CIA Study Unit 2

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which of the following privacy terms is matched with an accurate example of the term? A. Term Privacy of space Example Freedom from surveillance B. Term Privacy of information Example Freedom from monitoring C. Term Personal privacy Example Freedom from monitoring D. Term Privacy of communication Example Freedom from surveillance

A. Term Privacy of space Example Freedom from surveillance

The element(s) of a control self-assessment (CSA) performed using one of the facilitated team workshop approaches include(s) 1. Treating participating employees as process owners. 2. Taking a simple yes/no survey of employees regarding risks and controls. 3. Interviewing employees separately in the field. A. 1 only. B. 2 only. C. 2 and 3. D. 1, 2, and 3.

A. 1 only.

A program-results engagement is most likely to be performed on A. An activity not part of normal operations. B. The purchasing and receiving departments. C. Safety practices and scrap handling. D. Distribution of services and materials.

A. An activity not part of normal operations.

In managing internal audit resources, the CAE considers all of the following except A. Benchmarking. B. Succession planning. C. Staff evaluation and development. D. Resourcing needs.

A. Benchmarking.

Which of the following statements about control self-assessment (CSA) is false? A. CSA is usually an informal and undocumented process. B. In its purest form, CSA integrates business objectives and risks with control processes. C. CSA is also known as control/risk self-assessment. D. Most implemented CSA programs share some key features and goals.

A. CSA is usually an informal and undocumented process.

The chief audit executive's (CAE) responsibility for assessing and reporting on control processes includes A. Communicating to senior management and the board an annual judgment about internal control. B. Overseeing the establishment of internal control processes. C. Maintaining the organization's governance processes. D. Arriving at a single assessment based solely on the work of the internal audit activity.

A. Communicating to senior management and the board an annual judgment about internal control.

Management is evaluating the need for an environmental audit program. Which one of the following should not be included as an overall program objective? A. Conduct site assessments at all waste-producing facilities. B. Verify organizational compliance with all environmental laws. C. Evaluate waste minimization opportunities. D. Ensure management systems are adequate to minimize future environmental risks.

A. Conduct site assessments at all waste-producing facilities.

If a department outside of the internal audit activity is responsible for reviewing a function or process, the internal auditors should A. Consider the work of the other department when assessing the function or process. B. Ignore the work of the other department and proceed with an independent audit. C. Reduce the scope of the audit since the work has already been performed by the other department. D. Yield the responsibility for assessing the function or process to the other department.

A. Consider the work of the other department when assessing the function or process.

With regard to providing an assurance service for the organization's privacy framework, the internal audit activity assesses the adequacy of risk identification and controls. The internal audit activity also A. Considers practices in relevant jurisdictions. B. Confirms to the board that information security is the IAA's responsibility. C. Performs a consulting engagement to provide advice on information security protocols. D. Devises and implements controls.

A. Considers practices in relevant jurisdictions.

A company has computerized sales and cash receipts journals. The computer programs for these journals have been properly debugged. The auditor discovered that the total of the accounts receivable subsidiary accounts differs materially from the accounts receivable control account. This discrepancy could indicate A. Credit memoranda being improperly recorded. B. Lapping of receivables. C. Receivables not being properly aged. D. Statements being intercepted prior to mailing.

A. Credit memoranda being improperly recorded.

Which of the following is part of the board's role in protecting against privacy threats? A. Establishing a privacy framework. B. Identifying the information gathered by the organization that is deemed personal or private. C. Identifying the methods used to collect information. D. Determining whether the use of the information collected is in accordance with its intended use and the laws.

A. Establishing a privacy framework.

After using the same public accounting firm for several years, the board of directors retained another public accounting firm to perform the annual financial audit in order to reduce the annual audit fee. The new firm has now proposed a one-time engagement relating to the cost-effectiveness of the various operations of the business. The chief audit executive has been asked to advise management in making a decision on the proposal. An argument can be made that the internal audit activity is better able to perform such an engagement because A. External auditors may not possess the same depth of understanding of the organization as the internal auditors. B. Internal auditors are required to be objective in performing engagements. C. Engagement procedures used by internal auditors are different from those used by external auditors.

A. External auditors may not possess the same depth of understanding of the organization as the internal auditors.

What is the most accurate term for the procedures used by the board to oversee activities performed to achieve organizational objectives? A. Governance. B. Control. C. Risk management. D. Monitoring.

A. Governance.

An advantage of conducting environmental audits under the direction of the internal audit activity is that A. Independence and authority are already in place. B. Technical expertise is more readily available. C. The financial aspects are de-emphasized. D. Internal auditing work products are confidential.

A. Independence and authority are already in place.

Which of the following statements is false with respect to information security? A. Internal auditors should determine that senior management and the board, audit committee, or other governing body have a clear understanding that information reliability and integrity is the responsibility of the internal audit activity. B. The chief audit executive should determine that the internal audit activity possesses, or has access to, competent auditing resources to evaluate information security and associated risk exposures. C. Internal auditors should periodically assess the organization's information security practices and recommend, as appropriate, enhancements to, or implementation of, new controls and safeguards. D. Internal auditors should assess the effectiveness of preventive, detective, and mitigative measures against past attacks, as deemed appropriate, and future attempts or incidents deemed likely to occur.

A. Internal auditors should determine that senior management and the board, audit committee, or other governing body have a clear understanding that information reliability and integrity is the responsibility of the internal audit activity.

Although all the current members of an internal audit activity have good records of performance, the manager is not sure if any of the members are ready to assume a management role. Which of the following is an advantage of bringing in an outsider rather than promoting from within? A. Management training costs are reduced when a qualified outsider is hired. B. The manager can be sure that the new position will be filled by a competent employee. C. Bringing in an outsider is a less expensive alternative than promoting from within. D. The "modeling" effect is strengthened by bringing in a new role model.

A. Management training costs are reduced when a qualified outsider is hired.

What is the role of a chief audit executive (CAE) with regard to an inspection by a regulator? A. Meet with the regulator before and after the inspection to provide relevant information or receive advice on necessary compliance. B. Meet with the regulator after the inspection to dispute any negative findings about compliance. C. Tour the facility with the regulator to ensure that no problems are uncovered. D. Meet with specific managers to protect proprietary information.

A. Meet with the regulator before and after the inspection to provide relevant information or receive advice on necessary compliance.

An internal auditor discovers during an engagement involving the entity's environmental, health, and safety (EHS) department that department personnel are poorly informed about legal issues resulting from discharging waste into municipal water sources. The EHS function is small. Which of the following is the best course of action for the auditor to take? A. Note the control weakness and perform additional procedures to help determine its potential effects. B. Arrange for a training session for the EHS staff with experts in the field of wastewater legal issues. C. Immediately narrow the scope of the engagement to examine wastewater discharge. D. Report possible violations to the relevant regulatory authority.

A. Note the control weakness and perform additional procedures to help determine its potential effects.

Controls should be designed to ensure that A. Operations are performed efficiently. B. Management's plans have not been circumvented by worker collusion. C. The internal audit activity's guidance and oversight of management's performance is accomplished economically and efficiently. D. Management's planning, organizing, and directing processes are properly evaluated.

A. Operations are performed efficiently.

Controls should be designed to provide reasonable assurance that A. Organizational objectives will be achieved economically and efficiently. B. Management's plans have not been circumvented by worker collusion. C. The internal audit activity's guidance and oversight of management's performance is accomplished economically and efficiently. D. Management's planning, organizing, and directing processes are properly evaluated.

A. Organizational objectives will be achieved economically and efficiently.

In selecting an instructional strategy for developing internal audit staff, a chief audit executive begins by reviewing A. Organizational objectives. B. Learning content. C. Learners' readiness. D. Budget constraints.

A. Organizational objectives.

Which of the following is a false statement about the relationship between internal auditors and external auditors? A. Oversight of the work of external auditors is the responsibility of the chief audit executive. B. Sufficient meetings are scheduled between internal and external auditors to ensure timely and efficient completion of the work. C. Internal and external auditors may exchange engagement communications and management letters. D. Internal auditors may provide engagement work programs and working papers to external auditors.

A. Oversight of the work of external auditors is the responsibility of the chief audit executive.

Which of the following is not an objective of an environmental audit program? A. Perform walkthroughs of all processes that contain identified environmental risks. B. Verify organizational compliance with all environmental laws. C. Review the reasonableness and likelihood of contingent liabilities accrued for environmental remediation. D. Ensure management systems are adequate to minimize future environmental risks.

A. Perform walkthroughs of all processes that contain identified environmental risks.

Fact pattern: You are the chief audit executive of a parent organization that has foreign subsidiaries. Independent external audits performed for the parent are not conducted by the same firm that conducts the foreign subsidiary audits. Because the internal audit activity occasionally provides direct assistance to both external firms, you have copies of audit programs and selected working papers produced by each firm. The foreign subsidiary's external audit firm wants to rely on an audit of a function at the parent organization. The audit was conducted by the internal audit activity. To place reliance on the work performed, the foreign subsidiary's auditors have requested copies of the working papers. What is the most appropriate response to the foreign subsidiary's auditors? A. Provide copies of the working papers. B. Ask the parent's audit firm if it is appropriate to release the working papers. C. Ask the board for permission to release the working papers. D. Refuse to provide the working papers under any circumstances.

A. Provide copies of the working papers.

The chief audit executive for a large decentralized organization has developed a manual containing comprehensive detailed written procedures as a guide for the decentralized engagement work groups, each of which has 20 to 30 internal auditors. The organization recently acquired a small organization that has an internal audit activity consisting of a supervisor and two staff personnel. Which of the following actions is the most practical in providing administrative guidance for this new internal audit activity? A. Select key procedures from the manual and use informal supervisory direction for other engagement management issues. B. Use informal supervisory direction for engagement management issues. C. Use the already developed manual. D. Adopt the administrative procedures being followed by the internal auditors of the acquired organization.

A. Select key procedures from the manual and use informal supervisory direction for other engagement management issues.

One of the main reasons total quality management (TQM) can be used as a strategic weapon is that A. The cumulative improvement from a company's TQM efforts cannot readily be copied by competitors. B. Introducing new products can lure customers away from competitors. C. Reduced costs associated with better quality can support higher shareholder dividends. D. TQM provides a comprehensive planning process for a business.

A. The cumulative improvement from a company's TQM efforts cannot readily be copied by competitors.

An organization is considering purchasing a commercial property. Because of the location of the property and the known recent history of activities on the property, management has asked the internal audit activity, in cooperation with legal counsel, to provide a preliminary identification of any environmental liability. The strongest reason supporting management's decision to request such an investigation is A. The potential for future liability may outweigh any advantages achieved by obtaining the property. B. Management will be able to pay a lower price for the property if environmental contamination can be identified. C. The current owner would be required by law to clean up all identified contamination before the sale is closed. D. Regulatory agencies require a purchaser to identify and disclose all actual and potential instances of contamination.

A. The potential for future liability may outweigh any advantages achieved by obtaining the property.

Staff members of the internal audit activity should be assigned to engagements and training projects that will enable them to develop their potential. Which of the following should be the most important consideration in making assignments that will allow staff members to develop properly? A. The skills and experience levels of individual auditors. B. Specific training requirements imposed by the Standards. C. The importance of giving all staff members extensive supervisory experience. D. Special interests of individual staff members.

A. The skills and experience levels of individual auditors.

When are governance, risk management, and control processes considered adequate? A. When management has planned and designed them to provide reasonable assurance of achieving the organization's objectives efficiently and economically. B. When management has planned and designed them to provide absolute assurance of achieving the organization's objectives efficiently and economically. C. When the internal audit activity has planned and designed them to provide reasonable assurance of achieving the organization's objectives efficiently and economically. D. When the company is profitable.

A. When management has planned and designed them to provide reasonable assurance of achieving the organization's objectives efficiently and economically.

An internal auditor is conducting an audit of a contract to build a new branch office. The auditor should consider whether the 1. Materials used in construction meet specified contractual standards. 2. Contractor has established a fraud hotline. 3. Construction is on schedule. A. 1 and 2 only. B. 1 and 3 only. C. 2 and 3 only. D. 1, 2, and 3.

B. 1 and 3 only.

A specific objective of an audit of a company's expenditure cycle is to determine whether all goods paid for have been received and charged to the correct account. This objective addresses which of the following primary objectives identified in the Standards? 1. Reliability and integrity of financial and operational information. 2. Compliance with laws, regulations, policies, procedures, and contracts. 3. Effectiveness and efficiency of operations and programs. 4. Safeguarding of assets. A. 1 and 2 only. B. 1 and 4 only. C. 1, 2, and 4 only. D. 2, 3, and 4 only.

B. 1 and 4 only.

Compliance programs most directly assist organizations by doing which of the following? 1. Developing a plan for business continuity management. 2. Determining director and officer liability. 3. Planning for disaster recovery. A. 1 only. B. 2 only. C. 1 and 2 only. D. 1, 2, and 3.

B. 2 only.

Management is exploring different ways of reducing or preventing pollution in manufacturing operations. The objective of a pollution prevention audit is to identify opportunities to minimize waste and eliminate pollution at the source. In what order should the following opportunities to reduce waste be considered? 1. Recycling and reuse 2. Elimination at the source 3. Energy conservation 4. Recovery as a usable product 5. Treatment A. 5, 2, 4, 1, and 3. B. 4, 2, 1, 3, and 5. C. 1, 3, 4, 2, and 5. D. 3, 4, 2, 5, and 1.

B. 4, 2, 1, 3, and 5.

The advantage attributed to the establishment of internal auditing field offices for work at foreign locations is best described as A. The possibility of increased objectivity of personnel assigned to a field office. B. A reduction of travel time and related travel expense. C. The increased ease of maintaining uniform organization-wide standards. D. More contact with senior personnel leading to an increase in control.

B. A reduction of travel time and related travel expense.

Policies and procedures must be established to guide the internal audit activity. Which of the following statements is false with respect to this requirement? A. The form and content of written policies and procedures depend on the size of the internal audit activity. B. All internal audit activities must have a detailed policies and procedures manual. C. Formal administrative and technical manuals may not be needed by all internal audit activities. D. A small internal audit activity may be managed informally through close supervision and memoranda.

B. All internal audit activities must have a detailed policies and procedures manual.

Which of the following best describes an internal auditor's initial responsibility regarding errors uncovered during a financial statement audit? A. Report the material errors. B. Assess the risk of misrepresentation. C. Discuss the situation with the engagement client. D. Inform the audit committee.

B. Assess the risk of misrepresentation

A sales department has been giving away expensive items in conjunction with new product sales to stimulate demand. The promotion seems successful, but management believes the cost may be too high and has asked for a review by the internal audit activity. Which of the following procedures would be the least useful to determine the effectiveness of the promotion? A. Comparing product sales during the promotion period with sales during a similar non-promotion period. B. Comparing the unit cost of the products sold before and during the promotion period. C. Performing an analysis of marginal revenue and marginal cost for the promotion period, compared to the period before the promotion. D. Performing a review of the sales department's benchmarks used to determine the success of a promotion.

B. Comparing the unit cost of the products sold before and during the promotion period.

In which of the following arrangements should an internal auditor be most concerned about the lack of an incentive for economy and efficiency? A. Fixed-price contract. B. Cost-plus contract. C. Unit-price contract. D. Source code escrow clause.

B. Cost-plus contract.

A certified internal auditor is the chief audit executive for a large city and is planning the engagement work schedule for the next year. The city has a number of different funds, some that are restricted in use by government grants and some that require compliance reports to the government. One of the programs for which the city has received a grant is job retraining and placement. The grant specifies certain conditions a participant in the program must meet to be eligible for the funding. The chief audit executive plans an engagement to verify that the job retraining program complies with applicable grant provisions. One of the provisions is that the city adopt a budget for the program and subsequently follow procedures to ensure that the budget is adhered to and that only allowable costs are charged to the program. In performing an engagement concerning compliance with this provision, the internal auditors should perform all of the following procedures except A. Determine that the budget was reviewed and approved by supervisory personnel within the city. B. Determine that the budget was reviewed and approved by supervisory personnel within the granting agency. C. Select a sample of expenditures to determine that the expenditures are (1) properly classified as to type, (2) appropriate to the program, and (3) designed to meet the program's objectives. D. Compare actual results with budgeted results and determine the reason for deviations. Determine if such deviations have been approved by appropriate officials.

B. Determine that the budget was reviewed and approved by supervisory personnel within the granting agency.

Internal auditors are increasingly called on to perform audits related to an organization's environmental stewardship. Which of the following does not describe the objectives of a type of environmental audit? A. Determine whether environmental management systems are in place and operating properly to manage future environmental risks. B. Determine whether environmental issues are considered as part of economic decisions. C. Determine whether the organization's current actions are in compliance with existing laws. D. Determine whether the organization is focusing efforts on ensuring that its products are environmentally friendly, and confirm that product and chemical restrictions are met.

B. Determine whether environmental issues are considered as part of economic decisions.

An organization's managerial decision-making model for capital budgeting is based on the net present value of discounted cash flows. The same organization's managerial performance evaluation model is based on annual divisional return on investment. Which of the following is true? A. Divisional managers are likely to maximize the measures in the decision-making model. B. Divisional managers are likely to maximize the measures in the performance evaluation model. C. The manager has an incentive to accept a project with a positive net present value that initially has a negative effect on net income. D. The use of models with different criteria promotes goal congruence.

B. Divisional managers are likely to maximize the measures in the performance evaluation model.

Which of the following is a key to successful total quality management (TQM)? A. Training quality inspectors. B. Focusing intensely on the customer. C. Creating appropriate hierarchies to increase efficiency. D. Establishing a well-defined quality standard, then focusing on meeting it.

B. Focusing intensely on the customer.

According to the International Professional Practices Framework, the internal audit activity is effectively managed when A. Policies on responsibilities of the internal audit activity are included in the organization's operations manual. B. Its individual members conform with the Code of Ethics and the Standards. C. Management oversees the day-to-day operations of the internal audit activity. D. It has the skill set and knowledge to help the organization achieve its objectives.

B. Its individual members conform with the Code of Ethics and the Standards.

In addressing internal audit resource needs for a complex engagement, the CAE may include all of the following except A. Other employees of the organization. B. Members of the audit committee. C. Specialized consultants. D. External service providers.

B. Members of the audit committee.

Using a balanced scorecard, an organization evaluates managerial performance based on A. A single ultimate measure of operating results, such as residual income. B. Multiple financial and nonfinancial measures. C. Multiple nonfinancial measures only. D. Multiple financial measures only.

B. Multiple financial and nonfinancial measures.

Fact pattern: You are the chief audit executive of a parent organization that has foreign subsidiaries. Independent external audits performed for the parent are not conducted by the same firm that conducts the foreign subsidiary audits. Because the internal audit activity occasionally provides direct assistance to both external firms, you have copies of audit programs and selected working papers produced by each firm. The foreign subsidiary's auditors would like to rely on some of the work performed by the parent organization's audit firm, but they need to review the working papers first. They have asked you for copies of the working papers of the parent organization's audit firm. What is the most appropriate response to the foreign subsidiary's auditors? A. Provide copies of the working papers without notifying the parent's audit firm. B. Notify the parent's auditors of the situation and request that they either provide the working papers or authorize you to do so. C. Provide copies of the working papers and notify the parent's audit firm that you have done so. D. Refuse to provide the working papers under any circumstances.

B. Notify the parent's auditors of the situation and request that they either provide the working papers or authorize you to do so.

The chief audit executive (CAE) is best defined as the A. Inspector general. B. Person responsible for the internal audit function. C. Outside provider of internal audit services. D. Person responsible for overseeing the contract with the outside provider of internal audit services.

B. Person responsible for the internal audit function.

Which type of engagement focuses on operations and how effectively and efficiently the organizational units affected will cooperate? A. Program-results engagement. B. Process engagement. C. Privacy engagement. D. Compliance engagement.

B. Process engagement.

Which of the following procedures is the most valuable in an engagement involving the traffic department operations of a large manufacturer? A. Obtain written confirmation from the regulatory agencies that all carriers used are properly licensed and bonded. B. Review procedures for selection of routes and carriers. C. Trace selected items from the weekly demurrage (car detention charge) report to supporting documentation. D. Verify that all bills of lading are prenumbered.

B. Review procedures for selection of routes and carriers.

Which of the following activities is outside the scope of internal auditing? A. Evaluating risk exposures regarding compliance with policies, procedures, and contracts. B. Safeguarding of assets. C. Evaluating risk exposures regarding compliance with laws and regulations. D. Ascertaining the extent to which management has established criteria to determine whether objectives have been accomplished.

B. Safeguarding of assets.

Internal audit resources should be appropriate, sufficient, and effectively deployed. Consequently, A. Resource planning should be limited to expected activities. B. The chief audit executive should perform a periodic skills assessment. C. Only members of the internal audit staff should perform internal audit activities. D. The chief audit executive ultimately must ensure the adequacy of resources.

B. The chief audit executive should perform a periodic skills assessment.

Briar Co. signed a government construction contract providing for a formula price of actual cost plus 10%. In addition, Briar was to receive one-half of any savings resulting from the formula price's being less than the target price of $2.2 million. Briar's actual costs incurred were $1,920,000. How much should Briar receive from the contract? A. $2,060,000 B. $2,112,000 C. $2,156,000 D. $2,200,000

C. $2,156,000

An organization should use due care not to delegate substantial discretionary authority to individuals the organization knows have a propensity to engage in illegal activities. Which of the following are steps an organization can take to ensure that such individuals are detected? 1. Screening of applicants for employment at all levels for evidence of past wrongdoing, especially past criminal convictions within the company's industry. 2. Asking professionals about any history of discipline in front of licensing boards. 3. Performing background checks without permission on employees' or applicants' credit reports to ensure that they are financially sound and are unlikely to commit theft or fraud. A. 1 only. B. 3 only. C. 1 and 2 only. D. 1, 2, and 3.

C. 1 and 2 only.

Which of the following potentially is (are) subject to the internal auditors' evaluations? 1. The human resources function. 2. The purchasing process. 3. The manufacturing and production database system. A. 1 only. B. 2 only. C. 1, 2, and 3. D. None of the answers are correct.

C. 1, 2, and 3.

Before internal auditors begin to offer consulting services to an organization, a number of things need to happen within the organization. What is the order in which the following items should be performed? 1. The internal audit charter is amended to include authority and responsibilities for consulting activities. 2. The CAE confirms that the board understands and approves the concept of providing consulting services. 3. The internal audit activity develops appropriate policies and procedures for conducting such engagements. A. 1, 2, 3. B. 2, 3, 1. C. 2, 1, 3. D. 3, 2, 1.

C. 2, 1, 3.

The key factor in the success of an internal audit activity's human resources program is A. An informal program for developing and counseling staff. B. A compensation plan based on years of experience. C. A well-developed set of selection criteria. D. A program for recognizing the special interests of individual staff members. Answer Explanation

C. A well-developed set of selection criteria.

As part of a manufacturing company's environmental, health, and safety (EHS) self-inspection program, inspections are conducted by a member of the EHS staff and the operational manager for a given work area or building. If a deficiency cannot be immediately corrected, the EHS staff member enters it into a tracking database that is accessible to all departments via a local area network. The EHS manager uses the database to provide senior management with quarterly activity reports regarding corrective action. During review of the self-inspection program, an auditor notes that the operational manager enters the closure information and affirms that corrective action is complete. What change in the control system would compensate for this potential conflict of interest? A. No additional control is needed because the quarterly report is reviewed by senior management, providing adequate oversight in this situation. B. No additional control is needed because those implementing a corrective action are in the best position to evaluate the adequacy and completion of that action. C. After closure is entered into the system, review by the EHS staff member of the original inspection team should be required in order to verify closure. D. The EHS department secretary should be responsible for entering all information into the tracking system based on memos from the operational manager.

C. After closure is entered into the system, review by the EHS staff member of the original inspection team should be required in order to verify closure.

Employees have the most confidence in a hotline monitored by which of the following? A. An expert from the legal department, backed by a nonretaliation policy. B. An in-house representative, backed by a retaliation policy. C. An on-site ombudsperson, backed by a nonretaliation policy. D. An off-site attorney who can better protect attorney-client privilege.

C. An on-site ombudsperson, backed by a nonretaliation policy.

A performance audit engagement typically involves A. Review of financial statement information, including the appropriateness of various accounting treatments. B. Tests of compliance with policies, procedures, laws, and regulations. C. Appraisal of the business and control environment and comparison against established criteria. D. Evaluation of organizational and departmental structures, including assessments of process flows.

C. Appraisal of the business and control environment and comparison against established criteria.

Which of the following is true about the principle of value proposition to an organization? A. The internal audit function does not add value to an organization. B. Only the consulting activities of the internal audit function provide value. C. Both the assurance and consulting activities add value to the organization. D. Only the assurance activities of the internal audit function add value to the organization.

C. Both the assurance and consulting activities add value to the organization.

To improve their efficiency, internal auditors may rely upon the work of external auditors if it is A. Performed after the internal auditing work. B. Primarily concerned with operational objectives and activities. C. Coordinated with internal auditing work. D. Conducted in accordance with the Code of Ethics.

C. Coordinated with internal auditing work.

An auditor is conducting a performance audit to provide assurance on an organization's balanced scorecard. The organization's main objective is to increase market share by 7% in the coming year. Management diverted 5% of the operating budget from the customer service department to the research and development department to increase product innovation. Management had predicted that increased product innovation would increase market share. However, market share did not increase substantially in the first quarter. Which measure should the auditor review as a result of the failure to increase market share? A. Product innovation. B. Market share. C. Customer satisfaction. D. Employee development.

C. Customer satisfaction.

The internal audit activity has recently experienced the departure of two internal auditors who cannot be immediately replaced due to budget constraints. Which of the following is the least desirable option for efficiently completing future engagements, given this reduction in resources? A. Using self-assessment questionnaires to address audit objectives. B. Employing information technology in audit planning, sampling, and documentation. C. Eliminating consulting engagements from the engagement work schedule. D. Filling vacancies with personnel from operating departments that are not being audited.

C. Eliminating consulting engagements from the engagement work schedule.

The IIA's Three Lines Model states that the roles of an organization's governing body most likely include A. Assisting with risk management. B. Delivering products to clients. C. Ensuring that organizational objectives align with stakeholders' interests. D. Providing assurance and advice that instills confidence and clarity.

C. Ensuring that organizational objectives align with stakeholders' interests.

The audit committee strengthens the control processes of an organization by A. Assigning the internal audit activity responsibility for interaction with governmental agencies. B. Using the chief audit executive as a major resource in selecting the external auditors. C. Following up on recommendations made by the chief audit executive. D. Approving internal audit activity policies.

C. Following up on recommendations made by the chief audit executive.

The reliability and integrity of all critical information of an organization, regardless of the media in which the information is stored, is the responsibility of A. Shareholders. B. IT department. C. Management. D. All employees.

C. Management.

Internal auditors need to consider protection of personally identifiable information obtained during an audit. Applicable laws most likely A. Do not establish requirements for an organization to implement privacy controls. B. Permit personal information to be used for any purpose if disclosure of a purpose was made at collection. C. May prohibit recording personal information in engagement records in some cases. D. Require personal information to be encrypted when recorded and stored in digital form.

C. May prohibit recording personal information in engagement records in some cases.

The internal auditors' ultimate responsibility for information security includes A. Identifying technical aspects, risks, processes, and transactions to be examined. B. Determining the scope and degree of testing to achieve engagement objectives. C. Periodically assessing information security practices. D. Documenting engagement procedures.

C. Periodically assessing information security practices.

All of the following would be part of a factory's control system to prevent release of wastewater that does not meet discharge standards except A. Performing chemical analysis of the water, prior to discharge, for components specified in the permit. B. Specifying (by policy, training, and advisory signs) which substances may be disposed of via sinks and floor drains within the factory. C. Periodically flushing sinks and floor drains with a large volume of clean water to ensure pollutants are sufficiently diluted. D. Establishing a preventive maintenance program for the factory's pretreatment system.

C. Periodically flushing sinks and floor drains with a large volume of clean water to ensure pollutants are sufficiently diluted.

Fact pattern: You are an internal auditing supervisor who is reviewing the working papers of a staff internal auditor's overall examination of the firm's sales function. The pages are not numbered or cross-referenced. Furthermore, the working papers were dropped and reassembled at random before they were brought to you. You decide to put the working papers in the proper order according to the Standards. The first stage of this activity is to identify each page as a part of the preliminary survey, the review of the adequacy of control processes, the review for effectiveness of control processes, or the review of results. The first page the supervisor selects documents a test of controls performed during the course of the engagement. This page belongs with which activity? A. Preliminary survey. B. Review for adequacy of control processes. C. Review for effectiveness of control processes. D. Review of results.

C. Review for effectiveness of control processes.

An auditor is scheduled to audit payroll controls for an organization that has recently outsourced its information processing to an external service provider (ESP). The ESP's external auditor has issued reports pertaining to the ESP's controls and made it readily available to the internal auditor. What action should the auditor take, considering the outsourcing decision? A. Review only the ESP's external auditor. B. Review only the organization's controls over data sent to and received from the ESP. C. Review the control reports and ensure that the ESP's external auditor is credible and reliable. D. Cancel the engagement because the processing is being performed outside of the organization.

C. Review the control reports and ensure that the ESP's external auditor is credible and reliable.

Privacy of space is best defined as freedom from A. Invasion of physical privacy. B. Monitoring of communications. C. Surveillance. D. Disclosure of personal information by others.

C. Surveillance.

Which of the following statements about the chief audit executive's responsibilities for internal audit resources is most accurate? A. The CAE is responsible for ensuring that audit coverage is based on the skills of the internal audit activity. B. The CAE is responsible for presenting a detailed summary of audit resources to management. C. The CAE is responsible for the effective deployment of resources to achieve the approved audit plan. D. The CAE is responsible for administering the organization's compensation program.

C. The CAE is responsible for the effective deployment of resources to achieve the approved audit plan.

Which of the following is true about the interaction of the internal audit function and the environmental audit function? A. If the environmental audit function reports to someone other than the CAE, the CAE should not offer to review the audit plan since (s)he was not consulted to do so. B. It is not advantageous for the internal audit function to conduct environmental audits since it is too busy with its current responsibilities. C. The CAE should evaluate whether the environmental auditors are conforming to recognized professional auditing standards and a recognized code of ethics. D. The CAE should not evaluate the organizational placement and independence of the environmental audit function since the internal function has no control over a separate environmental audit function.

C. The CAE should evaluate whether the environmental auditors are conforming to recognized professional auditing standards and a recognized code of ethics.

Which of the following statements is true regarding coordination of internal and external auditing efforts? A. The chief audit executive should not give information about illegal acts to an external auditor because external auditors may be required to report the matter to the board or regulatory agencies. B. Ownership and the confidentiality of the external auditor's working papers prohibit their review by internal auditors. C. The chief audit executive should determine that appropriate follow-up and corrective action was taken by management when required regarding matters discussed in the external auditor's management letter. D. If internal auditors provide assistance to the external auditors in connection with the annual audit, such assistance is not subject to the Standards.

C. The chief audit executive should determine that appropriate follow-up and corrective action was taken by management when required regarding matters discussed in the external auditor's management letter.

Which of the following statements regarding the external auditor is true? A. Disputes between the external auditor and management are resolved through an arbitrator. B. Review of the external auditor's internal control and audit reports during each engagement is done by a different accounting firm. C. The external auditor's work is overseen and reviewed by the audit committee. D. Negotiation of the external auditor's fee is the responsibility of the corporate officers.

C. The external auditor's work is overseen and reviewed by the audit committee.

The internal audit activity (IAA) is effectively managed when A. Senior management creates its operating budget. B. The organization's human resources department hires the IAA's associates. C. Trends and emerging issues are considered. D. The board establishes policies and procedures for the IAA.

C. Trends and emerging issues are considered.

Which of the following are responsibilities of the chief audit executive (CAE)? 1. Coordinating activities with other providers of assurance and consulting services. 2. Understanding the work of external auditors. 3. Providing sufficient information to the external auditors to permit them to understand the internal auditors' work. A. 1 and 2 only. B. 2 and 3 only. C. 1 and 3 only. D. 1, 2, and 3.

D. 1, 2, and 3.

Which of the following is the proper way for an internal auditor to resolve conflict? 1. By the guidelines set out in the organization's code of conduct 2. By the guidelines set out in The IIA's Code of Ethics 3. The procedures designated by the CAE A. 1 and 2. B. 3 only. C. 1, 2, and 3. D. 2 only.

D. 2 only.

Which one of the following is not a core principle of total quality management (TQM)? A. A focus on customers and stakeholders. B. Participation and teamwork by everyone in the organization. C. A process focus supported by continuous improvement and learning. D. A focus on technological breakthroughs.

D. A focus on technological breakthroughs.

Which of the following criteria would be most useful to a sales department manager in evaluating the performance of the manager's customer-service group? A. The customer is always right. B. Customer complaints should be processed promptly. C. Employees should maintain a positive attitude when dealing with customers. D. All customer inquiries should be answered within 7 days of receipt.

D. All customer inquiries should be answered within 7 days of receipt.

Control self-assessment (CSA) is a method for examining and evaluating the organization's system of control, which includes A. Risk analysis. B. Self-assessment approaches. C. Traditional internal auditing concepts. D. All of the answers are correct.

D. All of the answers are correct.

Use of external service providers with expertise in healthcare benefits is appropriate when the internal audit activity is A. Evaluating the organization's estimate of its liability for postretirement benefits, which include healthcare benefits. B. Comparing the cost of the organization's healthcare program with other programs offered in the industry. C. Training its staff to conduct an audit of healthcare costs in a major division of the organization. D. All of the answers are correct.

D. All of the answers are correct.

Fact pattern: A certified internal auditor is the chief audit executive for a large city and is planning the engagement work schedule for the next year. The city has a number of different funds, some that are restricted in use by government grants and some that require compliance reports to the government. One of the programs for which the city has received a grant is job retraining and placement. The grant specifies certain conditions a participant in the program must meet to be eligible for the funding. The internal auditors must determine the applicable laws and regulations. Which of the following procedures is the least effective in learning about the applicable laws and regulations? A. Make inquiries of the city's chief financial officer, legal counsel, or grant administrators. B. Review prior-year working papers and inquire of officials as to changes. C. Review applicable grant agreements. D. Discuss the matter with the board and make inquiries as to the nature of the requirements and the board's objectives for the engagement.

D. Discuss the matter with the board and make inquiries as to the nature of the requirements and the board's objectives for the engagement.

In some countries, governmental units have established audit standards. For example, in the United States, the Government Accountability Office has developed standards for the conduct of governmental audits, particularly those that relate to compliance with government grants. In performing governmental grant compliance audits, the auditor should A. Be guided only by the governmental standards. B. Be guided only by The IIA Standards because they are more encompassing. C. Be guided by the more general standards that have been issued by the public accounting profession. D. Follow both The IIA Standards and any additional governmental standards.

D. Follow both The IIA Standards and any additional governmental standards.

Several members of an organization's senior management have questioned whether the internal audit activity should report to the newly established quality audit function as part of the total quality management process within the organization. The chief audit executive (CAE) has reviewed the quality audit standards and the programs that the quality audit manager has proposed. The CAE's response to senior management should include which of the following? A. Changing the applicable standards for internal auditing within the organization to provide compliance with quality audit standards. B. Changing the qualification requirements for new staff members to include quality audit experience. C. Estimating departmental cost savings that would result from the elimination of the internal audit activity. D. Identifying appropriate liaison activities with the quality audit function to ensure coordination of audit schedules and overall audit responsibilities.

D. Identifying appropriate liaison activities with the quality audit function to ensure coordination of audit schedules and overall audit responsibilities.

Fact pattern: The chief audit executive (CAE) of a mid-sized internal audit activity was concerned that management might outsource the internal auditing function. Thus, the CAE adopted a very aggressive program to promote the internal audit activity within the organization. The CAE planned to present the results to senior management and the board and recommend modification of the internal audit activity's charter after using the new program. The following lists six actions the CAE took to promote a positive image within the organization: 5. To save time, the CAE no longer required that a standard internal control questionnaire be completed for each engagement. Is Action 5 inappropriate? A. Yes. Internal control should be evaluated on every engagement, but the internal control questionnaire is not the mandated approach to evaluate the controls. B. No. Internal auditors may omit necessary procedures if there is a time constraint. It is a matter of professional judgment. C. Yes. Internal control should be evaluated on every engagement, and the internal control questionnaire is the most efficient method to do so. D. No. Internal auditors are not required to fill out internal control questionnaires on every engagement.

D. No. Internal auditors are not required to fill out internal control questionnaires on every engagement.

An audit committee should be designed to enhance the independence of both the internal and external auditing functions and to insulate these functions from undue management pressures. Using this criterion, audit committees should be composed of A. A rotating subcommittee of the board of directors or its equivalent. B. Only members from the relevant outside regulatory agencies. C. Members from all important constituencies, specifically including representatives from banking, labor, regulatory agencies, shareholders, and officers. D. Only external members of the board of directors or its equivalent.

D. Only external members of the board of directors or its equivalent.

A determination of cost savings is most likely to be an objective of a(n) A. Program-results engagement. B. Financial engagement. C. Compliance engagement. D. Operational engagement.

D. Operational engagement.

Which of the following is most essential for guiding the internal audit staff? A. Quality program assessments. B. Position descriptions. C. Performance appraisals. D. Policies and procedures.

D. Policies and procedures.

Which type of facilitated approach format begins by listing all possible barriers, obstacles, threats, and exposures that might prevent achieving an objective? A. Objective-based format. B. Control-based format. C. Process-based format. D. Risk-based format.

D. Risk-based format.

Organizations have multiple external (extended) business relationships (EBRs). They most likely involve A. Suppliers. B. Major customers. C. Regulators. D. Service providers.

D. Service providers.

All of the following are true regarding the process and methods of coordinating assurance activities except A. Assurance mapping connects significant risk categories and sources of assurance. B. In the combined assurance model, the internal audit activity coordinates with compliance activities. C. The formality of assurance activity coordination may vary with the size of the entity and any regulatory requirements. D. Sharing results with other providers violates the coordinating services agreement.

D. Sharing results with other providers violates the coordinating services agreement.

The primary difference between operational engagements and financial engagements is that, in the latter, the internal auditors A. Are not concerned with whether the client entity is generating information in compliance with financial accounting standards. B. Are seeking to help management use resources in the most effective manner possible. C. Can use analytical skills and tools that are not necessary in financial engagements. D. Start with the financial statements of the client entity and work backward to the basic processes involved in producing them.

D. Start with the financial statements of the client entity and work backward to the basic processes involved in producing them.

Which of the following statements most accurately reflects the chief audit executive's responsibilities for internal audit resources? A. The CAE is responsible for ensuring that audit coverage is based on the periodic skills assessment. B. The CAE is responsible for evaluating the detailed summary of audit resources presented by management to the board. C. The CAE is not responsible for such human resource functions as evaluation and development. D. The CAE is responsible for communicating resource needs to the board but has no explicit responsibility for administering the organization's compensation program.

D. The CAE is responsible for communicating resource needs to the board but has no explicit responsibility for administering the organization's compensation program.

Which of the following is an effective tool for uncovering unethical or illegal activity in an organization? A. The screening of applicants. B. The ethics interview. C. The background check. D. The ethics questionnaire.

D. The ethics questionnaire.

Which of the following is not an appropriate member of an audit committee? A. The vice president of the local bank used by the organization. B. An academic specializing in business administration. C. A retired executive of a firm that had been associated with the organization. D. The organization's vice president of operations.

D. The organization's vice president of operations.

Numerous environmental laws and regulations have recently changed. Senior management has asked the chief audit executive to perform an environmental audit to be completed as soon as possible. The internal audit activity currently is performing an operational audit. As a result, the chief audit executive must make difficult decisions about resource allocation. Which of the following is the least significant issue in determining whether to reallocate audit resources? A. The potential fraud discovered during the operational audit. B. Potential cost to the organization for noncompliance with the new environmental laws and regulations. C. The knowledge, skills, and competencies of the internal audit staff. D. The results from the prior financial audits.

D. The results from the prior financial audits.

According to the International Professional Practices Framework, internal audit resources are effectively deployed when A. The internal audit staff has the necessary attributes for the planned activities. B. The resources needed to accomplish the plan are adequate. C. There are more opportunities to achieve operating benefits for the engagement client. D. They are used in a way that optimizes the achievement of the approved plan.

D. They are used in a way that optimizes the achievement of the approved plan.

In most organizations, the rapidly expanding scope of internal auditing responsibilities requires continual training. What is the main purpose of such a training program? A. To comply with continuing education requirements of professional organizations. B. To use slack periods in engagement scheduling. C. To help individuals to achieve personal career goals. D. To achieve both individual and organizational goals.

D. To achieve both individual and organizational goals.


Ensembles d'études connexes

Unit 3 Test 2023 AMH2010-64: United States History

View Set

Foundations of Psychiatric Nursing SCC 4th quarter psych

View Set

Accounting Knowledge Check Review

View Set

Ch.6: Group 2 - Section 6_4 - 6_5

View Set

Ex. #21: Looking at Calendars in Different Ways OL 03

View Set

MyProgrammingLab Starting out with python ch.8

View Set