ACC 590-Exam 2 MC

An internal auditor has set an engagement objective of determining whether mailroom staff is fully used. Which of the following engagement techniques will best meet this objective? a. Inquiry of the mailroom staff. b. Inquiry of the manager overseeing the mailroom. c. Inspection of documents. d. Observation. e. Analytical review.

d. Observation.

Which of the following most completely describes the appropriate content of a workpaper? a. Audit objectives, procedures, and conclusions. b. Purpose, criteria, condition, effects, and recommendations. c. Audit subject, purpose, sampling information, and analysis. d. Purpose, procedures, facts, and conclusions/recommendations. e. Date, client, title, preparer's and reviewer's initials.

d. Purpose, procedures, facts, and conclusions/recommendations.

Which of the following is an example of "whistleblowing"? a. A clerk in the shipping department reports to an internal auditor that the plant manager has ordered goods to be taken to an offsite storage location and booked as sales just prior to the cutoff date. b. The purchasing agent of a customer reports on the company's hotline that a sales representative offered a kickback if he would increase the December order by 50%. c. An assistant controller reports to the controller that one of the divisional sales managers has asked the sales team to increase a customer's order by 10% and then accept the over- shipment as returns. d. The audit manager for the company's external audit meets with the CEO and reports that the CFO has been too aggressive in her estimates of percentages of a project completed. e. The internal audit director reports to the audit committee that the CFO has improperly capitalized significant expenditures for the last two years.

a. A clerk in the shipping department reports to an internal auditor that the plant manager has ordered goods to be taken to an offsite storage location and booked as sales just prior to the cutoff date.

In a report an internal auditor writes "Nothing has come to our attention which indicated the system of internal controls is ineffective." This is an example of: a. A negative assurance opinion. b. A positive assurance opinion. c. A declination of opinion. d. A qualified opinion. e. A clean opinion.

a. A negative assurance opinion.

The manager of a production line has the authority to order and receive replacement parts for all machinery that require periodic maintenance. The internal auditor received an anonymous tip that the manager ordered substantially more parts than were necessary from a family memberin the parts supply business. The tip said that the unneeded parts were never delivered. Instead, the manager processed receiving documents and charged the parts to machinery maintenance accounts. The payments for the undelivered parts were sent to the supplier and the money was divided between the manager and the family member. Which of the following tests would best assist the auditor in deciding whether to investigate this anonymous tip further? a. Analysis of repair parts charged to maintenance to review the reasonableness of the number of items replaced. b. Comparison of the current quarter's maintenance expense with prior-period activity. c. Physical inventory testing of replacement parts for existence and valuation. d. Review of a test sample of parts invoices for proper authorization and receipt. e. Check to see if there have been other reports about this manager, if none, do not investigate further as the report was anonymous.

a. Analysis of repair parts charged to maintenance to review the reasonableness of the number of items replaced.

Which of the following best describes an auditor's responsibility after noting some indicators of fraud? a. Expand activities to determine whether an investigation is warranted . b. Consult with external legal counsel to determine the course of action to be taken. c. Contact the organization's external auditor for assistance. d. Report the matter to the audit committee and request funding for outside specialists to help investigate the possible fraud. e. Report the possibility of fraud to senior management and ask how to proceed.

a. Expand activities to determine whether an investigation is warranted.

An audit of an organization's claims department determined that a large number of duplicate payments had been issued due to problems in the claims processing system. During the exit conference, the vice president of the claims department informed the auditors that attempts to recover the duplicate payments would be initiated immediately and that the claims processing system would be enhanced within six months to correct the problems. Based on this response, the CAE should: a. Monitor the status of corrective action and schedule a follow-up engagement when appropriate b. Not include the finding in the audit report as the issue is being addressed. c. Schedule a follow-up engagement within six months to assess the status of corrective action. d. Discuss the findings with the audit committee and ask the committee to determine the appropriate follow-up action. e. Adjust the scope of the next regularly scheduled audit of the claims department to assess controls within the claims processing system.

a. Monitor the status of corrective action and schedule a follow-up engagement when appropriate

Which of the following situations is most likely to be the subject of a written interim report to the engagement client? a. Open burning at a subsidiary plant poses a prospective violation of pollution regulations. b. Seventy percent of the planned audit work has been completed with no significant adverse observations. c. The engagement program has been expanded because of indications of possible fraud. d. One of the employees has suggested to the auditor a process change that could decrease processing time by five percent. e. The auditors have decided to substitute survey procedures for some of the planned detailed review of certain records.

a. Open burning at a subsidiary plant poses a prospective violation of pollution regulations.

Which of the following is an element of sampling risk? a. Selecting and audit procedure that is inconsistent with the audit objective. b. Concluding that internal controls are not effective when in fact they are effective based on a sample that had multiple cases of control failure. c. Failing to perform audit procedures that are required by the sampling plan. d. Forgetting to apply the finite correction factor in deterring sample size. e. Failing to detect an error on a document that has been inspected by an auditor.

b. Concluding that internal controls are not effective when in fact they are effective

Which of the following is an element of sampling risk? a. Selecting and audit procedure that is inconsistent with the audit objective. b. Concluding that internal controls are not effective when in fact they are effective based on a sample that had multiple cases of control failure. c. Failing to perform audit procedures that are required by the sampling plan. d. Forgetting to apply the finite correction factor in deterring sample size. e. Failing to detect an error on a document that has been inspected by an auditor.

b. Concluding that internal controls are not effective when in fact they are effective based on a sample that had multiple cases of control failure.

Which of the following statements about the differences between the assurance and the consulting roles of the Internal Auditor are correct? I. Internal Audit's involvement in a consulting engagement is generally at request of management. II. During consulting engagements the auditor is able to implement improvements in ERM. III. During consulting engagements internal auditors only recommends improvements, management is free to accept or reject the internal auditors' proposals. IV. Unlike assurance activities, consulting does not have to be defined in the internal audit charter. a. I and II only. b. I and III only. c. II and IV only. d. II and III only. e. III and IV only.

b. I and III only.

Policies that classify information and set access rights and usage restrictions are examples of: a. End-user controls. b. IT governance controls c. IT application controls. d. Output controls e. Processing controls.

b. IT governance controls

Recommendations should be included in audit reports to: a. Ensure that the problems are resolved in a manner acceptable to the internal auditor. b. Provide management with options for addressing audit findings. c. Minimize the amount of time required to correct audit findings. d. Establish the internal audit's credibility. e. Guarantee that audit findings are addressed, regardless of cost.

b. Provide management with options for addressing audit findings.

Internal audit reports can be structured to motivate management to correct deficiencies. Which of the following report-writing techniques is most likely to be effective? a. Point out the procedural inadequacies and resulting improprieties in specific terms. b. Suggest practical improvements to the currently used procedures after indicating the audit finding. c. Recommend changes and state the punitive measures that will follow if the recommendations are not implemented. d. List the deficiencies found so as to provide an easy-to-follow checklist. e. Direct that corrective action be taken.

b. Suggest practical improvements to the currently used procedures after indicating the audit finding.

A company has a chief privacy officer (CPO) who develops policies and conducts training to help the company comply with privacy laws and regulations. In addition to the CPO, the function has a staff of four. Two of these staff members cycle to each location to review compliance with record retention policies and to make sure any sensitive data is appropriately secure. This is an example of: a. The first line of defense. b. The second line of defense. c. The third line of defense. d. An operating control. e. A process control.

b. The second line of defense.

In a report an internal auditor writes "Nothing has come to our attention which indicated the system of internal controls is ineffective." This is an example of: a. A declination of opinion. b. A positive assurance opinion. c. A negative assurance opinion. d. A qualified opinion. e. A clean opinion.

c. A negative assurance opinion.

An internal auditor is testing purchase orders to detect possible instances of fraudulent activity by an employee. Believing the occurrence rate of fraudulent purchases to be quite low, the auditor would like to specify the probability of observing at least once irregularity if it is true the rate of fraud is greater than expected. The appropriate sampling technique for this situation is: a. Block sampling. b. Dollar-unit sampling. c. Discovery sampling. d. Acceptance sampling. e. Stop-or-go sampling.

c. Discovery sampling.

Which of the following are acceptable approaches for considering fraud while conducting internal audit activities? I. Auditing management controls over fraud. II. Designing and implementing the organization's anti fraud program III. Auditing to detect likely fraud by testing high risk processes, with the intention of looking for indicators of fraud, within the organization and with external business relationships. IV. Considering fraud as part of every audit. a. IV only. b. I and III only. c. I, III, and IV only. d. II and IV only. e. I, II, III, and IV.

c. I, III, and IV only.

Which of the following statements is correct regarding the performance of consulting activities by internal auditors? a. Consulting activities are simply an extension of the auditor's current work in providing recommendations. b. Consulting engagements that have a high potential cost savings should be undertaken before undertaking an assurance engagement identified by the annual risk assessment as a high risk but without expected cost savings. c. In consulting activities the nature and scope of services are agreed upon with the client rather than determined by the auditor. d. Consulting activities, by definition, impair the independence of the auditor and therefore should only be performed on areas the internal audit department does not plan to audit in the future. e. Consulting is a more proactive approach where the auditor takes the lead in analyzing problems, decides the best course of action, and implements solutions with assistance from management.

c. In consulting activities the nature and scope of services are agreed upon with the client rather than determined by the auditor.

How should an organization handle an anonymous accusation from an employee that a supervisor in the organization has manipulated time reports? a. Assign an internal audit staff member to review the time reports for past six months in the supervisor's area. b. Make a record of the accusation, but do nothing, as anonymous accusations are rarely true. c. Make an assessment of the facts against pre-established criteria for determining whether to investigate or not. d. Turn the issue over to the human resource department as anonymous accusation typically come from human resource problems. e. Engage an outside attorney to conduct an investigation of the allegation and prepare a report for the audit committee.

c. Make an assessment of the facts against pre-established criteria for determining whether to investigate or not.

Audit report content and format may vary; but according to The International Standards of Professional Practice of Internal Auditing which of the following is a necessary element? a. Status of findings from prior reports. b. The auditee's views about the engagement's conclusions. c. Statement of what was cover in the engagement. d. Documentation of previous oral communications with area management. e. Related activities not examined in the engagement.

c. Statement of what was cover in the engagement.

An internal audit department has been requested to perform an audit to determine whether the organization was in compliance with a particular set of laws and regulations. The audit did not reveal any issues of non-compliance but did reveal that the organization did not have an established system to ensure compliance with the applicable laws and regulations. The auditor's responsibility is to: I. Report that no significant compliance issues were noted. II. Report that the organization has a significant risk exposure because management has not established a system to ensure compliance. III. Meet with management to determine what corrective action will be taken. IV. Refer the matter to the organization's outside legal counsel for their consideration. a. I only b. I and IV only. c. II and III only d. I, II and III only. e. IV only.

d. I, II and III only.

Which of the following would typically be part of the agenda for an opening meeting? I. Discussion of business objectives, risks and key processes II. Review of the audit process and timeline III. Review of audit objectives and scope IV. Presentation by auditee of how they have addressed findings from the last audit. a. I and III only. b. II and IV only. c. II and III only d. I, II, and III only e. I, II, III, and IV.

d. I, II, and III only

Which of the following would typically be part of the agenda for an opening meeting? I. Discussion of business objectives, risks, and key processes II. Review of the audit process and timeline III. Review of audit objectives and scope IV. Presentation by auditee of how they have addressed findings from the last audit. a. I and III only. b. II and IV only. c. II and III only d. I, II, and III only e. I, II, III, and IV.

d. I, II, and III only

Which of the following is are barriers to internal auditors using data analytics in achieving engagement objective? I. Knowing what data exists and where to find it. II. Poorly defining the scope of the intended use of data analytics. III. Data analytic software is limited to the number of records it can process. IV. The effort required to cleanse and prepare data for import to the data analytic tool. a. IV only. b. II and IV only. c. I and III only d. I, II, and IV only e. I, II, III, and IV.

d. I, II, and IV only

An audit of an organization's claims department determined that a large number of duplicate payments had been issued due to problems in the claims processing system. During the exit conference, the vice president of the claims department informed the auditors that attempts to recover the duplicate payments would be initiated immediately and that the claims processing system would be enhanced within six months to correct the problems. Based on this response, the CAE should: a. Schedule a follow-up engagement within six months to assess the status of corrective action. b. Not include the finding in the audit report as the issue is being addressed. c. Discuss the findings with the audit committee and ask the committee to determine the appropriate follow-up action. d. Monitor the status of corrective action and schedule a follow-up engagement when appropriate. Schedule a follow-up engagement within six months to assess the status of corrective action. e. Adjust the scope of the next regularly scheduled audit of the claims department to assess controls within the claims processing system.

d. Monitor the status of corrective action and schedule a follow-up engagement when appropriate. Schedule a follow-up engagement within six months to assess the status of corrective action.

Which of the following is one of the seven elements that need to be present for an organization to have an effective compliance program? a. The organization use the COSO Framework for the design of its internal control system. b. The organization has an audit committee. c. The CEO and CFO must sign the organization's Code of Ethical Conduct. d. Standards are consistently enforced through appropriate discipline, including discipline of individuals responsible for failure to detect offense. e. The organization has a person appointed as General Counsel for the organization.

d. Standards are consistently enforced through appropriate discipline, including discipline of individuals responsible for failure to detect offense.

To be sufficient, audit evidence should be: a. Directly related to the engagement observation and include all of the elements of an audit finding. b. Obtained from a random sample. c. Obtained from a credible source. d. Well-documented and cross-referenced in the workpapers. e. Convincing enough for a prudent person to reach the same conclusion as the auditor.

e. Convincing enough for a prudent person to reach the same conclusion as the auditor.

The COO has requested the internal audit group advise her regarding the new incentive plan being developed for sales representatives. Which of the following tasks should the CAE decline with respect to providing advice to the COO? a. Determining how to best document the support for amounts paid to provide a sufficient audit trail. b. Researching and benchmarking incentive plans provided by other companies in the industry. c. Identify what new risks the incentive plan introduces to the organization. d. Recommending monitoring procedures so that appropriate amounts are paid out under the plan. e. Determining the appropriate bonus formula for inclusion in the plan.

e. Determining the appropriate bonus formula for inclusion in the plan.

Which of the following is true regarding entity-level controls? a. In terms of the 5 elements in the COSO model, entity-level controls occur only as part of the control environment. b. Entity-level controls are those controls set by the organization's governing body. c. Process-level controls can mitigate weaknesses in entity-level controls. d. Entity-level controls are preventive rather than detective. e. Entity-level controls operate across an entire entity.

e. Entity-level controls operate across an entire entity.

Which of the following best describes an auditor's responsibility after noting some indicators of fraud? a. Report the possibility of fraud to senior management and ask how to proceed. b. Consult with external legal counsel to determine the course of action to be taken. c. Contact the organization's external auditor for assistance. d. Report the matter to the audit committee and request funding for outside specialists to help investigate the possible fraud. e. Expand activities to determine whether an investigation is warranted.

e. Expand activities to determine whether an investigation is warranted.

Internal auditors may provide consulting services that add value and improve an organization's operations. The performance of these services: a. Precludes generation of assurance from the consulting engagement. b. Imposes no responsibility to communicate information other than to the consulting client. c. Is based on area's priority in the audit activity's risk assessment of the audit universe. d. Impairs internal auditors' objectivity with respect to an assurance service involving the same engagement client. e. Should be consistent with a type of consulting activity authorized in the internal audit charter.

e. Should be consistent with a type of consulting activity authorized in the internal audit charter.

Which of the following is a requirement of The International Standards for the Professional Practice of Internal Auditing? a. To evaluate annually the effectiveness of the audit committee. b. To obtain an annual representation from management acknowledging management's responsibility for the design and implementation of internal controls to prevent illegal acts. c. To issue annually an overall opinion on the adequacy of internal controls in the organization. d. To certify that all error or irregularities in the accounting records discovered within the fiscal year have been reported to the external auditors. e. To assess whether the information technology governance of the organization sustains and supports the organization's strategies and objectives.

e. To assess whether the information technology governance of the organization sustains and supports the organization's strategies and objectives.