cap on the information technology department at each plant. B. The average actual cost per pound of a specific product at the organization's most efficient plant. C. The customer satisfaction rating of a comparable process from an organization in a different industry. D. The labor rate of comparably skilled employees at a major competitor's plant.

D. The labor rate of comparably skilled employees at a major competitor's plant. The labor rate at a major competitor's plant is an example of a competitive benchmark in the form of a financial measure. A competitive benchmarking studies a competitor organization.

The personnel department receives an edit listing of payroll changes processed at every payroll cycle. If it does not verify the changes processed, the result could be A. Labor hours charged to the wrong account in the cost reporting system B. Employees not being asked if they want to contribute to the company pension plan. C. Inaccurate payroll deductions. D. Undetected errors in payroll rates for new employees.

D. Undetected errors in payroll rates for new employees. The personnel department is responsible for authorization and execution of payroll transactions, e.g., hiring of new employees and determining their pay rates. Hence, this department's verification of the payroll changes listing used in data processing is an important control over payroll processing.

T/F - An EHS audit program may be transaction-focused or management systems-focused.

FALSE - An EHS audit program may be compliance-focused or management systems-focused.

T/F While planning the engagement, the audit committee is responsible for determining how, when, and to whom engagement results will be communicated.

False The CAE determines how, when, and to whom engagement results will be communicated.

Which of the following procedures is the most valuable in an engagement involving the traffic department operations of a large manufacturer? A. Obtain written confirmation from the regulatory agencies that all carriers used are properly licensed and bonded. B. Review procedures for selection of routes and carriers. C. Verify that all bills of lading are prenumbered. D. Trace selected items from the weekly demurrage (car detention charge) report to supporting documentation.

NOTE OPERATIONS IN THE QUESTION B. Review procedures for selection of routes and carriers.

T/F The risk assessment in the planning phase of an internal auditing engagement identifies possible "objectives."

TRUE According to Impl. Std. 2210.A1, "Internal auditors must conduct a preliminary assessment of the risks relevant to the activity under review. Engagement objectives must reflect the results of this assessment."

T/F: Cost-plus contracts provide little incentive to contractors for economy and efficiency

TRUE Cost-plus contracts are ways to cope with uncertainties about costs by setting a price equal to cost plus a fixed amount or cost plus a fixed percentage of cost. A problem is that the contractor may have little incentive for economy and efficiency, a reason for careful review by the internal auditors.

T/F: The IIA's Three Lines Model describes risk management as a first line role.

TRUE: The Three Lines Model is based on six principles. One principle states that structures and processes should enable managerial actions (including risk management) to achieve objectives through risk-based decisions. Another principle defines first line and second line roles. For example, second line roles assist with risk management (a first line role) by providing expertise, support, monitoring, and challenge.

T/F: The most important function of the audit committee is to promote the independence of the internal and external auditors by protecting them from management's influence.

TRUE: The most important function of the audit committee is to promote the independence of the internal and external auditors by protecting them from management's influence.


Ensembles d'études connexes

WGU - Introduction to Cryptography (v5)

View Set

Lecture 19: Genetic Disease and DNA Repair

View Set

Chapter 6: Cost-Volume-Profit Relationships

View Set

Chapter 12: Workers' Compensation

View Set

Chapter 21 and 22: Working Capital Management

View Set

APUSH 401-450 Andrew Jackson, Early 1800s Literature

View Set

Course 3 Connect and Protect: Networks and Network Security

View Set

Physics Chapter 6 - Work and Energy

View Set

Chapter 5, I: Principles of Verbal Messages

View Set