cia

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

1.1.17 The purpose, authority, and responsibility of the internal audit activity are formally defined in A. The records of the proceedings of the board of directors. B. The corporate bylaws. C. The memorandum of understanding. D. A formal, written charter.

1.1.2 The proper organizational role of internal auditing is to A. Assist the external auditor to reduce external audit fees. B. Perform studies to assist in the attainment of more efficient operations. C. Serve as the investigative arm of the board. D. Serve as an independent, objective assurance and consulting activity that adds value to operations.

2.1.10 When evaluating the independence of an internal audit activity, a quality assurance review team performing an external assessment considers several factors. Which of the following factors has the least amount of influence when judging an internal audit activity's independence? A. Criteria used in making internal auditors' assignments. B. The extent of internal auditor training in communications skills. C. Relationship between engagement records and engagement communications. D. Impartial and unbiased judgments.

5.4.43 To use stratified variables sampling to evaluate a large, heterogeneous inventory, an appropriate criterion for classifying inventory items into strata is A. Monetary values. B. Number of items. C. Turnover volume. D. Storage locations.

2.5.87 Reasonable assurance should be obtained as to each prospective internal auditor's qualifications and proficiency. Which of the following is the least useful application of this principle? A. Determining that all applicants have an accounting degree. B. Obtaining college transcripts. C. Checking an applicant's references. D. Determining previous job experience.

2.2.26 Objectivity is most likely impaired by an internal auditor's A. Continuation on an engagement at a division for which (s)he will soon be responsible as the result of a promotion. B. Reduction of the scope of an engagement due to budget restrictions. C. Participation on a task force that recommends standards for control of a new distribution system. D. Review of a purchasing agent's contract drafts prior to their execution.

2.5.91 At a minimum, how often should the skills of the internal audit staff be assessed? A. Annually. B. Every 5 years. C. Quarterly. D. Semi-annually.

2.4.76 What is the most appropriate preventive measure for staff communication problems with engagement clients? A. Provide staff with sufficient training to enhance communication skills. B. Avoid unnecessary communication with engagement clients. C. Discuss communication problems with staff auditors. D. Meet with engagement clients to resolve communication problems.

1.1.16 The transportation department of a publicly held company has asked the internal audit activity to review the design specifications for a proposed new warehouse and repair facility. The best reason for the internal audit activity to decline the request is A. Such a review does not fall within the authority granted in the internal audit charter. B. The CEO and the head of the transportation department are neighbors and belong to the same social clubs. C. The internal audit activity performed a thorough review of the transportation department the previous year. D. The transportation department's budget is immaterial to the organization's total budget.

1.1.12 Under the Sarbanes-Oxley Act of 2002 (SOX), A. At least one member of the audit committee must be a financial expert. B. The chairman of the board of directors must be a financial expert. C. The audit committee must rotate at least one seat on an annual basis. D. All members of the audit committee must be financial experts.

1.1.15 Which one of the following is not included in the internal audit charter? A. Risk assessment of the internal audit activity. B. Responsibility of the internal audit activity. C. Purpose of the internal audit activity. D. Authority of the internal audit activity.

1.1.6 An internal auditor often faces special problems when performing an engagement at a foreign subsidiary. Which of the following statements is false with respect to the conduct of international engagements? A. The IIA Standards do not apply outside of the United States. B. The internal auditor should determine whether managers are in compliance with local laws. C. There may be justification for having different organizational policies in force in foreign branches. D. It is preferable to have multilingual internal auditors conduct engagements at branches in foreign nations.

1.1.7 The purpose of the internal audit activity can be best described as A. Adding value to the organization. B. Providing additional assurance regarding fair presentation of financial statements. C. Expressing an opinion on the adequate design and functioning of the system of internal control. D. Assuring the absence of any fraud that would materially affect the financial statements.

1.1.8 Which of the following best describes the purpose of the internal audit activity? A. To add value and improve an organization's operations. B. To assist management with the design and implementation of risk management and control systems. C. To examine and evaluate an organization's accounting system as a service to management. D. To monitor the organization's internal control system for the external auditors.

1.2.22 An accounting association established a code of ethics for all members. What is one of the association's primary purposes of establishing the code of ethics? A. To outline criteria for professional behavior to maintain standards of integrity and objectivity. B. To establish standards to follow for effective accounting practice. C. To provide a framework within which accounting policies could be effectively developed and executed. D. To outline criteria that can be used in conducting interviews of potential new accountants.

1.2.24 The code of ethics of a professional organization sets forth A. Broad standards of conduct for the members of the organization. B. The organizational details of the profession's governing body. C. A list of illegal activities that are proscribed to the members of the profession. D. A basis for the measurement of internal audit performance.

1.3.30 The IIA Rules of Conduct set forth in The IIA's Code of Ethics A. Describe behavior norms expected of internal auditors. B. Are guidelines to assist internal auditors in dealing with engagement clients. C. Are interpreted by the Principles. D. Apply only to particular conduct specifically mentioned.

1.3.32 In complying with The IIA's Code of Ethics, an internal auditor should A. Use individual judgment in the application of the principles set forth in the Code. B. Respect and contribute to the objectives of the organization even if it is engaged in illegal activities. C. Go beyond the limitation of personal technical skills to advance the interest of the organization. D. Primarily apply the competency principle in establishing trust.

1.4.36 An internal auditor working for a chemical manufacturer believed that toxic waste was being dumped in violation of the law. Out of loyalty to the organization, no information regarding the dumping was collected. The internal auditor A. Violated the Code of Ethics by knowingly becoming a party to an illegal act. B. Violated the Code of Ethics by failing to protect the well-being of the general public. C. Did not violate the Code of Ethics. Loyalty to the employer in all matters is required. D. Did not violate the Code of Ethics. Conclusive information about wrongdoing was not gathered.

1.4.37 Which of the following is permissible under The IIA's Code of Ethics? A. In response to a subpoena, an auditor appeared in a court of law and disclosed confidential, audit-related information that could potentially damage the auditor's organization. B. An auditor used audit-related information in a decision to buy stock issued by the employer corporation. C. After praising an employee in a recent audit engagement communication, an auditor accepted a gift from the employee. D. An auditor did not report significant observations about illegal activity to the board because management indicated that it would resolve the issue.

1.4.38 The IIA's Code of Ethics requires internal auditors to perform their work with A. Honesty, diligence, and responsibility. B. Timeliness, sobriety, and clarity. C. Knowledge, skills, and competencies. D. Punctuality, objectivity, and responsibility.

1.4.39 Which situation is most likely a violation of The IIA's Code of Ethics? A. Reporting apparent violations of antitrust statutes by officers to government regulators. B. Cooperating with the government's criminal investigation of the organization. C. Reporting apparent violations of antitrust statutes by officers to the board of directors. D. Immediately reporting a violent crime observed at work to local law enforcement agencies.

1.5.40 In applying the Rules of Conduct set forth in The IIA's Code of Ethics, internal auditors are expected to A. Not be unduly influenced by their own interests in forming judgments. B. Compare them with standards of other professions. C. Be guided by the desires of the engagement client. D. Use discretion in deciding whether to use them.

1.5.45 During an engagement performed at a manufacturing division of a defense contractor, the internal auditor discovered that the organization apparently was inappropriately adding costs to a cost-plus governmental contract. The internal auditor discussed the matter with senior management, who suggested that the internal auditor seek an opinion from legal counsel. Upon review, legal counsel indicated that the practice was questionable but was not technically in violation of the government contract. Based on legal counsel's decision, the internal auditor decided to omit any discussion of the practice in the final engagement communication sent to senior management and the board. However, the internal auditor did informally communicate legal counsel's decision to senior management. Did the internal auditor violate The IIA's Code of Ethics? A. No. The internal auditor followed up the matter with appropriate personnel within the organization and reached a conclusion that no fraud was involved. B. No. If a fraud is suspected, it should be resolved at the divisional level where it is taking place. C. Yes. It is a violation because all important information, even if resolved, should be reported to the board. D. Yes. Internal legal counsel's opinion is not sufficient. The internal auditor should have sought advice from outside legal counsel.

1.5.46 An internal auditor discovered some material inefficiencies in a purchasing function. The purchasing manager is the internal auditor's next-door neighbor and best friend. In accordance with The IIA's Code of Ethics, the internal auditor should A. Objectively include the facts of the case in the engagement communications. B. Not report the incident because of loyalty to the friend. C. Include the facts of the case in a special communication submitted only to the friend. D. Not report the friend unless the activity is illegal.

1.5.49 Internal auditors should be prudent in their relationships with persons and organizations external to their employers. Which of the following activities will most likely not adversely affect internal auditors' ethical behavior? A. Accepting compensation from professional organizations for consulting work. B. Serving as consultants to competitor organizations. C. Serving as consultants to suppliers. D. Discussing engagement plans or results with external parties.

1.5.50 An internal auditor has been assigned to an engagement at a foreign subsidiary. The internal auditor is aware that the social climate of the country is such that "facilitating payments" (bribes) are an accepted part of doing business. The internal auditor has completed the engagement and has found significant weaknesses relating to important controls. The subsidiary's manager offers the internal auditor a substantial "facilitating payment" to omit the observations from the final engagement communication with a provision that the internal auditor could revisit the subsidiary in 6 months to verify that the problem areas have been properly addressed. The internal auditor should A. Not accept the payment because such acceptance is in conflict with the Code of Ethics. B. Not accept the payment, but omit the observations as long as a verification visit is made in 6 months. C. Accept the offer because it is consistent with the ethical concepts of the country in which the subsidiary is doing business. D. Accept the payment because it has the effect of doing the greatest good for the greatest number; the internal auditor is better off, the subsidiary is better off, and the organization is better off because there is strong motivation to correct the deficiencies.

1.5.56 During an engagement, an employee with whom you have developed a good working relationship informs you that she has some information about senior management that is damaging to the organization and may concern illegal activities. The employee does not want her name associated with the release of the information. Which of the following actions is considered to be inconsistent with The IIA's Code of Ethics and the Standards? A. Assure the employee that you can maintain her anonymity and listen to the information. B. Suggest that the employee consider talking to legal counsel. C. Inform the employee that you will attempt to keep the source of the information confidential and will look into the matter further. D. Inform the employee of other methods of communicating this type of information.

1.5.58 Through an engagement performed at the credit department, the chief audit executive (CAE) became aware of a material misstatement of the year-end accounts receivable balance. The external auditors have completed their engagement without detecting the misstatement. What should the CAE do in this situation? A. Inform the external auditors of the misstatement. B. Report the misstatement to management when the external auditors present a report. C. Exclude the misstatement from the final engagement communication because the external auditors are responsible for expressing an opinion on the financial statements. D. Perform additional engagement procedures on accounts receivable balances to benefit the external auditors.

1.5.60 An internal auditor has been assigned to an engagement to evaluate a possible acquisition. Coincidentally, a significant portion of this internal auditor's personal investment portfolio is composed of the target organization's stock. What is the internal auditor's preferable course of action in this situation based on The IIA's Code of Ethics? A. Acquaint the chief audit executive with the situation and ask to be assigned to another audit. B. Acquaint the chief audit executive with the situation and offer assurance that it will have no impact on objectivity. C. Proceed with the audit because the personal investments are not an issue. D. Proceed with the audit because the investment is insignificant relative to the whole of the target company's stock.

1.5.62 Which of the following actions could be construed as a violation of The IIA's Code of Ethics? A. Failing to report to management information that would be material to management's judgment. B. Expressing an opinion on internal financial statements. C. Turning a case over to the security department when an internal auditor suspects fraud but has no proof. D. Including an internal control problem in a final engagement communication when it has been corrected prior to completion of the engagement.

1.5.63 During an engagement, an internal auditor learned that certain individuals in the organization were involved in industrial espionage for the benefit of the organization. According to The IIA's Code of Ethics, what is the internal auditor's proper course of action? A. Report the facts to the appropriate individuals within the organization. B. No action is required because this condition is not detrimental to the organization. C. Note the condition in the working papers but refrain from reporting it because it benefits the organization. D. Report the condition to the appropriate governmental regulatory agency.

1.5.67 An internal auditor may receive which of the following without violating The IIA's Code of Ethics? A. A pen received from the sales manager of a subsidiary with the imprinted name of the organization's product and a phone number. B. A dinner and baseball tickets from the manager of a department being reviewed. The tickets are usually made available to employees of that department. C. A dinner and baseball tickets from the manager of a department that has never been reviewed and for which there are no plans for a future engagement. The tickets are usually made available to employees of that department. D. A bottle of whiskey from the organization's treasurer.

2.1.19 A charter is being drafted for a newly formed internal audit activity. Which of the following best describes an appropriate organizational position to be incorporated into the charter? A. The chief audit executive reports to the chief executive officer but has access to the board. B. The chief audit executive is a member of the board. C. The chief audit executive is a staff officer reporting to the chief financial officer. D. The chief audit executive reports to an administrative vice president.

2.1.6 The reporting relationship within the organization's management structure that facilitates the day-to-day operations of the internal audit activity is A. Administrative reporting. B. Financial reporting. C. Management reporting. D. Functional reporting.

1.5.72 The chief audit executive (CAE) of a mid-sized internal audit activity was concerned that management might outsource the internal auditing function. Thus, the CAE adopted a very aggressive program to promote the internal audit activity within the organization. The CAE planned to present the results to senior management and the board and recommend modification of the internal audit activity's charter after using the new program. The following lists six actions the CAE took to promote a positive image within the organization: 1 Engagement assignments concentrated on efficiency. The engagements focused solely on cost savings, and each engagement communication highlighted potential costs to be saved. Negative observations were omitted. The focus on efficiency was new, but the engagement clients seemed very happy. 2 Drafts of all engagement communications were carefully reviewed with the engagement clients to get their input. Their comments were carefully considered when developing the final engagement communication. 3 The information technology internal auditor participated as part of a development team to review the control procedures to be incorporated into a major computer application under development. 4 Given limited resources, the engagement manager performed a risk assessment to establish engagement work schedule priorities. This was a marked departure from the previous approach of ensuring that all operations are evaluated on at least a 3year interval. 5 To save time, the CAE no longer required that a standard internal control questionnaire be completed for each engagement. 6 When the internal auditors found that the engagement client had not developed specific criteria or data to evaluate operations, the internal auditors were instructed to perform research, develop specific criteria, review the criteria with the engagement client, and, if acceptable, use them to evaluate the engagement client's operations. If the engagement client disagreed with the criteria, a negotiation took place until acceptable criteria could be agreed upon. The engagement communication commented on the engagement client's operations in conjunction with the agreed-upon criteria. Which of the following elements of Action 1 taken by the CAE would be considered inappropriate? I. The type of engagements was changed before modifying the internal audit activity's charter and going to the audit committee. II. Negative observations were omitted from the engagement communications. Cost savings and recommendations were highlighted in the engagement communication. I and II. I and III. I only. II and III.

1.6.73 Which of the following is permissible under The IIA's Code of Ethics? A. Disclosing confidential, engagement-related information that is potentially damaging to the organization in response to a court order. B. Using engagement-related information in a decision to buy an ownership interest in the employer organization. C. Accepting an unexpected gift from an employee whom the internal auditor has praised in a recent engagement communication. D. Not reporting significant observations and recommendations about illegal activity to the board because management has indicated it will address the issue.

1.6.74 Which situation most likely violates The IIA's Code of Ethics and the Standards? A. The chief audit executive (CAE) disagrees with the engagement client about the observations and recommendations in a sensitive area. The CAE discusses the detail of the observations and the proposed recommendations with a fellow CAE from another organization. B. An organization's charter for the internal audit activity requires the chief audit executive (CAE) to present the yearly engagement work schedule to the board for its approval and suggestions. C. The engagement manager has removed the most significant observations and recommendations from the final engagement communication. The in-charge internal auditor opposed the removal, explaining that (s)he knows the reported conditions exist. The in-charge internal auditor agrees that, technically, information is not sufficient to support the observations, but management cannot explain the conditions, and the observations are the only reasonable conclusions. D. Because the internal audit activity lacks skill and knowledge in a specialty area, the chief audit executive (CAE) has hired an expert. The engagement manager has been asked to review the expert's approach to the assignment. Although knowledgeable about the area under review, the manager is hesitant to accept the assignment because of lack of expertise.

1.7.87 Why does The IIA's Code of Ethics in Rule of Conduct 4.2 require that due professional care be used in obtaining information to support an engagement opinion? A. Sufficient, reliable, relevant, and useful information lends credibility to the opinion. B. To preclude any conflict of interest. C. To require honesty in performing work. D. If internal auditors were permitted to communicate engagement results without obtaining sufficient information, they would be in a position to accept fees or gifts from engagement clients.

1.8.93 Internal auditing has planned an engagement to evaluate the effectiveness of the quality assurance function as it affects the receipt of goods, the transfer of the goods into production, and the scrap costs related to defective items. The engagement client argues that such an engagement is not within the scope of the internal audit activity and should come under the purview of the quality assurance department only. What is the most appropriate response? A. Refer to the internal audit activity's charter and the approved engagement plan that includes the area designated for evaluation in the current time period. B. Because quality assurance is a new function, seek the approval of management as a mediator to set the scope of the engagement. C. Indicate that the engagement will evaluate the function only in accordance with the standards set by, and approved by, the quality assurance function before beginning the engagement. D. Terminate the engagement because it will not be productive without the client's cooperation.

1.8.94 The chief audit executive has assigned an internal auditor to perform a year-end engagement to evaluate payroll records. The internal auditor has contacted the director of compensation and has been refused access to necessary documents. To avoid this problem, A. Access to records relevant to performance of engagements should be specified in the internal audit activity's charter. B. Internal auditing should be required to report to the CEO of the organization. C. By following the long-range planning process, access to all relevant records should be guaranteed. D. Board approval should be required for all scope limitations.

1.8.95 The organizational position of the internal audit activity should be free from the effects of irresponsible policy changes by management. The most effective way to ensure that freedom is to A. Have the internal audit charter approved by the board. B. Adopt policies for the functioning of the internal audit activity. C. Establish an audit committee within the board. D. Develop written policies and procedures to serve as standards of performance for the internal audit activity.

2.1.15 The organizational level to which the internal audit activity reports A. Must be sufficient to permit the accomplishment of the activity's responsibilities. B. Is best when the reporting relationship is direct to the board of directors. C. Requires only the board's annual approval of the engagement work schedule, staffing plan, and financial budget. D. Is guaranteed when the charter specifically defines the activity's independence.

2.2.35 Which of the following most seriously compromises confidence in the internal audit activity? A. Internal auditors frequently draft revised procedures for departments whose procedures have been criticized in an engagement communication. B. The chief audit executive has dual reporting responsibility to the organization's chief executive officer and the board of directors. C. The internal audit activity and the organization's external auditors engage in joint planning of total engagement coverage to avoid duplicating each other's work. D. The internal audit activity is included in the review cycle of the organization's contracts with other organizations before the contracts are executed.

2.2.39 Internal auditors should be objective. Objectivity A. Requires internal auditors not to subordinate their judgment on audit matters to that of others. B. Is required only in assurance engagements. C. Is freedom from threats to the ability to perform audit work without bias. D. Prohibits internal auditors from providing consulting services relating to operations for which they had previous responsibility.

2.2.46 Which of the following actions is required of the CAE and internal auditors themselves in regard to the objectivity of internal auditors? A. Maintain. B. Delegate. C. Enhance. D. Promote.

2.3.55 A multinational organization has an agreement with a value-added network (VAN) that provides the encoding and communications transfer for the organization's electronic data interchange (EDI) and electronic funds transfer (EFT) transactions. Before transfer of data to the VAN, the organization performs online preprocessing of the transactions. The internal auditor is responsible for assessing preprocessing controls. In addition, the agreement between the organization and the VAN states that the internal auditor is allowed to examine and report on the controls in place at the VAN on an annual basis. The contract specifies that access to the VAN can occur on a surprise basis during the second or third quarter of the fiscal year. This period was chosen so it would not interfere with processing during the VAN's peak transaction periods. This provision was not reviewed with internal auditing. The annual engagement work schedule approved by the board of directors specifies that a full review would be done during the current year. When the internal auditor called to arrange the annual control review during the third quarter, the VAN stated that it could not accommodate the internal auditor because the peak processing period started earlier than normal this year and all VAN personnel were occupied. This scope limitation, along with its potential effect, must be communicated to which one of the following? A. The organization's board of directors. B. The board of directors of the VAN. C. The board of directors of both the organization and the VAN. D. The limitation does not need to be communicated at the board of directors level.

2.3.58 Independence is freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner. Which policy best promotes independence? A. Requiring internal auditors to report to the chief audit executive any conflicts of interest or bias. B. Preventing the internal audit activity from recommending standards of control for systems that it evaluates. C. Allowing engagements concerning sensitive operations to be outsourced. D. Preventing personnel transfers from operating activities to the internal audit activity.

2.3.59 An internal auditor has recently received an offer from the manager of the marketing department of a weekend's free use of his beachfront condominium. No engagement is currently being conducted in the marketing department, and none is scheduled. The internal auditor A. Should reject the offer and report it to the appropriate supervisor. B. May accept the offer because its value is immaterial. C. May accept the offer because no engagement is being conducted or planned. D. May accept the offer if approved by the appropriate supervisor.

2.3.61 An internal audit activity is currently undergoing its first external quality assurance review since its formation 3 years ago. From interviews, the review team is informed of certain internal auditor activities over the past year. Which of the following activities could affect the quality assurance review team's evaluation of the objectivity of the internal auditors? A. One internal auditor told the review team that, during an engagement to review the payroll function, the payroll manager approached the auditor. The manager indicated the need for an accountant to prepare financial statements for the manager's part-time business. The internal auditor agreed to perform this work for a reduced fee during non-work hours. B. During an engagement to review the construction of a building addition to the organization's headquarters, the vice president of facilities management gave the internal auditor a commemorative mug with the organization's logo. These mugs were distributed to all employees present at the ground-breaking ceremony. C. After reviewing the installation of a data processing system, the internal auditor made recommendations on standards of control. Three months after completion of the engagement, the engagement client requested the internal auditor's review of certain procedures for adequacy. The internal auditor agreed and performed this review. D. An internal auditor's participation was requested on a task force to reduce the organization's inventory losses from theft and shrinkage. This is the first consulting assignment undertaken by the internal audit activity. The internal auditor's role is to advise the task force on appropriate control procedures.

2.4.67 The internal audit activity collectively must possess or obtain certain competencies, including proficiency in A. Internal audit procedures and techniques. B. Accounting principles and techniques. C. Management principles. D. Marketing techniques.

2.4.72 Internal auditors must possess the knowledge, skills, and other competencies essential to the performance of their individual responsibilities. Consequently, all internal auditors should be proficient in applying A. Internal auditing standards. B. Quantitative methods. C. Management principles. D. Structured systems analysis.

2.4.75 Internal auditors must have the knowledge, skills, and other competencies needed to perform their individual responsibilities. Which of the following properly describes the level of knowledge, skill, or other competency required? Internal auditors must have A. Proficiency in applying internal auditing standards and procedures without extensive recourse to technical research and assistance. B. Proficiency in applying knowledge of accounting and information technology to specific or potential problems. C. An understanding of broad techniques used in supporting and developing engagement observations and the ability to research the proper procedures to be used in any engagement situation. D. A broad appreciation of accounting principles and techniques during engagements involving the financial records and reports of the organization.

2.6.99 With regard to the exercise of due professional care, an internal auditor should A. Consider the relative materiality or significance of matters to which assurance procedures are applied. B. Emphasize the potential benefits of an engagement without regard to the cost. C. Consider whether criteria have been established to determine whether goals are achieved, not whether those criteria are adequate. D. Select procedures that are likely to provide absolute assurance that irregularities do not exist.

2.7.114 The chief audit executive should develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity and continuously monitors its effectiveness. All of the following are included in a quality program except A. Annual appraisals of individual internal auditors' performance. B. Periodic internal assessment. C. Supervision. D. Periodic external assessments.

2.7.115 Assessment of a quality assurance and improvement program should include evaluation of all of the following except A. Adequacy of the oversight of the work of external auditors. B. Conformance with the Standards and Code of Ethics. C. Adequacy of the internal audit activity's charter. D. Contribution to the organization's governance processes.

2.8.119 Internal auditors may report that their activities conform with the Standards. They may use this statement only if A. It is supported by the results of the quality program. B. An independent external assessment of the internal audit activity is conducted annually. C. Senior management or the board is accountable for implementing a quality program. D. External assessments of the internal audit activity are made by external auditors.

2.9.125 As a part of a quality program, internal assessment teams most likely will examine which of the following to evaluate the quality of engagement planning and documentation for individual engagements? A. Written engagement work programs. B. Project assignment documentation. C. Weekly status reports. D. The long-range engagement work schedule.

2.9.130 The interpretation related to quality assurance given by the Standards is that A. External assessments can provide senior management and the board with independent assurance about the quality of the internal audit activity. B. Appropriate follow-up to an external assessment is the responsibility of the chief audit executive's immediate supervisor. C. The internal audit activity is primarily measured against The IIA's Code of Ethics. D. Supervision is limited to the planning, examination, evaluation, communication, and follow-up process.

3.1.2 Controls provide assurance to management that desired actions will be accomplished when objectives are established in writing and A. Standards are adopted, results are compared with the standards, and corrective actions are undertaken. B. Are communicated to employees in writing and are updated by operating personnel as conditions change. C. Policies and procedures for activities are set out in manuals for use by properly trained personnel. D. Internal reviews as to the propriety and effectiveness of the objectives are undertaken on a periodic basis by the internal audit activity.

3.1.5 Which of the following best defines control? A. Control is the result of proper planning, organizing, and directing by management. B. Controls are statements of what the organization chooses to accomplish. C. Control is provided when cost-effective measures are taken to restrict deviations to a tolerable level. D. Control accomplishes objectives and goals in an accurate, timely, and economical fashion.

3.1.7 Specific airline ticket information, including fare, class, purchase date, and lowest available fare options, as prescribed in the organization's travel policy, is obtained and reported to department management when employees purchase airline tickets from the organization's authorized travel agency. Such a report provides information for A. Quality of performance in relation to the organization's travel policy. B. Identifying costs necessary to process employee business expense report data. C. Departmental budget-to-actual comparisons. D. Supporting employer's business expense deductions.

3.2.10 The requirement that purchases be made from suppliers on an approved vendor list is an example of a A. Preventive control. B. Detective control. C. Corrective control. D. Monitoring control.

3.2.11 Controls that are designed to provide management with assurance of the realization of specified minimum gross margins on sales are A. Directive controls. B. Preventive controls. C. Detective controls. D. Output controls.

3.2.12 The procedure requiring preparation of a prelisting of incoming cash receipts, with copies of the prelist going to the cashier and to accounting, is an example of which type of control? A. Preventive. B. Corrective. C. Detective. D. Directive.

3.2.14 An organization's policies and procedures are part of its overall system of internal controls. The control function performed by policies and procedures is A. Feedforward control. B. Implementation control. C. Feedback control. D. Application control.

3.2.17 As part of a total quality control program, a firm not only inspects finished goods but also monitors product returns and customer complaints. Which type of control best describes these efforts? A. Feedback control. B. Feedforward control. C. Production control. D. Inventory control.

3.2.22 Which of the following is an operating control relating to management's directing function? A. Informing purchasing personnel of the future need for long-lead-time products in ample time. B. Supplying buyers with timely, accurate, and useful reports on products received, accepted, or rejected. C. Prescribing formal procedures for selecting potential suppliers. D. Establishing measurable goals for the department.

3.2.24 An adequate and effective system of internal control provides reasonable assurance that objectives will be achieved. Controls may be preventive, detective, or directive. Which of the following is a detective control for the procurement function? A. Goods received are counted and compared with quantities on purchase order and receiving reports. B. The procurement function is organizationally separate from receiving, disbursing, and accounting. C. Review and approval of each procurement action is required prior to the final issuance of a purchase order. D. Prenumbered standard purchase order forms include all relevant terms required to be used in all applicable instances.

3.3.29 An organization has grown rapidly and has just automated its human resource system. The organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, ethnic code, age, insurance, medical protection, and other similar information. Management has asked the internal audit activity to review the new system. An employee in the payroll department is contemplating a fraud involving the addition of a fictitious employee and the entry of fictitious hours worked. The paycheck would then be sent to the payroll employee's home address. The most effective control procedure to prevent this type of fraud is to require that A. A report of all new employees added be approved by someone outside of the payroll department. Also, a report showing all employees and hours worked should be sent to the supervisor's department for review. B. All new employees and their hours worked be entered by the human resources department. C. All changes to employee records be approved by supervisors outside of both human resources and payroll. D. The payroll department physically delivers paychecks to employees rather than mailing them.

3.3.31 Internal control should follow certain basic principles to achieve its objectives. One of these principles is the segregation of functions. Which one of the following examples does not violate the principle of segregation of functions? A. The treasurer has the authority to sign checks but gives the signature block to the assistant treasurer to run the check-signing machine. B. The warehouse clerk, who has the custodial responsibility over inventory in the warehouse, may authorize disposal of damaged goods. C. The sales manager has the responsibility to approve credit and the authority to write off accounts. D. The department time clerk is given the undistributed payroll checks to mail to absent employees.

3.3.36 An internal auditor noted that the accounts receivable department is separate from other accounting activities. Credit is approved by a separate credit department. Control accounts and subsidiary ledgers are balanced monthly. Similarly, accounts are aged monthly. The accounts receivable manager writes off delinquent accounts after 1 year, or sooner if a bankruptcy or other unusual circumstances are involved. Credit memoranda are prenumbered and must correlate with receiving reports. Which of the following areas could be viewed as an internal control weakness of the above organization? A. Write-offs of delinquent accounts. B. Credit approvals. C. Monthly aging of receivables. D. Handling of credit memos.

3.3.37 Which of the following controls would prevent the ordering of quantities in excess of an organization's needs? A. Review of all purchase requisitions by a supervisor in the user department prior to submitting them to the purchasing department. B. Automatic reorder by the purchasing department when low inventory level is indicated by the system. C. A policy requiring review of the purchase order before receiving a new shipment. D. A policy requiring agreement of the receiving report and packing slip before storage of new receipts.

3.3.40 Which of the following activities performed by a payroll clerk is a control weakness rather than a control strength? A. Has custody of the check signature stamp machine. B. Prepares the payroll register. C. Forwards the payroll register to the chief accountant for approval. D. Draws the paychecks on a separate payroll checking account.

3.3.44 Which of the following controls would help prevent overpaying a vendor? A. Reviewing and canceling supporting documents when a check is issued. B. Requiring the check signer to mail the check directly to the vendor. C. Reviewing the accounting distribution for the expenditure. D. Approving the purchase before ordering from the vendor.

3.3.47 Which of the following ensures that all inventory shipments are billed to customers? A. Shipping documents are prenumbered and are independently accounted for and matched with sales invoices. B. Sales invoices are prenumbered and are independently accounted for and traced to the sales journal. C. Duties for recording sales transactions and maintaining customer account balances are separated. D. Customer billing complaints are investigated by the controller's office.

3.3.51 An organization has computerized sales and cash receipts journals. The computer programs for these journals have been properly debugged. The internal auditor discovered that the total of the accounts receivable subsidiary accounts differs materially from the accounts receivable control account. This discrepancy could indicate A. Credit memoranda being improperly recorded. B. Receivables being lapped. C. Receivables not being properly aged. D. Statements being intercepted prior to mailing.

3.3.52 An internal auditor noted that several shipments were not billed. To prevent recurrence of such nonbilling, the organization should A. Numerically sequence and independently account for all controlling documents (such as packing slips and shipping orders) when sales journal entries are recorded. B. Undertake a validity check with customers as to orders placed. C. Release product for shipment only on the basis of credit approval by the credit manager or other authorized person. D. Undertake periodic tests of gross margin rates by product line and obtain explanations of significant departures from planned rates.

3.3.53 A preliminary survey of the purchasing function indicates that Department managers initiate purchase requests that must be approved by the plant superintendent, Purchase orders are typed by the purchasing department using prenumbered and controlled forms, Buyers regularly update the official vendor listing as new sources of supply become known, Rush orders can be placed with a vendor by telephone but must be followed by a written purchase order before delivery can be accepted, and Vendor invoice payment requests must be accompanied by a purchase order and receiving report. One possible fault of this system is that A. Purchases could be made from a vendor controlled by a buyer at prices higher than normal. B. Unnecessary supplies can be purchased by department managers. C. Payment can be made for supplies not received. D. Payment can be made for supplies received but not ordered by the purchasing department.

3.4.65 An organization's directors, management, external auditors, and internal auditors all play important roles in creating a proper control environment. Senior management is primarily responsible for A. Establishing a proper organizational culture and specifying a system of internal control. B. Designing and operating a control system that provides reasonable assurance that established objectives and goals will be achieved. C. Ensuring that external and internal auditors adequately monitor the control environment. D. Implementing and monitoring controls designed by the board of directors.

3.4.67 The marketing department for a major retailer assigns separate product managers for each product line. Product managers are responsible for ordering products and determining retail pricing. Each product manager's purchasing budget is set by the marketing manager. Products are delivered to a central distribution center where goods are segregated for distribution to the company's 52 department stores. Because receipts are recorded at the distribution center, the company does not maintain a receiving function at each store. Product managers are evaluated on a combination of sales and gross profit generated from their product lines. Many products are seasonal and individual store managers can require that seasonal products be removed to make space for the next season's products. Requests for purchases beyond those initially budgeted must be approved by the marketing manager. This procedure I. Should provide for the most efficient allocation of scarce organizational resources. II. Is a detective control procedure. III. Is unnecessary because each product manager is evaluated on profit generated. A. I only. B. III only. C. II and III only. D. I, II, and III.

3.4.69 An internal auditor notes year-to-year increases for small tool expense at a manufacturing facility that has produced the same amount of identical product for the last 3 years. Production inventory is kept in a controlled staging area adjacent to the receiving dock, but the supply of small tools is kept in an unsupervised area near the exit to the plant employees' parking lot. After determining that all of the following alternatives are equal in cost and are also feasible for local management, the internal auditor would best address the security issue by recommending that plant management A. Move the small tools inventory to the custody of the production inventory staging superintendent and implement the use of a special requisition to issue small tools. B. Initiate a full physical inventory of small tools on a monthly basis. C. Place supply of small tools in a secured area, install a key-access card system for all employees, and record each key-access transaction on a report for the production superintendent. D. Close the exit to the employee parking lot and require all plant employees to use a doorway by the receiving dock that also provides access to the plant employees' parking area.

3.4.70 Which of the following control procedures does an internal auditor expect to find during an engagement to evaluate risk management and insurance? A. Periodic internal review of the in-force list to evaluate the adequacy of insurance coverage. B. Required approval of all new insurance policies by the organization's CEO. C. Policy of repetitive standard journal entries to record insurance expense. D. Cutoff procedures with regard to insurance expense reporting.

3.4.77 To minimize the risk that agents in the purchasing department will use their positions for personal gain, the organization should A. Rotate purchasing agent assignments periodically. B. Request internal auditors to confirm selected purchases and accounts payable. C. Specify that all items purchased must pass value-per-unit-of-cost reviews. D. Direct the purchasing department to maintain records on purchase prices paid, with review of such being required each 6 months.

3.4.79 When a supplier of office products is unable to fill an order completely, it marks the out-of-stock items as back ordered on the customer's order and enters these items in a back order file that management can view or print. Customers are becoming disgruntled with the supplier because it seems unable to keep track of and ship out-ofstock items as soon as they are available. The best approach for ensuring prompt delivery of out-of-stock items is to A. Match the back order file to goods received daily. B. Increase inventory levels to minimize the number of times that out-of-stock conditions occur. C. Implement electronic data interchange with supply vendors to decrease the time to replenish inventory. D. Reconcile the sum of filled and back orders with the total of all orders placed daily.

3.4.82 Appropriate internal control for a multinational corporation's branch office that has a monetary transfer unit requires that A. The individual who initiates wire transfers not reconcile the bank statement. B. The branch manager receive all wire transfers. C. Foreign currency rates be computed separately by two different employees. D. Corporate management approve the hiring of monetary transfer unit employees.

3.4.83 An internal auditor is assigned to perform an engagement to evaluate the organization's insurance program, including the appropriateness of the approach to minimizing risks. The organization self-insures against large casualty losses and health benefits provided for all its employees. The organization is a large national firm with over 15,000 employees located in various parts of the country. It uses an outside claims processor to administer its healthcare program. The organization's medical costs have been rising by approximately 8% per year for the past 5 years, and management is concerned with controlling these costs. The healthcare processor wishes to implement controls that would help prevent fraud by dentists who are submitting billings for services not provided. Assume further that all the claims are submitted electronically to the healthcare processor. Which of the following control procedures would be the most effective? A. Develop a program that identifies procedures performed on an individual in excess of expectations based on the age of the employee, whether a similar procedure was performed recently, or the average cost per claim. B. Require all submitted claims to be accompanied by a signed statement by the dentist testifying that the claimed procedures were performed. C. Send confirmations to the dentists requesting them to confirm the exact nature of the claims submitted to the healthcare processor. D. Develop an integrated test facility and submit false claims to verify that the system is detecting such claims on a consistent basis.

3.4.85 Which of the following control procedures provides the greatest assurance that all donations to a not-for-profit organization are immediately deposited to the organization's account? A. Use a lockbox to receive all donations. B. Perform periodic reviews of the organization's cash receipts by tracing deposits to the original posting in the cash receipts records. C. Require that all donations be made by check. D. Require issuance of a confirmation receipt to all donors, with the receipt issued by the person who opens and deposits the cash receipts.

3.4.87 During an engagement involving a construction contract, the internal auditor discovered that the contractor was being paid for each ton of dirt removed. The contract called for payment based on cubic yards removed. Which internal control might have prevented this error? A. Comparison of invoices with purchase orders or contracts. B. Comparison of invoices with receiving reports. C. Comparison of actual costs with budgeted costs. D. Extension checks of invoice amounts.

3.4.92 An employee should not be able to visit the organization's safe deposit box containing investment securities without being accompanied by another employee. What would be a possible consequence of an employee's being able to visit the safe deposit box unaccompanied? A. The employee could pledge organizational investments as security for a short-term personal bank loan. B. The employee could steal securities and the theft would never be discovered. C. It would be impossible to obtain a fidelity bond on the employee. D. There would be no record of when organizational personnel visited the safe deposit box.

3.4.95 To minimize potential financial losses associated with physical assets, the assets should be insured in an amount that is A. Supported by periodic appraisals. B. Determined by the board of directors. C. Automatically adjusted by an economic indicator such as the consumer price index. D. Equal to the book value of the individual assets.

3.4.97 Which of the following describes a control weakness? A. Purchasing procedures are well designed and are followed unless otherwise directed by the purchasing supervisor. B. Prenumbered blank purchase orders are secured within the purchasing department. C. Normal operational purchases fall in the range from US $500 to US $1,000 with two signatures required for purchases over US $1,000. D. The purchasing agent invests in a publicly traded mutual fund that lists the stock of one of the organization's suppliers in its portfolio.

4.1.14 Management has a role in the maintenance of control. In fact, management sometimes is a control. Which of the following most likely involves managerial functions as a control? A. Monitoring performance. B. Board approval of the charter of the internal audit activity. C. Maintenance of a quality assurance program. D. Establishment of an internal audit activity.

4.1.4 In regard to The IIA's Electronic Systems Assurance and Control study, which of the following is not a business assurance objective? A. Recordability. B. Capability. C. Protectability. D. Functionality.

4.1.5 Which of the following statements I. A bonus system should be considered part of the control environment of an organization and should be considered in formulating a report on internal control. II. Compensation systems are not part of an organization's control system and should not be reported as such. An audit of an organization's compensation system should be performed independently of an audit of the control system over other functions that impact corporate bonuses. I only. II only. III only. II and III only.

4.1.7 An organization's directors, management, external auditors, and internal auditors all play important roles in creating a proper control environment. Senior management is primarily responsible for A. Establishing a proper organizational culture and specifying a system of internal control. B. Designing and operating a control system that provides reasonable assurance that established objectives and goals will be achieved. C. Ensuring that external and internal auditors adequately monitor the control environment. D. Implementing and monitoring controls designed by the board of directors.

4.2.21 Components of enterprise risk management (ERM) are integrated with the management process. Which of the following correctly states four of the eight components of ERM according to the COSO's framework? A. Event identification, risk assessment, control activities, and objective setting. B. Internal environment, risk responses, monitoring, and risk minimization. C. External environment, information and communication, monitoring, and event identification. D. Objective setting, response to opportunities, risk assessment, and control activities.

4.2.26 The internal auditors are assessing the risk of fraud involving senior management. An impact factor is A. Nonretention of customers. B. Inadequacy of internal controls. C. Unusual transactions. D. Potential override of internal controls.

4.2.28 Under the COSO's ERM framework, which of the following most accurately describes risk management responsibilities? A. In practice, management has primary responsibility. B. The internal audit activity has an oversight role. C. The board provides assurance about the effectiveness of ERM. D. The chief audit executive should serve as chief risk officer.

4.3.32 The primary reason that a bank would maintain a separate compliance function is to A. Better manage perceived high risks. B. Strengthen controls over the bank's investments. C. Ensure the independence of line and senior management. D. Better respond to shareholder expectations.

4.3.41 Which of the following may be assessed by the internal auditor to determine the effectiveness of the risk management process? I. Significant risks II. Ongoing monitoring activities . Previous risk evaluation reports by management, internal auditors, external auditors, and any other sources . I and II only. . I and III only. . II and III only. . I, II, and III.

5.4.44 Which one of the following is not an important consideration in determining the appropriate sample size? A. Whether the sample is designed to estimate a mean or a proportion. B. The amount of variability in the population under study. C. The sensitivity of the decision using this sample to errors of estimation. D. The cost per sample observation.

4.4.49 In the course of their work, internal auditors must be alert for fraud and other forms of white-collar crime. The important characteristic that distinguishes fraud from other varieties of white-collar crime is that A. Fraud is characterized by deceit, concealment, or violation of trust. B. Unlike other white-collar crimes, fraud is always perpetrated against an outside party. C. White-collar crime is usually perpetrated for the benefit of an organization, but fraud benefits an individual. D. White-collar crime is usually perpetrated by outsiders to the detriment of an organization, but fraud is perpetrated by insiders to benefit the organization.

4.4.53 One factor that distinguishes fraud from other employee crimes is that fraud involves A. Intentional deception. B. Personal gain for the perpetrator. C. Collusion with a party outside the organization. D. Malicious motives.

4.4.54 In an organization with a separate division that is primarily responsible for the prevention of fraud, the internal audit activity is responsible for A. Examining and evaluating the adequacy and effectiveness of that division's actions taken to prevent fraud. B. Establishing and maintaining that division's system of internal control. C. Planning that division's fraud prevention activities. D. Controlling that division's fraud prevention activities.

4.4.64 Internal auditors are more likely to detect fraud by developing/strengthening their ability to A. Recognize and question changes that occur in organizations. B. Interrogate fraud perpetrators to discover why the fraud was committed. C. Develop internal controls to prevent the occurrence of fraud. D. Document computerized operating system programs.

4.4.65 After noting some red flags, an internal auditor has an increased awareness that fraud may be present. Which of the following best describes the internal auditor's responsibility? A. Expand activities to determine whether an investigation is warranted. B. Report the possibility of fraud to senior management and the board and ask them how they would like to proceed. C. Consult with external legal counsel to determine the course of action to be taken, including the approval of the proposed engagement work program to make sure it is acceptable on legal grounds. D. Report the matter to the audit committee and request funding for outside service providers to help investigate the possible fraud.

4.4.69 Which of the following best describes an auditor's responsibility after noting some indicators of fraud? A. Expand activities to determine whether an investigation is warranted. B. Report the possibility of fraud to senior management and ask how to proceed. C. Consult with external legal counsel to determine the course of action to be taken. D. Report the matter to the audit committee and request funding for outside specialists to help investigate the possible fraud.

4.4.70 What is the responsibility of the internal auditor with respect to fraud? A. The internal auditor should have sufficient knowledge to identify the indicators of fraud but is not expected to be an expert. B. The internal auditor should have the same ability to detect fraud as a person whose primary responsibility is detecting and investigating fraud. C. An internal auditor should have sufficient knowledge and training so that (s)he is able to detect fraud. D. An internal auditor's primary role is to detect and investigate fraud.

4.5.71 Red flags are conditions that indicate a higher likelihood of fraud. Which of the following is not considered a red flag? A. Management has delegated the authority to make purchases under a certain value to subordinates. B. An individual has held the same cash-handling job for an extended period without any rotation of duties. C. An individual handling marketable securities is responsible for making the purchases, recording the purchases, and reporting any discrepancies and gains/losses to senior management. D. The assignment of responsibility and accountability in the accounts receivable department is not clear.

4.5.75 An internal auditor should be concerned about the possibility of fraud if A. Cash receipts, net of the amounts used to pay petty cash-type expenditures, are deposited in the bank daily. B. The monthly bank statement reconciliation is performed by the same employee who maintains the perpetual inventory records. C. The accounts receivable subsidiary ledger and accounts payable subsidiary ledger are maintained by the same person. D. One person, acting alone, has sole access to the petty cash fund (except for a provision for occasional surprise counts by a supervisor or auditor).

4.5.77 Randy and John had known each other for many years. They had become best friends in college, where they both majored in accounting. After graduation, Randy took over the family business from his father. His family had been in the grocery business for several generations. When John had difficulty finding a job, Randy offered him a job in the family store. John proved to be a very capable employee. As John demonstrated his abilities, Randy began delegating more and more responsibility to him. After a period of time, John was doing all of the general accounting and authorization functions for checks, cash, inventories, documents, records, and bank reconciliations. (1) John was trusted completely and handled all financial functions. No one checked his work. Randy decided to expand the business and opened several new stores. (2) Randy was always handling the most urgent problem . . . "crisis management" is what his college professors had termed it. John assisted with the problems when his other duties allowed him time. Although successful at work, John had (3) difficulties with personal financial problems. At first, the amounts stolen by John were small. John didn't even worry about making the accounts balance. But John became greedy. "How easy it is to take the money," he said. He felt that he was a critical member of the business team (4) and that he contributed much more to the success of the company than was represented by his salary. "It would take two or three people to replace me," he often thought to himself. As the amounts became larger and larger, (5) he made the books balance. Because of these activities, John was able to purchase an expensive car and take his family on several trips each year. (6) He also joined an expensive country club. Things were changing at home, however. (7) John's family observed that he was often argumentative and at other times very depressed. The fraud continued for 6 years. Each year, the business performed more and more poorly. In the last year, the stores had a substantial net loss. Randy's bank required an audit. John confessed when he thought the auditors had discovered his embezzlements. When discussing frauds, the pressures, opportunities, and rationalizations that cause/allow a perpetrator to commit the fraud are often identified. Symptoms of fraud are also studied. Number 2, "Randy was always handling the most urgent . . .," is an example of a(n) A. Opportunity to commit. B. Analytical symptom. C. Situational pressure. D. Rationalization.

5.4.40 Using mean-per-unit sampling to estimate the value of inventory, an internal auditor had the following results: Projected inventory value US $3,000,000 Confidence level 95% Confidence interval $2,800,000 to $3,200,000 Standard error $100,000 Z-value (approximate) 2.0 Precision $200,000 The recorded value of inventory was US $3,075,000. If the internal auditor had used nonstatistical sampling instead of statistical sampling, which of the following would be true? A. The confidence level could not be quantified. B. The precision would be larger. C. The projected value of inventory would be less reliable. D. The risk of incorrect acceptance would be higher.

4.5.88 When an internal auditor followed up on a significant increase in maintenance supplies during the past year, a purchasing agent explained to the internal auditor that the primary reason for the increase was painting services and supplies. The internal auditor found a blanket purchase order without the normal bid or quote documentation. The blanket purchase order had been signed by the general manager and named the general manager's father as the sole contractor for painting services on the organization's projects. The auditor also found a number of large invoices, authorized for payment by the general manager, that showed the general manager's father as the person who signed for the receipt of the material at the supplier. What is the common indicator of fraud recognized by the internal auditor in this scenario? A. Analytical procedures revealed an extraordinary increase in account balances. B. Paint and supplies are being purchased for a contractor. C. The purchasing agent is selecting the contractor on the basis of a blanket purchase order. D. Invoices are being authorized for payment by the general manager.

4.5.90 Bank management suspects that a bank loan officer frequently made loans to fictitious entities, disbursed loan proceeds to personally established accounts, and then let the loans go into default. Some pertinent facts about the loan officer include A high standard of living, explained as the result of sound investments and not taking vacations; An expensive personal car obtained through business contacts; Gasoline and repair bills submitted for a car assigned by the bank that are higher than the organization's average (mileage logs were submitted on a quarterly basis); and Marked annoyance with questions from internal auditors. The most appropriate trend analysis to indicate this potential fraud is A. Loan default rates by loan officer. B. Accumulation of unpaid vacation days. C. Automobile operating expenses by loan officer. D. Total monetary volume of loans by loan officer.

4.5.93 An engagement had been scheduled by the chief audit executive to address unusual inventory shortages revealed in the annual physical inventory process at a large consumer goods warehouse operation. A cycle count program had been installed in the storeroom at the beginning of the year in place of the disruptive process of counting one entire product line at the end of each month. The cycle count program appeared effective because only nine minor adjustments had been made for the entire year on the several thousand different products located in the storeroom. The storeroom supervisor explained that each of the 15 stockroom personnel selected one item each day for cycle count based on how efficiently the item could be counted. The opportunity for control-related problems including fraud has been increased in the stockroom because A. Items for cycle count are selected by stockroom personnel. B. A cycle count program has been installed in place of a less efficient program. C. Only nine minor adjustments have been recorded as a result of the cycle count process. D. Stockroom personnel record cycle count information.

4.5.97 Which of the following would not be considered a condition that indicates a higher likelihood of fraud? A. Management has delegated the authority to make purchases under a certain monetary limit to subordinates. B. An individual has held the same cash-handling job for an extended period without any rotation of duties. C. An individual handling marketable securities is responsible for making the purchases, recording the purchases, and reporting any discrepancies and gains or losses to senior management. D. The assignment of responsibility and accountability in the accounts receivable department is not clear.

4.5.99 Which of the following fraudulent entries is most likely to be made to conceal the theft of an asset? A. Debit expenses and credit the asset. B. Debit the asset and credit another asset account. C. Debit revenue and credit the asset. D. Debit another asset account and credit the asset.

5.1.1 In a sampling application, the group of items about which the auditor wants to estimate some characteristic is called the A. Population. B. Attribute of interest. C. Sample. D. Sampling unit.

5.1.2 The variability of a population, as measured by the standard deviation, is the A. Extent to which the individual values of the items in the population are spread about the mean. B. Degree of asymmetry of a distribution. C. Tendency of the means of large samples (at least 30 items) to be normally distributed. D. Measure of the closeness of a sample estimate to a corresponding population characteristic.

5.2.11 An auditor tested a population by examining 60 items selected judgmentally and found one error. The main limitation of the auditor's sample is the inability to A. Quantify sampling risk. B. Quantify the acceptable error rate. C. Project the population's error rate. D. Determine whether the sample is random.

5.2.13 Statistical sampling is appropriate to estimate the value of an auto dealer's 3,000 line-item inventory because statistical sampling is A. Reliable and objective. B. Thorough and complete. C. Thorough and accurate. D. Complete and precise.

5.2.9 If an internal auditor is sampling to test compliance with a particular company policy, which of the following factors should not affect the allowable level of sampling risk? A. The experience and knowledge of the auditor. B. The adverse consequences of noncompliance. C. The acceptable level of risk of making an incorrect audit conclusion. D. The cost of performing auditing procedures on sample selections.

5.3.21 When planning an attribute sampling application, the difference between the expected error rate and the maximum tolerable error rate is the planned A. Precision. B. Reliability. C. Dispersion. D. Skewness.

5.3.31 An individual is an internal auditor for a car rental agency that operates a fleet of 75,000 vehicles in 1,000 cities throughout North America. As a part of an operational audit, the auditor tested the impact of vehicle age on the incidence of major repairs. A computer program showed that 20% of the fleet has been in service for more than 12 months. A sample of 375 is drawn based on Confidence level = 95% Expected rate of occurrence = 10% Precision = ±3% The records related to repairs completed after 12 months of service for the selected vehicles were reviewed to determine if major repairs were needed. Assuming that all other factors remain constant, how would sample size and achieved precision be affected by a change in confidence level from 95% to 90%? A. Sample size would be smaller; achieved precision would be larger. B. Both sample size and achieved precision would be larger. C. Both sample size and achieved precision would be smaller. D. Sample size would be larger; achieved precision would be smaller.

5.5.55 An auditor for the state highway and safety department needs to estimate the average highway weight of tractor-trailer trucks using the state's highway system. Which estimation method must be used? A. Mean-per-unit. B. Difference. C. Ratio. D. Probability-proportional-to-size.

5.5.58 The most appropriate methodology for drawing a sample from 3,000 time cards to check for signatures would be A. Interval sampling. B. Cluster sampling. C. Stratified sampling. D. Variables sampling.

5.5.59 An auditor is testing on a company's large, normally distributed accounts receivable file. The objectives of the audit are to test end-of-period monetary balances and accounts receivable posting exception (error) rates. The accounts receivable file contains a large number of small monetary balances and a small number of large monetary balances, and the auditor expects to find numerous errors in the account balances. The most appropriate sampling technique to estimate the monetary amount of errors is A. Difference or ratio estimation. B. Unstratified mean-per-unit. C. Probability-proportional-to-size. D. Attribute.

5.5.66 A bank's internal auditor wishes to determine whether all loans are supported by sufficient collateral, properly aged regarding current payments, and accurately categorized as current or noncurrent. The best audit procedure to accomplish these objectives would be to A. Use generalized audit software to read the total loan file, age the file by last payment due, and extract a statistical sample stratified by the current and aged population. Examine each loan selected for proper collateralization and aging. B. Select a block sample of all loans in excess of a specified monetary limit and determine if they are current and properly categorized. For each loan approved, verify aging and categorization. C. Select a discovery sample of all loan applications to determine whether each application contains a statement of collateral. D. Select a sample of payments made on the loan portfolio and trace them to loans to see if the payments are properly applied. For each loan identified, examine the loan application to determine that the loan has proper collateralization.

5.5.75 The internal auditor for an insurance company is conducting an audit of claims processing and wants to assess the average length of time taken to process automobile claims to determine whether processing is being completed within standards set by company policy. The auditor plans to take a sample of claims made during the year and perform the needed analysis. The most appropriate sampling method is A. Mean-per-unit variables sampling. B. Probability-proportional-to-size sampling. C. Attribute sampling. D. Discovery sampling.

5.6.82 The most important component of quality control is A. Ensuring that goods and services conform to the design specifications. B. Satisfying upper management. C. Conforming with ISO-9000 specifications. D. Determining the appropriate timing of inspections.

5.6.83 An automobile parts manufacturer has received complaints from customers about declining quality. After a quick review, management realizes the problem has no single source. To perform a thorough process of problem identification, the most appropriate tool is a(n) A. Fishbone (Ishikawa diagram. B. Histogram. C. Pareto diagram. D. ISO 9000 audit.

6.1.2 An assurance engagement in the quality control department is being planned. Which of the following is least likely to be used in the preparation of a preliminary survey questionnaire? A. An analysis of quality control documents. B. The permanent engagement file. C. The prior engagement communications. D. Management's charter for the quality control department.

6.1.3 During which phase of the engagement does the internal auditor identify the objectives and related controls of the activity being examined? A. Preliminary survey. B. Staff selection. C. Work program preparation. D. Final communication of results.

6.1.4 The preliminary survey indicates that severe staff reductions at the engagement location have resulted in extensive amounts of overtime among accounting staff. Department members are visibly stressed and very vocal about the effects of the cutbacks. Accounting payrolls are nearly equal to prior years, and many key controls, such as segregation of duties, are no longer in place. The accounting supervisor now performs all operations within the cash receipts and posting process and has no time to review and approve transactions generated by the remaining members of the department. Journal entries for the last 6 months since the staff reductions show increasing numbers of prior-month adjustments and corrections, including revenues, cost of sales, and accruals that had been misstated or forgotten during month-end closing activity. The internal auditor should A. Discuss these observations with management of the internal audit activity to determine whether further work would be an efficient use of internal auditing resources at this time. B. Proceed with the scheduled engagement but add personnel based on the expected number of observations and anticipated lack of assistance from local accounting management. C. Research temporary help agencies and evaluate the cost and benefit of outsourcing needed services. D. Suspend further engagement work and issue the final communication of results because the conclusions are obvious.

6.1.8 During a preliminary survey, an auditor found that several accounts payable vouchers for major suppliers required adjustments for duplicate payment of prior invoices. This would indicate A. A need for additional testing to determine related controls and the current exposure to duplicate payments made to suppliers. B. The possibility of unrecorded liabilities for the amount of the overpayments. C. Insufficient controls in the receiving area to ensure timely notice to the accounts payable area that goods have been received and inspected. D. The existence of a sophisticated accounts payable system that correlates overpayments to open invoices and therefore requires no further audit concern.

6.10.100 An internal auditor interviewed client personnel and obtained an understanding of the auditee department's operations. The auditor then performed testwork. The auditor's presentation of the results of the testwork will usually take the form of a A. Finding. B. Conclusion. C. Recommendation. D. Meeting with senior management.

6.10.96 After completing an engagement work program step regarding materials movement between storage and assembly, the internal auditor would most likely prepare a(n) A. Observation. B. Report. C. Conclusion. D. Opinion.

6.10.97 Which two terms are often used interchangeably? A. "Conclusion" and "opinion." B. "Finding" and "conclusion." C. "Finding" and "opinion." D. "Opinion" and "observation."

6.10.98 "Three of six petty cash funds examined failed to contain either the correct amount of funds or sufficient documentation in lieu of funds, a 50% noncompliance rate." The above statement is an example of a(n) A. Observation. B. Opinion. C. Conclusion. D. Recommendation.

6.2.14 Management answered "yes" to every question when filling out an internal control questionnaire and stated that all listed requirements and control activities were part of their procedures. An internal auditor retrieved this questionnaire from management during the preliminary survey visit but did not review the responses with management while on site. The internal auditor's supervisor should be critical of the above procedure because A. Engagement information must be corroborated in some way. B. Internal control questionnaires cannot be relied upon. C. The internal auditors were not present while the questionnaire was being filled out. D. The questionnaire was not designed to address accounting operations and controls.

6.2.15 Management answered "yes" to every question when filling out an internal control questionnaire and stated that all listed requirements and control activities were part of their procedures. An internal auditor retrieved this questionnaire from management during the preliminary survey visit but did not review the responses with management while on site. The auditor's supervisor is writing the performance assessment for the auditor on this preliminary survey assignment. The supervisor cites the need to review management's responses on the control questionnaire. The auditor should have interviewed management for additional information because the interview technique A. Provides the opportunity to insert questions to probe promising areas. B. Is the most efficient way to upgrade the information to the level of objective evidence. C. Is the least costly audit technique when a large amount of information is involved. D. Is the only audit procedure that does not require confirmation and walk-through of the information obtained.

6.2.16 Which of the following statements indicates the wrong way to use an internal control questionnaire? A. Clarifying all answers with written remarks and explanations. B. Filling out the questionnaire during an interview with the person who has responsibility for the area that is being reviewed. C. Constructing the questionnaire so that a "no" response requires attention. D. Supplementing the completed questionnaire with a narrative description or flowchart.

6.2.17 An internal auditing manager is conducting the annual meeting with manufacturing division management to discuss proposed engagement plans and activities for the next year. After some discussion about the past year's activity at 12 plants in the division, the divisional vice president agrees that all significant recommendations made by the internal auditing staff refer to key controls and related operating activities that are correctly described for local management within the volume of standard operating procedures for the division. The vice president proposes to transcribe key control activities from the division's extensive written procedures to a self-assessment standard operating procedure (SOP) questionnaire. What significance should the internal auditing manager attach to such SOP questionnaires in relation to the proposed engagement schedule for the next year? A. The SOP questionnaires should improve control adequacy, but the internal auditors need to verify that controls are working as documented in the SOP. B. Adding this control should eliminate significant engagement recommendations in the coming year, so the scope of engagement activities can be reduced accordingly. C. Engagement activity can be reduced if the vice president agrees to require the internal audit activity's approval of all divisional standard operating procedures. D. SOP questionnaires must be mailed and controlled by the internal audit activity to be considered in relation to the proposed engagement schedule.

6.2.19 The auditor used a questionnaire during interviews to gather information about the nature of claims processing. Unfortunately, the questionnaire did not cover a number of pieces of information offered by the person being interviewed. Consequently, the auditor did not document the potential problems for further audit investigation. The primary deficiency with the process is that A. The auditor failed to consider the importance of the information offered. B. A questionnaire was used in a situation in which a structured interview should have been used. C. Questionnaires do not allow for opportunities to document other information. D. All of the answers are correct.

6.3.30 Listening effectiveness is best increased by A. Resisting both internal and external distractions. B. Waiting to review key concepts until the speaker is through talking. C. Tuning out messages that do not seem to fit the meeting purpose. D. Factoring in biases to evaluate the information being given.

6.5.46 Internal auditors must make a preliminary assessment of risks when conducting an assurance engagement. This assessment may involve quantitative (objective) and subjective factors. The least subjective factor is A. The organization's recognized losses on derivatives. B. The auditor's assessment of management responses. C. Changes in the auditee's business forecast. D. The evaluation of internal control.

6.6.55 Which of the following strategies will an auditor most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system? A. Continuous monitoring and analysis of transaction processing with an embedded audit module. B. Increased reliance on internal control activities that emphasize the segregation of duties. C. Verification of encrypted digital certificates used to monitor the authorization of transactions. D. Extensive testing of firewall boundaries that restrict the recording of outside network traffic.

6.6.57 If a financial institution overstated revenue by charging too much of each loan payment to interest income and too little to repayment of principal, which of the following audit procedures would be least likely to detect the error? A. Performing an analytical review by comparing interest income this period as a percentage of the loan portfolio with the interest income percentage for the prior period. B. Using an integrated test facility (ITF) and submitting interest payments for various loans in the ITF portfolio to determine if they are recorded correctly. C. Using test data and submitting interest payments for various loans in the test portfolio to determine if they are recorded correctly. D. Using generalized audit software to select a random sample of loan payments made during the period, calculating the correct posting amounts, and tracing the postings that were made to the various accounts.

7.3.26 Which type of working-paper summary is typically used to consolidate numerical data scattered among several schedules? A. Statistical summaries. B. Segment summaries. C. Results summaries. D. Pyramid summaries.

6.7.66 Analytical procedures enable the internal auditor to predict the balance or quantity of an item. Information to develop this estimate can be obtained by all of the following except A. Tracing transactions through the system to determine whether procedures are being applied as prescribed. B. Comparing financial data with data for comparable prior periods, anticipated results (e.g., budgets and forecasts), and similar data for the industry in which the entity operates. C. Studying the relationships of elements of financial data that would be expected to conform to a predictable pattern based upon the entity's experience. D. Studying the relationships of financial data with relevant nonfinancial data.

6.7.70 The use of an analytical review to verify the correctness of various operating expenses would not be a preferred approach if A. An auditor notes strong indicators of a specific fraud involving these accounts. B. Operations are relatively stable and have not changed much over the past year. C. An auditor would like to identify large, unusual, or non-recurring transactions during the year. D. Operating expenses vary in relation to other operating expenses, but not in relation to revenue.

6.8.79 An organization wants to improve on its performance measures for a new business line. Which type of benchmarking is most likely to provide information useful for this purpose? A. Functional. B. Competitive. C. Generic. D. Internal.

6.9.82 While testing the effectiveness of inventory controls, the internal auditor makes a note in the working papers that most of the cycle count adjustments for the facility involved transactions of the machining department. The machining department also had generated an extraordinary number of cycle count adjustments in comparison with other departments last year. The internal auditor should A. Interview management and apply other engagement procedures to determine whether transaction controls and procedures within the machining department are adequate. B. Do no further work because the concern was not identified by the analytical procedures included in the engagement work program. C. Notify internal auditing management that fraud is suspected. D. Place a note in the working papers to review this matter in detail during the next engagement.

6.9.85 Which result of an analytical procedure suggests the existence of obsolete merchandise? A. Decrease in the inventory turnover rate. B. Decrease in the ratio of gross profit to sales. C. Decrease in the ratio of inventory to accounts payable. D. Decrease in the ratio of inventory to accounts receivable.

7.10.90 Ordinarily, what source of information should most affect the internal auditor's conclusions? A. External. B. Inquiry. C. Oral. D. Informal.

7.11.102 Which of the following represents the general order of persuasiveness, from most to least, for the types of information listed below? I. Inquiry of management II. Observation of engagement client's procedures III. Physical examination IV. Documentation prepared externally A. III, II, IV, I. B. IV, I, II, III. C. II, IV, I, III. D. IV, III, I, II.

7.11.96 Which of the following techniques is most likely to result in sufficient information with regard to an engagement to review the quantity of fixed assets on hand in a particular department? A. Physical observation. B. Analytical review of purchase requests and subsequent invoices. C. Interviews with department management. D. Examination of the account balances contained in general and subsidiary ledgers.

7.2.12 The chief audit executive establishes policies for A. Standardized working papers. B. Defining the hours available for individual engagements. C. Defining standardized tick marks and ensuring compliance with them. D. Ensuring the written documentation of all conversations held throughout the engagement.

7.2.14 Standardized working papers are often used, chiefly because they allow working papers to be prepared more A. Efficiently. B. Professionally. C. Neatly. D. Accurately.

7.2.6 The primary purpose of an internal auditor's working papers is to A. Provide documentation of the planning and execution of engagement procedures performed. B. Serve as a means with which to prepare the financial statements. C. Document weaknesses in internal control with recommendations to management for improvement. D. Comply with the Standards.

7.2.9 The primary purpose of an engagement working paper prepared in connection with payroll expense is to A. Record payroll data and analyses to support reported recommendations. B. Verify the work done by the internal auditor. C. Record the names of all employees. D. Provide documentation to support payroll taxes due.

7.3.15 An adequately documented working paper should A. Be concise but complete. B. Follow a unique form and arrangement. C. Contain examples of all forms and procedures used by the engagement client. D. Not contain copies of engagement client records.

7.3.18 Employees using personal computers have been reporting occupational injuries and claiming substantial workers' compensation benefits. The working papers of an engagement performed to determine the extent of the organization's exposure to such personal injury liability should include A. Analysis of claims by type of equipment and extent of use by individual employees. B. Confirmations from insurance carriers as to claims paid under workers' compensation policies in force. C. Reviews of documentation supporting purchases of personal computers. D. Listings of all personal computers in use and the employees who use them.

7.3.22 Engagement working papers are indexed by means of reference numbers. The primary purpose of indexing is to A. Permit cross-referencing and simplify supervisory review. B. Support the final engagement communication. C. Eliminate the need for follow-up reviews. D. Determine that working papers adequately support observations, conclusions, and recommendations.

7.3.25 Which of the following conditions constitutes inappropriate working-paper preparation? A. All forms and directives used by the engagement client are included in the working papers. B. Flowcharts are included in the working papers. C. Engagement observations are cross-referenced to supporting documentation. D. Tick marks are explained in notes.

7.3.30 Which of the following concepts distinguishes the retention of computerized audit documentation from the traditional hard copy form? A. Analyses, conclusions, and recommendations are filed on electronic media and are therefore subject to computer system controls and security procedures. B. Evidential support for all findings is copied and provided to local management during the closing conference and to each person receiving the final report. C. Computerized data files can be used in computer audit procedures. D. Audit programs can be standardized to eliminate the need for a preliminary survey at each location.

7.4.33 The primary objective of maintaining security over working papers is to A. Prohibit unauthorized changes or removal of information. B. Prohibit engagement clients from seeing working papers. C. Facilitate subsequent engagements in the same department. D. Facilitate engagements by external auditors.

7.5.38 When current-file working papers are no longer of use to the internal audit activity, they should be A. Destroyed. B. Placed in the custody of the organizational legal department for safekeeping. C. Transferred to the permanent file. D. Transferred to the custody of the engagement client for ease of future records.

7.5.40 An internal audit activity's policies regarding engagement records should address such matters as their content, retention period, handling of access requests, and responsibility for control and security. Which of the following statements relevant to the development of these policies is true? A. Most records not protected by the attorney-client privilege are accessible in criminal proceedings. B. The work product of the internal auditors is protected from disclosure. C. Records created with an expectation of confidentiality are protected from disclosure. D. Documents revealing attorneys' thought processes will be subject to forced disclosure.

7.6.41 Which of the following tools would best give a graphical representation of a sequence of activities and decisions? A. Flowchart. B. Control chart. C. Histogram. D. Run chart.

7.6.42 Which method of evaluating internal controls during the preliminary survey provides the internal auditor with the best visual grasp of a system and a means for analyzing complex operations? A. A flowcharting approach. B. A questionnaire approach. C. A matrix approach. D. A detailed narrative approach.

7.6.46 Of the following, which is the most efficient source for an auditor to use to evaluate a company's overall control system? A. Control flowcharts. B. Copies of standard operating procedures. C. A narrative describing departmental history, activities, and forms usage. D. Copies of industry operating standards.

7.6.47 A flowchart of process activities and controls may provide A. Information on where fraud could occur. B. Information on the extent of a past fraud. C. An indication of where fraud has occurred in a process. D. No information related to fraud prevention.

7.6.54 In documenting the procedures used by several interacting departments the internal auditor will most likely use a(n) A. Horizontal (or systems) flowchart. B. Vertical flowchart. C. Gantt chart. D. Internal control questionnaire.

7.7.59 When sampling methods are used, the concept of sufficiency of information means that the samples selected provide A. Reasonable assurance that they are representative of the sampled population. B. The best information that is reasonably obtainable. C. Reasonable assurance that the information has a logical relationship to the engagement objective. D. Absolute assurance that a sample is representative of the population.

7.7.62 While testing a division's compliance with company affirmative-action policies, an auditor found that 1. 5% of the employees are from minority groups. 2. No one from a minority group has been hired in the past year. The most appropriate conclusion for the auditor to reach is that A. Insufficient evidence exists of compliance with affirmative-action policies. B. The division is violating the company's policies. C. The company's policies cannot be audited and hence cannot be enforced. D. With 5% of its employees from minority groups, the division is effectively complying.

7.7.63 Reliable evidence is best defined as evidence that A. Is the best attainable. B. Is obtained by observing people, property, and events. C. Is supplementary to other evidence already gathered and tends to strengthen or confirm it. D. Proves an intermediate fact, or group of facts, from which still other facts can be inferred.

7.8.71 The chief audit executive is reviewing some of the basic concepts inherent in the performance of an engagement with three internal auditors who are on a rotation assignment. After 6 months in the internal audit activity, they will move back to line positions. Each of them has fairly extensive organizational experience and is on a fast track to a high-level management line position. To develop their analytical decision-making abilities, the CAE pulls some old engagement working papers, holding back the review notes and clearing comments. The CAE asks the team to indicate the informational criteria that are violated. The organization is required to comply with certain specific standards related to environmental issues. One of these standards requires that certain hazardous chemicals be placed in certified containers for shipment to a governmental disposal site. The container must bear an inspection seal signed within the last 90 days by a governmental inspector. Based on the following tests, the internal auditor concluded that the organization was in compliance for the engagement period: I. Determine from each chemical loading supervisor that compliance requirements are understood. II. Inspect sealed containers for evidence of leakage. III. Ask chemical loading personnel about procedures performed. Which of the following informational criteria, if any, is violated? A. Sufficiency. B. Reliability. C. Relevance. D. No criteria are violated.

7.8.73 The chief audit executive is reviewing some of the basic concepts inherent in the performance of an engagement with three internal auditors who are on a rotation assignment. After 6 months in the internal audit activity, they will move back to line positions. Each of them has fairly extensive organizational experience and is on a fast track to a high-level management line position. To develop their analytical decision-making abilities, the CAE pulls some old engagement working papers, holding back the review notes and clearing comments. The CAE asks the team to indicate the informational criteria that are violated. In an engagement performed at the organization's real estate development subsidiary, the engagement objective was to determine that capitalized land improvements had been assigned equally to all developed lots. The internal auditors identified the following information: 1. Independent appraisals of all lot values 2. Sales records for similar subdivision lots 3. An analysis of market values of each lot Which of the following informational criteria, if any, are violated? A. Sufficiency and relevance. B. Reliability and sufficiency. C. Relevance and reliability. D. No criteria are violated.

7.9.79 The chief audit executive is reviewing the working papers produced by an internal auditor during a fraud investigation. Among the items contained in the working papers is a description of an item of physical information. Which of the following is the most probable source of this item of information? A. Observing conditions. B. Interviewing people. C. Examining records. D. Computing variances.

7.9.80 An internal auditor takes a photograph of the engagement client's workplace. The photograph is a form of what kind of information? A. Physical. B. Testimonial. C. Documentary. D. Analytical.

7.9.82 The internal auditor for a construction contractor finds materials costs increasing as a percentage of billings and suspects that materials billed to the organization are being delivered to another contractor. What type of information will best enable the internal auditor to determine whether erroneous billings occurred? A. Documentary. B. Physical examination. C. Confirmation. D. Analytical.

7.9.85 An internal auditor arrived at the conclusion that the segregation of duties in the counting and recording of cash receipts was adequate. What type of information is this? A. Analytical. B. Documentary. C. Physical. D. Testimonial.

4.5.85 Which of the following is an indicator of possible financial reporting fraud being perpetrated by management of a manufacturer? A. A trend analysis discloses (1) sales increases of 50% and (2) cost of goods sold increases of 25%. B. A ratio analysis discloses that cost of goods sold is 50% of sales. C. A cross-sectional analysis of common size statements discloses that (1) the firm's percentage of cost of goods sold to sales is 40% and (2) the industry average percentage of cost of goods sold to sales is 50%. D. A cross-sectional analysis of common size statements discloses that (1) the firm's percentage of cost of goods sold to sales is 50% and (2) the industry average percentage of cost of goods sold to sales is 40%.

A (3) measurement errors.

6.1.9 You are an internal auditing supervisor who is reviewing the working papers of a staff internal auditor's overall examination of the firm's sales function. The pages are not numbered or cross-referenced. Furthermore, the working papers were dropped and reassembled at random before they were brought to you. You decide to put the working papers in the proper order according to the Standards. The first stage of this activity is to identify each page as a part of (1) the preliminary survey, (2) the review of the adequacy of control processes, (3) the review for effectiveness of control processes, or (4) the review of results. The second page the supervisor selects documents an interview with a salesperson discussing the overall sales cycle. This page belongs with which activity? A. Preliminary survey. B. Review for adequacy of control processes. C. Review for effectiveness of control processes. D. Review of results.

A (1) become familiar with the activities, risks, and controls to identify areas for engagement emphasis and (2) invite comments and suggestions from engagement clients (PA 2210.A1-1, para. 3). Interviews with the engagement client may be conducted as part of the survey to obtain an overall understanding of operations.

7.2.11 Engagement working papers include A. Providing a basis for evaluating the internal audit quality program. B. Copies of all source documents examined in the course of the engagement. C. Copies of all procedures that were reviewed during the engagement. D. All working papers prepared during a previous engagement performed in the same area.

A (4) support the accuracy and completeness of the work performed; (5) provide a basis for the internal audit activity's quality assurance and improvement program; and (6) facilitate third-party review (PA 2330-1, para. 2).

1.7.86 The IIA's Code of Ethics incorporates by reference which of the following rules? A. Duty to disclose all material facts when reporting on activities. B. Performance with proficiency and due professional care. C. Prudent and lawful use of information. D. No acceptance of anything that may impair professional judgment.

1.8.96 Which of the following is not true with regard to the internal audit charter? A. It defines the authorities and responsibilities for the internal audit activity. B. It specifies the minimum resources needed for the internal audit activity. C. It provides a basis for evaluating the internal audit activity. D. It should be approved by the board.

1.1.1 The purposes of the Standards include all of the following except A. Establishing the basis for the measurement of internal audit performance. B. Guiding the ethical conduct of internal auditors. C. Stating basic principles that represent the practice of internal auditing. D. Fostering improved organizational processes and operations.

1.1.14 Which one of the following must be included in the internal audit charter? A. Internal audit scope. B. Internal audit responsibility. C. Chief audit executive's compensation plan. D. Number of full-time internal audit employees deemed to be the necessary minimum.

1.2.23 The best reason for establishing a code of conduct within an organization is that such codes A. Are typically required by governments. B. Express standards of individual behavior for members of the organization. C. Provide a quantifiable basis for personnel evaluations. D. Have tremendous public relations potential.

1.2.25 In analyzing the differences between two recently merged businesses, the chief audit executive of Organization A notes that it has a formal code of ethics and Organization B does not. The code of ethics covers such things as purchase agreements, relationships with vendors, and other issues. Its purpose is to guide individual behavior within the firm. Which of the following statements regarding the existence of the code of ethics in A can be logically inferred? I. A exhibits a higher standard of ethical behavior than does B. II. A has established objective criteria by which an individual's actions can be evaluated. The absence of a formal code of ethics in B would prevent a successful review of ethical behavior in that organization. I and II. II only. III only. II and III.

1.2.29 Objectivity is an ethical requirement for all persons engaged in the professional practice of internal auditing. One aspect of objectivity requires A. Performance of professional duties in accordance with relevant laws. B. Avoidance of conflict of interest. C. Refraining from using confidential information for unethical or illegal advantage. D. Maintenance of an appropriate level of professional expertise.

1.3.31 Today's internal auditor will often encounter a wide range of potential ethical dilemmas, not all of which are explicitly addressed by The IIA's Code of Ethics. If the internal auditor encounters such a dilemma, the internal auditor should always A. Seek counsel from an independent attorney to determine the personal consequences of potential actions. B. Apply and uphold the principles embodied in The IIA's Code of Ethics. C. Seek the counsel of the board before deciding on an action. D. Act consistently with the code of ethics adopted by the organization even if such action is not consistent with The IIA's Code of Ethics.

1.3.34 An internal auditor who encounters an ethical dilemma not explicitly addressed by The IIA's Code of Ethics should always A. Seek counsel from an independent attorney to determine the personal consequences of potential actions. B. Take action consistent with the principles embodied in The IIA's Code of Ethics. C. Seek the counsel of the audit committee before deciding on an action. D. Act consistently with the employing organization's code of ethics even if such action would not be consistent with The IIA's Code of Ethics.

1.5.41 Which of the following statements is not appropriate to include in a manufacturer's conflict of interest policy? An employee shall not A. Accept money, gifts, or services from a customer. B. Participate (directly or indirectly) in the management of a public agency. C. Borrow from or lend money to vendors. D. Use organizational information for private purposes.

1.5.42 A CIA is working in a noninternal-auditing position as the director of purchasing. The CIA signed a contract to procure a large order from the supplier with the best price, quality, and performance. Shortly after signing the contract, the supplier presented the CIA with a gift of significant monetary value. Which of the following statements regarding the acceptance of the gift is true? A. Acceptance of the gift is prohibited only if it is not customary. B. Acceptance of the gift violates The IIA's Code of Ethics and is prohibited for a CIA. C. Because the CIA is no longer acting as an internal auditor, acceptance of the gift is governed only by the organization's code of conduct. D. Because the contract was signed before the gift was offered, acceptance of the gift does not violate either The IIA's Code of Ethics or the organization's code of conduct.

1.5.43 The chief audit executive (CAE) has been appointed to a committee to evaluate the appointment of the external auditors. The engagement partner for the external accounting firm wants the CAE to join her for a week of hunting at her private lodge. The CAE should A. Accept, assuming both their schedules allow it. B. Refuse on the grounds of conflict of interest. C. Accept as long as it is not charged to employer time. D. Ask the comptroller whether accepting the invitation is a violation of the organization's code of ethics.

1.5.48 Which of the following concurrent occupations could appear to subvert the ethical behavior of an internal auditor? A. Internal auditor and a well-known charitable organization's local in-house chairperson. B. Internal auditor and part-time business insurance broker. C. Internal auditor and adjunct faculty member of a local business college that educates potential employees. D. Internal auditor and landlord of multiple housing that publicly advertises for tenants in a local community newspaper listing monthly rental fees.

1.5.51 An internal auditor engages in the preparation of income tax forms during the tax season. For which of the following activities will the internal auditor most likely be in violation of The IIA's Code of Ethics? A. Writing a tax guide intended for publication and sale to the general public. B. Preparing the personal tax return, for a fee, for one of the organization's division managers. C. Teaching an evening tax seminar, for a fee, at a local university. D. Preparing tax returns for elderly citizens, regardless of their associations, as a public service.

1.5.52 An internal auditing team has made observations and recommendations that should significantly improve a division's operating efficiency. Out of appreciation of this work, and because it is the holiday season, the division manager presents the in-charge internal auditor with a gift of moderate value. Which of the following best describes the action prescribed by The IIA's Code of Ethics? A. Not accept it prior to submission of the final engagement communication. B. Not accept it if the gift is presumed to impair the internal auditor's judgment. C. Not accept it, regardless of other circumstances, because its value is significant. D. Accept it, regardless of other circumstances, because its value is insignificant.

1.5.57 The chief audit executive is aware of a material inventory shortage caused by internal control deficiencies at one manufacturing plant. The shortage and related causes are of sufficient magnitude to affect the external auditor's report. Based on The IIA's Code of Ethics, what is the CAE's most appropriate course of action? A. Say nothing; guard against interfering with the independence of the external auditors. B. Discuss the issue with management and take appropriate action to ensure that the external auditors are informed. C. Inform the external auditors of the possibility of a shortage but allow them to make an independent assessment of the amount. D. Communicate the shortages to the board and allow them to communicate it to the external auditor.

1.5.66 Which of the following actions by an internal auditor would violate The IIA's Code of Ethics? A. Attendance at an educational program offered by an engagement client to all employees. B. Acceptance of airline tickets from an engagement client. C. Disclosure, in an engagement communication, of all material facts relevant to the area reviewed. D. Disposal of a small ownership interest in the organization prior to learning of a business downturn.

1.5.70 In their communication of results, internal auditors are required by The IIA's Code of Ethics to A. Obtain factual information within the established time and budget parameters. B. Reveal material facts that could distort communications if not revealed. C. Present sufficient factual information without revealing confidential information that could be detrimental to the organization. D. Disclose all material information obtained as of the date of the final engagement communication.

1.5.71 Which of the following situations is a violation of The IIA's Code of Ethics? A. An internal auditor, with the knowledge and consent of management, accepted a token gift from a customer of the organization that was not presumed to impair and did not impair judgment. B. Knowing that management was aware of the situation, an internal auditor purposely left a description of an unlawful practice out of the final engagement communication. C. An internal auditor shared techniques with internal auditors from another organization. D. Based upon knowledge of the probable success of the employer's business, an internal auditor invested in a mutual fund that specialized in the same industry.

1.6.78 Which of the following most likely constitutes a violation of The IIA's Code of Ethics by an internal auditor? A. Discussing at a trade convention the organization's controls over its computer networks. B. Purchasing stock in a target entity after overhearing an executive's discussion of a possible acquisition. C. Deleting sensitive information from a final engagement communication at the request of senior management. D. Investigating executive expense reports based completely on rumors of padding.

1.7.82 An organization has recently placed a former operating manager in the position of chief audit executive (CAE). The new CAE is not a member of The IIA and is not a CIA. Henceforth, the internal audit activity will be run strictly by the CAE's standards, not The IIA's. All four staff internal auditors are members of The IIA, but they are not CIAs. According to The IIA's Code of Ethics, what is the best course of action for the staff internal auditors? A. The Code does not apply because they are not CIAs. B. They should comply with the International Standards for the Professional Practice of Internal Auditing. C. They must respect the legitimate and ethical objectives of the organization and ignore the Standards. D. They must resign their jobs to avoid improper activities.

1.7.83 A new staff internal auditor was told to perform an engagement in an area with which the internal auditor was not familiar. Because of time constraints, no supervision was provided. The assignment represented a good learning experience, but the area was clearly beyond the internal auditor's competence. Nonetheless, the internal auditor prepared comprehensive working papers and communicated the results to management. In this situation, A. The internal audit activity violated the Standards by hiring an internal auditor without proficiency in the area. B. The internal audit activity violated the Standards by not providing adequate supervision. C. The chief audit executive has not violated The IIA's Code of Ethics because it does not address supervision. D. The Standards and The IIA's Code of Ethics were followed by the internal audit activity.

1.7.85 Under The IIA's Code of Ethics, an entity that provides internal auditing services is specifically required to A. Maintain certain predetermined staffing requirements for engagements. B. Comply with the International Standards for the Professional Practice of Internal Auditing. C. Comply with organizational policy. D. Participate in a formal continuing education program.

1.8.97 The chief audit executive (CAE) is best defined as the A. Inspector general. B. Person responsible for the internal audit function. C. Outside provider of internal audit services. D. Person responsible for overseeing the contract with the outside provider of internal audit services.

2.1.12 Regardless of which reporting relationship the organization chooses, several key actions can help ensure that the reporting lines support and enable the effectiveness and independence of the internal auditing activity. Which key action will not achieve its functional reporting purpose? A. Organizational independence is effectively achieved when the CAE reports functionally to the board (Interpretation of Standard 1110). B. The CAE should meet with the board, with management present, to reinforce the independence of the internal audit activity. C. The board should have the final authority to approve the internal audit risk assessment. D. The board should approve the CAE's performance evaluation.

2.1.18 A service organization is currently experiencing a significant downsizing and process reengineering. Its board of directors has redefined the business goals and established initiatives using in-house developed technology to meet these goals. As a result, a more decentralized approach has been adopted to run the business functions by empowering the business branch managers to make decisions and perform functions traditionally done at a higher level. The internal auditing staff is made up of the chief audit executive, two managers, and five staff auditors, all with financial background. In the past, the primary focus of successful internal audit activities has been the service branches and the six regional division headquarters that support the branches. These division headquarters are the primary targets for possible elimination. The support functions such as human resources, accounting, and purchasing will be brought into the national headquarters, and technology will be enhanced to enable and augment these operations. Up to this point, the internal audit activity has reported to the chief operating officer. Due to the significant changes, there has been some discussion as to changing this reporting relationship. What would be the best reporting relationship? A. Administratively and functionally to the president. B. Administratively to the president and functionally to the board. C. Administratively to the chief financial officer and functionally to the president. D. Administratively and functionally to the chief operating officer.

2.1.22 In some cultures and organizations, managers insist that an internal audit activity is not needed to provide a critical assessment of the organization's operations. This kind of management attitude will most probably have an adverse effect on the internal audit activity's A. Operating budget variance. B. Effectiveness. C. Performance appraisals. D. Policies and procedures.

2.1.3 An organization is in the process of establishing its new internal audit activity. The controller has no previous experience with internal auditors. Due to this lack of experience, the controller advised the applicants that the CAE will be reporting to the external auditors. However, the new chief audit executive will have free access to the controller to report anything important. The controller will then convey the CAE's concerns to the board of directors. The internal audit activity will A. Be independent because the CAE has direct access to the board. B. Not be independent because the CAE reports to the external auditors. C. Not be independent because the controller has no experience with internal auditors. D. Not be independent because the organization did not specify that the applicants must be certified internal auditors.

2.1.5 Which of the following activities undertaken by the internal auditor might be in conflict with the standard of independence? A. Risk management consultant. B. Product development team leader. C. Ethics advocate. D. External audit liaison.

2.1.7 An external quality assessment team was evaluating the independence of an internal audit activity. The internal audit activity performs engagements concerning all of the elements included in its scope. Which of the following reporting responsibilities is most likely to threaten the internal audit activity's independence? Reporting to the A. President. B. Treasurer. C. Executive vice president. D. Audit committee.

2.1.9 Independence permits internal auditors to render impartial and unbiased judgments. The best way to achieve independence is through A. Individual knowledge and skills. B. A dual-reporting relationship. C. Supervision within the organization. D. Organizational knowledge and skills.

2.2.24 An appropriate internal auditing role in a feasibility study is to A. Serve on the task force for the preliminary survey. B. Ascertain if the feasibility study addresses cost-benefit relationships. C. Determine the requirements for preparing a manual of specifications. D. Participate in the drafting of recommendations for the computer acquisition and implementation.

2.2.25 Internal auditors must be objective in performing their work. Assume that the chief audit executive received an annual bonus as part of that individual's compensation package. The bonus may impair the CAE's objectivity if A. The bonus is administered by the board of directors or its salary administration committee. B. The bonus is based on monetary amounts recovered or recommended future savings as a result of engagements. C. The scope of internal auditing is evaluating control rather than account balances. D. All of the answers are correct.

2.2.28 An internal auditor most likely will have a conflict of interest by providing an assurance service with regard to a A. Financial activity in which the internal auditor had been a key employee 5 years previously. B. Purchasing activity if a major supplier is owned by the internal auditor's sister-inlaw. C. Data processing center for which the internal auditor had performed the service three times previously. D. Computer system for which the internal auditor had been the internal audit activity's representative on the design team.

2.2.37 The major reason for the internal auditor's involvement in information systems development is for the internal auditor to A. Gain familiarity with systems for use in subsequent reviews. B. Help assure that systems have adequate control procedures. C. Help minimize the cost and development time for new systems. D. Propose enhancements for subsequent development and implementation.

2.3.47 When faced with an imposed scope limitation, the chief audit executive needs to A. Refuse to perform the engagement until the scope limitation is removed. B. Communicate the potential effects of the scope limitation to the board. C. Increase the frequency of engagements concerning the activity in question. D. Assign more experienced personnel to the engagement.

2.4.68 The internal audit activity collectively must possess or obtain certain competencies, including an understanding of A. Internal audit procedures and techniques. B. Accounting principles and techniques. C. Management principles. D. Marketing techniques.

2.3.48 In which of the following situations does an internal auditor potentially lack objectivity? A. An internal auditor reviews the procedures for a new electronic data interchange (EDI) connection to a major customer before it is implemented. B. A former purchasing assistant performs a review of internal controls over purchasing 4 months after being transferred to the internal auditing department. C. An internal auditor recommends standards of control and performance measures for a contract with a service organization for the processing of payroll and employee benefits. D. A payroll accounting employee assists an internal auditor in verifying the physical inventory of small motors.

2.3.49 The internal auditors must be able to distinguish carefully between a scope limitation and other limitations. Which of the following is not considered a scope limitation? A. The divisional management of an engagement client has indicated that the division is in the process of converting a major computer system and has indicated that the information systems portion of the planned engagement will have to be postponed until next year. B. The board reviews the engagement work schedule for the year and deletes an engagement that the chief audit executive thought was important to conduct. C. The engagement client has indicated that certain customers cannot be contacted because the organization is in the process of negotiating a long-term contract with the customers and they do not want to upset the customers. D. None of the answers are correct.

2.3.50 During the course of an engagement, an internal auditor makes a preliminary determination that a major division has been inappropriately capitalizing research and development expense. The engagement is not yet completed, and the internal auditor has not documented the problem or determined that it really is a problem. However, the internal auditor is informed that the chief audit executive has received the following communication from the president of the organization: "The controller of Division B informs me that you have discovered a questionable account classification dealing with research and development expense. We are aware of the issue. You are directed to discontinue any further investigation of this matter until informed by me to proceed. Under the confidentiality standard of your profession, I also direct you not to communicate with the outside auditors regarding this issue." Which of the following is an appropriate action for the CAE to take regarding the questionable item? A. Immediately report the communication to The IIA and ask for an ethical interpretation and guidance. B. Inform the president that this scope limitation will need to be reported to the board. C. Continue to investigate the area until all the facts are determined and document all the relevant facts in the engagement records. D. Immediately notify the external auditors of the problem to avoid aiding and abetting a potential crime by the organization.

2.3.51 Which of the following combinations best illustrates a scope limitation and the appropriate response by the CAE? Nature of Internal Limitation Audit Action C. Engagement client requests that the engagement be Report directly to the CEO and controller delayed for 2 weeks to allow it to close its books D. Engagement client will not allow internal auditor to No reporting needed because the contact major customers as part of an engagement to operational engagement concerns evaluate the efficiency of operations operational efficiency

2.3.52 An internal auditor who had been supervisor of the accounts payable section should not perform an assurance review of that section A. Because a reasonable period of time in which to establish independence cannot be determined. B. Until at least 1 year has elapsed. C. Until after the next annual review by the external auditors. D. Until it is clear that the new supervisor has assumed the responsibilities.

2.3.62 George is the new internal auditor for XYZ Corporation. George was in charge of payroll for XYZ just 10 months ago. Performing what services in regard to payroll is considered an impairment of independence or objectivity if performed by George? A. Consulting services. B. Assurance services. C. Assurance or consulting services. D. Neither assurance nor consulting services.

2.4.70 The internal audit activity collectively must possess or obtain certain competencies, including an appreciation of A. Internal audit procedures and techniques. B. Accounting principles and techniques. C. Management principles. D. Marketing techniques.

2.5.78 The consultative approach to internal auditing emphasizes A. Imposition of corrective measures. B. Participation with engagement clients to improve methods. C. Fraud investigation. D. Implementation of policies and procedures.

2.5.79 Which one of the following is responsible for determining the appropriate levels of education and experience needed for the internal audit staff? A. Human resource manager. B. Chief audit executive. C. Chief executive officer. D. Treasurer.

2.5.86 A professional engineer applied for a position in the internal audit activity of a high technology firm. The engineer became interested in the position after observing several internal auditors while they were performing an engagement in the engineering department. The chief audit executive A. Should not hire the engineer because of the lack of knowledge of internal audit standards. B. May hire the engineer despite the lack of knowledge of internal audit standards. C. Should not hire the engineer because of the lack of knowledge of accounting and taxes. D. May hire the engineer because of the knowledge of internal auditing gained in the previous position.

2.6.108 Internal auditors are responsible for continuing their education to maintain their proficiency. Which of the following is true regarding the continuing education requirements of the practicing internal auditor? A. Internal auditors are required to obtain 40 hours of continuing professional education each year and a minimum of 120 hours over a 3-year period. B. CIAs have formal requirements that must be met in order to continue as CIAs. C. Attendance, as an officer or committee member, at formal IIA meetings does not meet the criteria of continuing professional development. D. In-house programs meet continuing professional education requirements only if they have been preapproved by The IIA.

2.6.110 An internal auditor must exercise due professional care in performing engagements. Due professional care includes A. Establishing direct communication between the chief audit executive and the board. B. Evaluating established operating standards and determining whether those standards are adequate. C. Accumulating sufficient information so that the internal auditor can give absolute assurance that irregularities do not exist. D. Establishing suitable criteria of education and experience for filling internal auditing positions.

2.6.97 Due professional care implies reasonable care and competence, not infallibility or extraordinary performance. Thus, which of the following is unnecessary? A. The conduct of examinations and verifications to a reasonable extent. B. The conduct of extensive examinations. C. The reasonable assurance that compliance does exist. D. The consideration of the possibility of material irregularities.

2.6.98 An internal auditor judged an item to be immaterial when planning an assurance engagement. However, the assurance engagement may still include the item if it is subsequently determined that A. Sufficient staff is available. B. Adverse effects related to the item are likely to occur. C. Related information is reliable. D. Miscellaneous income is affected.

2.7.113 An individual became head of the internal audit activity of an organization 1 week ago. An engagement client has come to the person complaining vigorously that one of the internal auditors is taking up an excessive amount of client time on an engagement that seems to be lacking a clear purpose. In handling this conflict with a client, the person should consider A. Discounting what is said, but documenting the complaint. B. Whether existing procedures within the internal audit activity provide for proper planning and quality assurance. C. Presenting an immediate defense of the internal auditor based upon currently known facts. D. Promising the client that the internal auditor will finish the work within 1 week.

2.7.116 The internal audit activity's quality assurance and improvement program is the responsibility of A. External auditors. B. The chief audit executive. C. The board. D. The audit committee.

2.7.117 Which of the following is responsible for developing and maintaining a quality assurance and improvement program that covers all aspects of the internal audit activity and continuously monitors its effectiveness? A. Senior management. B. Chief audit executive. C. The board of directors. D. Audit committee.

2.8.122 To demonstrate conformance of the internal audit activity with the mandatory guidance of The IIA, A. The chief audit executive determines the form and content of the results communicated. B. The results of external assessments are communicated upon their completion. C. The results of periodic internal assessments are communicated at least annually. D. The results of ongoing monitoring are communicated upon their completion.

2.9.124 Ordinarily, those conducting internal quality program assessments report to A. The board. B. The chief audit executive. C. Senior management. D. The internal audit staff.

3.1.3 An internal auditor is examining inventory control in a merchandising division with annual sales of US $3,000,000 and a 40% gross profit rate. Tests show that 2% of the monetary amount of purchases do not reach inventory because of breakage and employee theft. Adding certain controls costing US $35,000 annually could reduce these losses to .5% of purchases. Should the controls be recommended? A. Yes, because the projected saving exceeds the cost of the added controls. B. No, because the cost of the added controls exceeds the projected savings. C. Yes, because the ideal system of internal control is the most extensive one. D. Yes, regardless of cost-benefit considerations, because the situation involves employee theft.

3.1.6 Internal auditors regularly evaluate controls. Which of the following best describes the concept of control as recognized by internal auditors? A. Management regularly discharges personnel who do not perform up to expectations. B. Management takes action to enhance the likelihood that established goals and objectives will be achieved. C. Control represents specific procedures that accountants and internal auditors design to ensure the correctness of processing. D. Control procedures should be designed from the "bottom up" to ensure attention to detail.

3.2.21 Which of the following operating controls relate to the organizing function? A. Formal procedures for selecting potential suppliers. B. Procedures providing for clear levels of purchase order approvals based on the value of the requisition. C. Written objectives and goals for the department. D. Timely materials reporting to buyers.

3.2.23 Which of the following is not a type of control? A. Preventive. B. Reactive. C. Detective. D. Directive.

3.2.26 Which of the following is a feedback control? A. Preventive maintenance. B. Inspection of completed goods. C. Close supervision of production-line workers. D. Measuring performance against a standard.

3.3.27 An adequate system of internal controls is most likely to detect a fraud perpetrated by a A. Group of employees in collusion. B. Single employee. C. Group of managers in collusion. D. Single manager.

3.3.28 An organization has grown rapidly and has just automated its human resource system. The organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, ethnic code, age, insurance, medical protection, and other similar information. Management has asked the internal audit activity to review the new system. The automated system contains a table of pay rates matched with the employee job classifications. The best control to ensure that the table is updated correctly for only valid pay changes is to A. Limit access to the data table to management and line supervisors who have the authority to determine pay rates. B. Require a supervisor in the department, who does not have the ability to change the table of pay rates, to compare the changes with a signed management authorization. C. Ensure that adequate edit and reasonableness checks are built into the automated system. D. Require that all pay changes be signed by the employee to verify that the change goes to a bona fide employee.

3.3.33 The manager of a production line has the authority to order and receive replacement parts for all machinery that requires periodic maintenance. The internal auditor received an anonymous tip that the manager ordered substantially more parts than were necessary from a family member in the parts supply business. The unneeded parts were never delivered. Instead, the manager processed receiving documents and charged the parts to machinery maintenance accounts. The payments for the undelivered parts were sent to the supplier, and the money was divided between the manager and the family member. Which of the following internal controls would have most likely prevented this fraud from occurring? A. Establishing predefined spending levels for all vendors during the bidding process. B. Segregating the receiving function from the authorization of parts purchases. C. Comparing the bill of lading for replacement parts to the approved purchase order. D. Using the company's inventory system to match quantities requested with quantities received.

3.3.38 Which of the following describes the most effective preventive control to ensure proper handling of cash receipt transactions? A. Have bank reconciliations prepared by an employee not involved with cash collections and then have them reviewed by a supervisor. B. One employee issues a prenumbered receipt for all cash collections; another employee reconciles the daily total of prenumbered receipts to the bank deposits. C. Use predetermined totals (hash totals) of cash receipts to control posting routines. D. The employee who receives customer mail receipts prepares the daily bank deposit, which is then deposited by another employee.

3.3.41 The internal auditor recognizes that certain limitations are inherent in any system of internal controls. Which one of the following scenarios is the result of an inherent limitation of internal control? A. The comptroller both makes and records cash deposits. B. A security guard allows one of the warehouse employees to remove assets from the premises without authorization. C. The organization sells to customers on account, without credit approval. D. An employee who is unable to read is assigned custody of the organization's computer tape library and run manuals that are used during the third shift.

3.3.46 Which of the following situations will cause an internal auditor to question the adequacy of controls over a purchasing function? A. The original and one copy of the purchase order are mailed to the vendor. The copy on which the vendor acknowledges acceptance is returned to the purchasing department. B. Receiving reports are forwarded to purchasing where they are matched with purchase orders and sent to accounts payable. C. The accounts payable section prepares documentation for payments. D. Unpaid voucher files and perpetual inventory records are independently maintained.

4.3.47 Quantitative risk management methods are most appropriate for A. Assessing personnel risks. B. Developing a risk matrix. C. The use of derivatives by the organization. D. Identifying risks from the COSO's enterprise risk management framework.

3.3.49 Which one of the following situations represents an internal control weakness in the payroll department? A. Payroll department personnel are rotated in their duties. B. Paychecks are distributed by the employees' immediate supervisor. C. Payroll records are reconciled with quarterly tax reports. D. The timekeeping function is independent of the payroll department.

3.3.56 Which one of the following situations represents an internal control weakness in accounts receivable? A. Internal auditors confirm customer accounts periodically. B. Delinquent accounts are reviewed only by the sales manager. C. The cashier is denied access to customers' records and monthly statements. D. Customers' statements are mailed monthly by the accounts receivable department.

3.3.59 Auditors document their understanding of internal control with questionnaires, flowcharts, and narrative descriptions. A questionnaire consists of a series of questions concerning controls that auditors consider necessary to prevent or detect errors and fraud. The most appropriate question designed to contribute to the auditors' understanding of the completeness of the expenditure (purchases-payables) cycle concerns the A. Internal verification of quantities, prices, and mathematical accuracy of sales invoices. B. Use and accountability of prenumbered checks. C. Disposition of cash receipts. D. Qualifications of accounting personnel.

3.3.61 Multiple copies of the purchase order are prepared for recordkeeping and distribution with a copy of the purchase order sent to the vendor and one retained by the purchasing department. In addition, for proper informational flow and internal control purposes, a version of the purchase order would be distributed to the A. Accounts payable, receiving, and stores control departments. B. Accounts payable, receiving, and inventory control departments. C. Accounts payable, accounts receivable, and receiving departments. D. Accounts payable, receiving, and production planning departments.

3.4.68 Which of the following would minimize defects in finished goods caused by poor quality raw materials? A. Documented procedures for the proper handling of work-in-process inventory. B. Required material specifications for all purchases. C. Timely follow-up on all unfavorable usage variances. D. Determination of the amount of spoilage at the end of the manufacturing process.

3.4.72 Obsolete or scrap materials are charged to a predefined project number. The materials are segregated into specified bin locations and eventually transported to a public auction for sale. To reduce the risks associated with this process, an organization should employ which of the following procedures? I. Require managerial approval for materials to be declared scrap or obsolete. II. Permit employees to purchase obsolete or scrap materials prior to auction. III. Limit obsolete or scrap materials sales to a pre-approved buyer. IV. Specify that a fixed fee, rather than a commission, be paid to the auction firm. A. II and III. B. I only. C. II and IV. D. I, III, and IV.

3.4.74 The most appropriate method to prevent fraud or theft during the frequent movement of trailers loaded with valuable metal scrap from the manufacturing plant to the organization's scrap yard about 10 miles away would be to A. Perform complete physical inventory of the scrap trailers before leaving the plant and upon arrival at the scrap yard. B. Require existing security guards to log the time of plant departure and scrap yard arrival. The elapsed time should be reviewed by a supervisor for fraud. C. Use armed guards to escort the movement of the trailers from the plant to the scrap yard. D. Contract with an independent hauler for the removal of scrap.

3.4.91 A system of internal control includes physical controls over access to and use of assets and records. A departure from the purpose of such procedures is that A. Access to the safe-deposit box requires two officers. B. Only storeroom personnel and line supervisors have access to the raw materials storeroom. C. The mailroom compiles a list of the checks received in the incoming mail. D. Only salespersons and sales supervisors use sales department vehicles.

3.4.94 Which of the following aspects of the administration of a compensation program is the most important control in the long run? A. An informal wage and salary policy to be competitive with the industry average. B. A plan of job classifications based on predefined evaluation criteria. C. A wage and salary review plan for individual employee compensation. D. A level of general compensation that is reasonably competitive.

3.4.96 One control objective of the financing/treasury cycle is the proper authorization of transactions involving debt and equity instruments. Which of the following controls would best meet this objective? A. Segregation of responsibility for custody of funds from recording of the transaction. B. Written policies requiring review of major funding/repayment proposals by the board. C. Use of an underwriter in all cases of new issue of debt or equity instruments. D. Requiring two signatures on all checks of a material amount.

3.4.98 A manufacturer uses large quantities of small, inexpensive items, such as nuts, bolts, washers, and gloves, in the production process. As these goods are purchased, they are recorded in inventory in bulk amounts. Bins are located on the shop floor to provide timely access to these items. When necessary, the bins are refilled from inventory, and the cost of the items is charged to a consumable supplies account, which is part of shop overhead. Which of the following would be an appropriate improvement of controls in this environment? A. Relocate bins to the inventory warehouse. B. Require management review of reports on the cost of consumable items used in relation to budget. C. Lock the bins during normal working hours. D. None of these controls are needed for items of minor cost and size.

4.1.15 Which of the following are elements included in the control environment described in the COSO internal control framework? A. Organizational structure, management philosophy, and planning. B. Integrity and ethical values, assignment of authority, and human resource policies. C. Competence of personnel, backup facilities, laws, and regulations. D. Risk assessment, assignment of responsibility, and human resource practices.

4.2.22 Which of the following control models is fully incorporated into the broader integrated framework of enterprise risk management (ERM)? A. CoCo. B. COSO. C. Electronic Systems Assurance and Control. D. COBIT.

4.2.27 Which risk response reflects a change from acceptance to sharing? A. An insurance policy on a manufacturing plant was not renewed. B. Management purchased insurance on previously uninsured property. C. Management sold a manufacturing plant. D. After employees stole numerous inventory items, management implemented mandatory background checks on all employees.

4.2.30 Which of the following members of an organization has ultimate ownership responsibility of the enterprise risk management, provides leadership and direction to senior managers, and monitors the entity's overall risk activities in relation to its risk appetite? A. Chief risk officer. B. Chief executive officer. C. Internal auditors. D. Chief financial officer.

4.3.31 When assessing the risk associated with an activity, an internal auditor should A. Determine how the risk should best be managed. B. Provide assurance on the management of the risk. C. Update the risk management process based on risk exposures. D. Design controls to mitigate the identified risks.

4.3.38 Which of the following activities is outside the scope of internal auditing? A. Evaluating risk exposures regarding compliance with policies, procedures, and contracts. B. Safeguarding of assets. C. Evaluating risk exposures regarding compliance with laws and regulations. D. Ascertaining the extent to which management has established criteria to determine whether objectives have been accomplished.

4.3.39 In the risk management process, management's view of the internal audit activity's role is likely to be determined by all of the following factors except A. Organizational culture. B. Preferences of the independent auditor. C. Ability of the internal audit staff. D. Local conditions and customs of the country.

4.3.40 Which of the following threatens the independence of an internal auditor who had participated in the initial establishment of a risk management process? A. Developing assessments and reports on the risk management process. B. Managing the identified risks. C. Evaluating the adequacy and effectiveness of management's risk processes. D. Recommending controls to address the risks identified.

4.3.45 The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. With respect to evaluating the adequacy of risk management processes, internal auditors most likely should A. Recognize that organizations should use similar techniques for managing risk. B. Determine that the key objectives of risk management processes are being met. C. Determine the level of risks acceptable to the organization. D. Treat the evaluation of risk management processes in the same manner as the risk analysis used to plan engagements.

4.4.50 Which of the following wrongful acts committed by an employee constitutes fraud? A. Libel. B. Embezzlement. C. Assault. D. Harassment.

4.4.60 The internal auditors' responsibility regarding fraud includes all of the following except A. Determining whether the control environment sets the appropriate tone at top. B. Ensuring that fraud will not occur. C. Being aware of activities in which fraud is likely to occur. D. Evaluating the effectiveness of control activities.

4.5.72 Which of the following policies is most likely to result in an environment conducive to the occurrence of fraud? A. Budget preparation input by the employees who are responsible for meeting the budget. B. Unreasonable sales and production goals. C. The division's hiring process frequently results in the rejection of adequately trained applicants. D. The application of some accounting controls on a sample basis.

4.5.81 Randy and John had known each other for many years. They had become best friends in college, where they both majored in accounting. After graduation, Randy took over the family business from his father. His family had been in the grocery business for several generations. When John had difficulty finding a job, Randy offered him a job in the family store. John proved to be a very capable employee. As John demonstrated his abilities, Randy began delegating more and more responsibility to him. After a period of time, John was doing all of the general accounting and authorization functions for checks, cash, inventories, documents, records, and bank reconciliations. (1) John was trusted completely and handled all financial functions. No one checked his work. Randy decided to expand the business and opened several new stores. (2) Randy was always handling the most urgent problem . . . "crisis management" is what his college professors had termed it. John assisted with the problems when his other duties allowed him time. Although successful at work, John had (3) difficulties with personal financial problems. At first, the amounts stolen by John were small. John didn't even worry about making the accounts balance. But John became greedy. "How easy it is to take the money," he said. He felt that he was a critical member of the business team (4) and that he contributed much more to the success of the company than was represented by his salary. "It would take two or three people to replace me," he often thought to himself. As the amounts became larger and larger, (5) he made the books balance. Because of these activities, John was able to purchase an expensive car and take his family on several trips each year. (6) He also joined an expensive country club. Things were changing at home, however. (7) John's family observed that he was often argumentative and at other times very depressed. The fraud continued for 6 years. Each year, the business performed more and more poorly. In the last year, the stores had a substantial net loss. Randy's bank required an audit. John confessed when he thought the auditors had discovered his embezzlements. When discussing frauds, the pressures, opportunities, and rationalizations that cause/allow a perpetrator to commit the fraud are often identified. Symptoms of fraud are also studied. Number 6, "He also joined an expensive country club," is an example of a A. Rationalization. B. Lifestyle symptom. C. Behavioral symptom. D. Physical symptom.

4.5.83 When comparing perpetrators who have embezzled an organization's funds with perpetrators of financial statement fraud (falsified financial statements), those who have falsified financial statements are less likely to A. Have experienced an autocratic management style. B. Be living beyond their obvious means of support. C. Rationalize the fraudulent behavior. D. Use organizational expectations as justification for the act.

4.5.91 An unexpected decrease in which of the following ratios could indicate that fictitious inventory has been recorded? A. Average collection period. B. Total asset turnover. C. Price-earnings. D. Current.

4.5.96 Which of the following is most likely to be considered an indication of possible fraud? A. The replacement of the management team after a hostile takeover. B. Rapid turnover of the organization's financial executives. C. Rapid expansion into new markets. D. A government audit of the organization's tax returns.

5.2.10 In preparing a sampling plan for an inventory pricing test, which of the following describes an advantage of statistical sampling over nonstatistical sampling? A. Requires nonquantitative expression of sample results. B. Provides a quantitative measure of sampling risk. C. Minimizes nonsampling risk. D. Reduces the level of tolerable error.

5.2.14 To project the frequency of shipments to wrong addresses, an internal auditor chose a random sample from the busiest month of each of the four quarters of the most recent year. What underlying concept of statistical sampling did the auditor violate? A. Attempting to project a rate of occurrence rather than an error rate. B. Failing to give each item in the population an equal chance of selection. C. Failing to adequately describe the population. D. Using multistage sampling in conjunction with attributes.

5.2.16 Using random numbers to select a sample A. Is required for a variables sampling plan. B. Is likely to result in an unbiased sample. C. Results in a representative sample. D. Allows auditors to use smaller samples.

5.2.17 Which one of the following statements about sampling is true? A. A larger sample is always more representative of the underlying population than a smaller sample. B. For very large populations, the absolute size of the sample has more impact on the precision of its results than does its size relative to its population. C. For a given sample size, a simple random sample always produces the most representative sample. D. The limitations of an incomplete sample frame can almost always be overcome by careful sampling techniques.

5.3.22 In evaluating an attribute sample, the range within which the estimate of the population characteristic is expected to fall is called A. Confidence level. B. Precision. C. Upper error limit. D. Expected error rate.

5.3.25 An internal auditor is planning to use attribute sampling to test the effectiveness of a specific internal control related to approvals for cash disbursements. In attribute sampling, decreasing the estimated occurrence rate from 5% to 4% while keeping all other sample size planning factors exactly the same would result in a revised sample size that would be A. Larger. B. Smaller. C. Unchanged. D. Indeterminate.

5.3.26 If all other sample size planning factors were exactly the same in attribute sampling, changing the confidence level from 95% to 90% and changing the desired precision from 2% to 5% would result in a revised sample size that would be A. Larger. B. Smaller. C. Unchanged. D. Indeterminate.

5.3.27 If all other factors specified in an attribute sampling plan remain constant, decreasing the confidence level from 95% to 90% would cause the required sample size to A. Increase. B. Decrease. C. Change by 5%. D. Remain the same.

5.3.33 An auditor applying a discovery-sampling plan with a 5% risk of overreliance may conclude that there is A. A 95% probability that the actual rate of occurrence in the population is less than the critical rate if only one exception is found. B. A 95% probability that the actual rate of occurrence in the population is less than the critical rate if no exceptions are found. C. A 95% probability that the actual rate of occurrence in the population is less than the critical rate if the occurrence rate in the sample is less than the critical rate. D. Greater than a 95% probability that the actual rate of occurrence in the population is less than the critical rate if no exceptions are found.

5.3.34 How does stop-or-go attribute sampling differ from fixed-sample-size attribute sampling? A. Nonsampling error is smaller. B. Total expected sample size will always be smaller. C. Desired reliability does not have to be specified in advance. D. It cannot be used to determine the assessed level of control risk.

5.3.35 What is the chief advantage of stop-or-go sampling? A. The error rate in the population can be projected to within certain precision limits. B. Stop-or-go sampling may reduce the size of the sample that needs to be taken from a population, thus reducing sampling costs. C. Stop-or-go sampling allows sampling analysis to be performed on populations that are not homogeneous. D. Stop-or-go sampling allows the sampler to increase the confidence limits of the analysis without sacrificing precision.

5.4.37 In selecting a sample of items for variables testing, an auditor must consider the desired precision, the standard deviation, and the A. Recorded monetary amount of the population. B. Acceptable risk level. C. Expected occurrence rate. D. Sampling interval.

5.4.38 If all other factors in a sampling plan are held constant, changing the measure of tolerable misstatement to a smaller value will cause the sample size to be A. Smaller. B. Larger. C. Unchanged. D. Indeterminate.

5.4.39 Using mean-per-unit sampling to estimate the value of inventory, an internal auditor had the following results: The recorded value of inventory was US $3,075,000. Which of the following changes will result in a narrower confidence interval? A. An increase in the confidence level from 95% to 99%. B. A decrease in the confidence level from 95% to 90%. C. A decrease in the allowable risk of incorrect rejection. D. An increase in the precision.

5.4.41 An auditor is using the mean-per-unit method of variables sampling to estimate the correct total value of a group of inventory items. Based on the sample, the auditor estimates, with precision of ±4% and confidence of 90%, that the correct total is US $800,000. Accordingly, A. There is a 4% chance that the actual correct total is less than US $720,000 or more than US $880,000. B. The chance that the actual correct total is less than US $768,000 or more than US $832,000 is 10%. C. The probability that the inventory is not significantly overstated is between 6% and 14%. D. The inventory is not likely to be overstated by more than 4.4% (US $35,200) or understated by more than 3.6% (US $28,800).

5.4.47 Which of the following techniques could be used to estimate the standard deviation for a sampling plan? A. Difference estimation. B. Pilot sample. C. Regression. D. Discovery sampling.

5.4.51 Which of the following factors would most likely preclude the auditor from using monetary-unit sampling? A. The auditor expects to find a limited number of understatements of individual account balances. B. The auditor expects to find that a large percentage of items sampled have misstatements. C. Individual accounts are not assigned a number, but are listed only alphabetically. D. The auditor expects to find more errors in the larger dollar value items than in the smaller dollar value items.

6.5.49 Which of the following activities represents the greatest risk to a post-merger manufacturing organization and is therefore most likely to be the subject of an internal audit engagement? A. Combining imprest funds. B. Combining purchasing functions. C. Combining legal functions. D. Combining marketing functions.

5.4.54 In which of the following situations will monetary-unit sampling be more effective and efficient than ratio estimation? A. The population contains a large number of differences between the recorded amount and the actual amount. B. The population is expected to contain few differences between the recorded amount and the actual amount. C. The population has a high degree of variability in monetary amount. D. The population has a low degree of variability in monetary amount.

5.5.56 An auditor is designing a sampling plan to test the accuracy of daily production reports over the past 3 years. All of the reports contain the same information except that Friday reports also contain weekly totals and are prepared by managers rather than by supervisors. Production normally peaks near the end of a month. If the auditor wants to select two reports per month using an interval sampling plan, which of the following techniques reduces the likelihood of bias in the sample? A. Estimating the error rate in the population. B. Using multiple random starts. C. Increasing the confidence level. D. Increasing the precision.

5.5.57 Systematic selection can be expected to produce a representative sample when A. Random number tables are used to determine the items included in the sample. B. The population is arranged randomly with respect to the audit objective. C. The sample is determined using multiple random starts and includes more items than required. D. Judgmental sampling is used by the auditor to offset any sampling bias.

5.5.63 The auditor wishes to sample the perpetual inventory records to develop an estimate of the monetary amount of misstatement, if any, in the account balance. The account balance is made up of a large number of small-value items and a small number of large-value items. The auditor has decided to audit all items over US $50,000 plus a random selection of others. This audit decision is made because the auditor expects to find a large amount of errors in the perpetual inventory records but is not sure that it will be enough to justify taking a complete physical inventory. The auditor expects the errors to vary directly with the value recorded in the perpetual records. The most efficient sampling procedure to accomplish the auditor's objectives is A. Monetary-unit sampling. B. Ratio estimation. C. Attribute sampling. D. Stratified mean-per-unit sampling.

5.5.65 The appropriate sampling plan to use to identify at least one irregularity, assuming some number of such irregularities exist in a population, and then to discontinue sampling when one irregularity is observed is A. Stop-or-go sampling. B. Discovery sampling. C. Variables sampling. D. Attribute sampling.

5.5.69 When an internal auditor's sampling objective is to obtain a measurable assurance that a sample will contain at least one occurrence of a specific critical exception existing in a population, the sampling approach to use is A. Random. B. Discovery. C. Probability-proportional-to-size. D. Variables.

5.5.72 Management is legally required to prepare a shipping document for all movement of hazardous materials. The document must be filed with bills of lading. Management expects 100% compliance with the procedure. Which of the following sampling approaches is most appropriate? A. Attribute sampling. B. Discovery sampling. C. Targeted sampling. D. Variables sampling.

5.6.80 The statistical quality control department prepares a control chart showing the percentages of defective production. Simple statistical calculations provide control limits that indicate whether assignable causes of variation are explainable on chance grounds. The chart is particularly valuable in determining whether the quality of materials received from outside vendors is consistent from month to month. What is the best term for this chart? A. C chart. B. P chart. C. R chart. D. X-bar chart.

5.6.81 A health insurer uses a computer application to monitor physician bill amounts for various surgical procedures. This program allows the organization to better control reimbursement rates. The X-bar chart below is an example of the output from this application. (Refer to Figure CIA2_7_59.) Select the interpretation that best explains the data plotted on the chart. A. Random variation. B. Abnormal variation. C. Normal variation. D. Cyclic variation.

6.1.11 In advance of a preliminary survey, a chief audit executive sends a memorandum and questionnaire to the supervisors of the department to be evaluated. What is the most likely result of that procedure? A. It creates apprehension about the engagement. B. It involves the engagement client's supervisory personnel in the engagement. C. It is an uneconomical approach to obtaining information. D. It is only useful for engagements of distant locations.

6.2.23 As part of a payroll engagement, an internal auditor used an internal control questionnaire. Positive responses were given to each of the following questions by the payroll department manager: 1 Is authorization by the personnel department required to make additions to the payroll and to change pay rates? 2 Are check totals reconciled to payroll register data before checks are distributed to employees? 3 Are the functions of preparing the payroll and distributing paychecks performed by different persons? In which phase of the engagement will the internal auditor confirm these responses? A. Planning. B. Identifying, analyzing, evaluating, and recording. C. The survey. D. Preliminary preparation.

6.3.24 When conducting interviews during the early stages of an internal auditing engagement, it is more effective to A. Ask for specific answers that can be quantified. B. Ask people about their jobs. C. Ask surprise questions about daily procedures. D. Take advantage of the fact that fear is an important part of the engagement.

6.3.28 Tolerating silence, asking open-ended questions, and paraphrasing are three aids to more effective A. Meetings. B. Listening. C. Interviews. D. Feedback.

6.3.33 When evaluating communication, the internal auditor should be aware that nonverbal communication A. Is independent of a person's cultural background. B. Is often imprecise. C. Always conveys a more truthful response than verbal communication. D. Always conveys less information than verbal communication.

6.6.51 When an auditor performs tests on a computerized inventory file containing over 20,000 line items, that auditor can maintain independence and perform most efficiently by A. Asking the console operator to print every item that costs more than US $100. B. Using a generalized audit software package. C. Obtaining a printout of the entire file and then selecting each nth item. D. Using the systems department's programmer to write an extraction program.

6.3.34 Internal auditors should be active listeners to gain the most information in an internal audit interview. Which of the following best describes how an active listener behaves in an interview? The listener A. Judges and evaluates the information as it is presented. B. Listens with acceptance, empathy, and intensity. C. Avoids looking directly at the speaker and interrupting his or her train of thought. D. Formulates arguments and conclusions as pieces of the speaker's information fit together.

6.4.36 An internal auditing team has been assigned to review "the customer satisfaction measurement system" that the Industrial Products Division implemented 2 years ago. This system consists of an annual mail survey conducted by the division's customer service office. A survey is sent to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. The survey is three pages long, and its 30 questions use a mixture of response modes (e.g., some questions are open-ended, some are multiple-choice, and others use a response scale). The customer service office mails the survey in September and tabulates the results for questionnaires returned by October 15. Only one mailing is sent. If the customer does not return the questionnaire, no follow-up is conducted. When the survey was last conducted, 45 of the questionnaires were not returned. Nonresponse bias is often a concern in conducting mail surveys. The main reason that nonresponse bias can cause difficulties in a sample such as the one taken by the customer service office is that A. The sample means and standard errors are harder to compute. B. Those who did not respond may be systematically different from those who did. C. The questionnaire is too short. D. Confidence intervals are narrower.

6.4.38 An internal auditing team has been assigned to review "the customer satisfaction measurement system" that the Industrial Products Division implemented 2 years ago. This system consists of an annual mail survey conducted by the division's customer service office. A survey is sent to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. The survey is three pages long, and its 30 questions use a mixture of response modes (e.g., some questions are open-ended, some are multiple-choice, and others use a response scale). The customer service office mails the survey in September and tabulates the results for questionnaires returned by October 15. Only one mailing is sent. If the customer does not return the questionnaire, no follow-up is conducted. When the survey was last conducted, 45 of the questionnaires were not returned. Many questionnaires are made up of a series of different questions that use the same response categories (e.g., strongly agree, agree, neither, disagree, strongly disagree). Some designs will have different groups of respondents answer alternative versions of the questionnaire that present the questions in different orders and reverse the orientation of the endpoints of the scale (e.g., agree on the right and disagree on the left or vice versa. The purpose of such questionnaire variations is to A. Eliminate intentional misrepresentations. B. Reduce the effects of pattern response tendencies. C. Test whether respondents are reading the questionnaire. D. Make it possible to get information about more than one population parameter using the same questions.

6.4.39 An internal auditing team has been assigned to review "the customer satisfaction measurement system" that the Industrial Products Division implemented 2 years ago. This system consists of an annual mail survey conducted by the division's customer service office. A survey is sent to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. The survey is three pages long, and its 30 questions use a mixture of response modes (e.g., some questions are open-ended, some are multiple-choice, and others use a response scale). The customer service office mails the survey in September and tabulates the results for questionnaires returned by October 15. Only one mailing is sent. If the customer does not return the questionnaire, no follow-up is conducted. When the survey was last conducted, 45 of the questionnaires were not returned. Several of the internal auditing team members are concerned about the low response rate, the poor quality of the questionnaire design, and the potentially biased wording of some of the questions. They suggest that the customer service office might want to supplement the survey with some unobtrusive data collection such as observing customer interactions in the office or collecting audiotapes of phone conversations with customers. Which of the following is not a potential advantage of unobtrusive data collection compared to surveys or interviews? A. Interactions with customers can be observed as they occur in their natural setting. B. It is easier to make precise measurements of the variables under study. C. Unexpected or unusual events are more likely to be observed. D. People are less likely to alter their behavior because they are being studied.

6.4.41 Which of the following procedures is the least effective in gathering information about the nature of the processing and potential problems? A. Interview supervisors in the claims department to find out more about the procedures used, and the rationale for the procedures, and obtain their observations about the nature and efficiency of processing. B. Send an email message to all clerical personnel detailing the alleged problems and request them to respond. C. Interview selected clerical employees in the claims department to find out more about the procedures used, and the rationale for the procedures, and obtain their observations about the nature and efficiency of processing. D. Distribute a questionnaire to gain a greater understanding of the responsibilities for claims processing and the control procedures utilized.

6.5.47 Levels of production stoppages over the past year at a large laminating business were abnormally high due to machine malfunctions. Would it be appropriate for the internal auditing function to develop a survey examining attitudes toward line operations, rotation of work zones, training, maintenance schedule, etc., for the machine operators to complete? A. Yes, the survey is reliable without corroboration. B. Yes, the examined areas are relevant to the malfunctions. C. No, the examined areas are irrelevant to the malfunctions. D. No, the survey is inappropriate without corroboration.

6.5.48 In planning an engagement, the internal auditor establishes objectives to address the risk associated with the activity. Risk is the A. Possibility that the balance or class of transactions and related assertions contains misstatements that could be material to the financial statements. B. Uncertainty of the occurrence of an event that could affect the achievement of objectives. C. Failure to adhere to organizational policies, plans, and procedures or to comply with relevant laws and regulations. D. Failure to accomplish established objectives and goals for operations or programs.

6.6.52 Which of the following cannot be performed by an auditor using generalized audit software (GAS)? A. Identifying missing check numbers. B. Correcting erroneous data elements, making them suitable for audit testwork. C. Matching identical product information in separate data files. D. Aging accounts receivable.

6.6.53 Which of the following is not true about audit use of the Internet? A. It is a useful research tool for gathering audit-related information. B. It provides a secure medium to transmit confidential information. C. Electronic communication is the major use of the Internet by internal auditors. D. An electronic record of a user's web browsing activities is created.

6.6.58 What computer-assisted audit technique (CAAT) would an auditor use to identify a fictitious or terminated employee? A. Parallel simulation of payroll calculations. B. Exception testing for payroll deductions. C. Recalculations of net pay. D. Tagging and tracing of payroll tax-rate changes.

6.6.59 An organization provides credit cards to selected employees for business use. The credit card company provides a computer file of all transactions by employees of the organization. An auditor plans to use generalized audit software (GAS) to select relevant transactions for testing. Which of the following would not be readily identified using GAS? A. High-monetary-amount transactions. B. Fraudulent transactions. C. Transactions for specific cardholders. D. Suppliers used by each cardholder.

6.6.60 Insurers may receive hospitalization claims directly from hospitals by computer media; no paper is transmitted from the hospital to the insurer. Which of the following controls is most effective in detecting fraud in such an environment? A. Use integrated test facilities to test the correctness of processing in a manner that is transparent to data processing. B. Develop monitoring programs to identify unusual types of claims or an unusual number of claims by demographic classes for investigation by the claims department. C. Use generalized audit software to match the claimant identification number with a master list of valid policyholders. D. Develop batch controls over all items received from a particular hospital and process those claims in batches.

6.7.62 Accounts payable schedule verification may include the use of analytical information. Which of the following is analytical information? A. Comparing the schedule with the accounts payable ledger or unpaid voucher file. B. Comparing the balance on the schedule with the balances of prior years. C. Comparing confirmations received from selected creditors with the accounts payable ledger. D. Examining vendors' invoices in support of selected items on the schedule.

6.8.72 The legislative auditing bureau of a country is required to perform compliance engagements involving organizations that are issued defense contracts on a cost-plus basis. Contracts are clearly written to define acceptable costs, including developmental research cost and appropriate overhead rates. During the past year, the government has engaged in extensive outsourcing of its activities. The outsourcing included contracts to run cafeterias, provide janitorial services, manage computer operations and systems development, and provide engineering of construction projects. The contracts were modeled after those used for years in the defense industry. The legislative internal auditors are being called upon to expand their efforts to include compliance engagements involving these contracts. Upon initial investigation of these outsourced areas, the internal auditor found many areas in which the outsourced management has apparently expanded its authority and responsibility. For example, the contractor that manages computer operations has developed a highly sophisticated security program that may represent the most advanced information security in the industry. The internal auditor reviews the contract and sees reference only to providing appropriate levels of computing security. The internal auditor suspects that the governmental agency may be incurring developmental costs that the outsourcer may use for competitive advantage in marketing services to other organizations. Assuming that a high degree of security is needed, which of the following potential sources of information will also be relevant to the internal auditor's assessment of whether the governmental unit is being charged for computer security that exceeds the entity's needs? I. Comparison of the security system with best practices implemented for similar systems II. Comparison of the security system with recent publications on state-of-the-art systems III. Tests of the functionality of the security system A. II only. B. I and II only. C. III only. D. I, II, and III.

6.8.74 What is the first phase in the benchmarking process? A. Organize benchmarking teams. B. Select and prioritize benchmarking projects. C. Researching and identifying best-in-class performance. D. Data analysis.

6.8.76 The phase of the benchmarking process in which the team must be able to justify its recommendations is the A. Prioritize benchmarking projects phase. B. Implementation phase. C. Data analysis phase. D. Researching and identifying best in class performance phase.

6.9.81 A small city managed its own pension fund. According to the city charter, investments could be made only in bonds, money market funds, or high-quality stocks. The internal auditor has already verified the existence of the pension fund's assets. The fund balance was not very large and was managed by the city treasurer. The internal auditor decided to estimate income from investments of the fund by multiplying the average fund balance by a weighted-average rate based on the current portfolio mix. Upon doing so, the internal auditor found that recorded return was substantially less than was expected. The internal auditor's next procedure should be to A. Inquire of the treasurer as to the reason that income appears to be less than expected. B. Prepare a more detailed estimate of income by consulting a dividend and reporting service that lists the interest or dividends paid on specific stocks and bonds. C. Inform management and the board that fraud is suspected and suggest that legal counsel be called in to complete the investigation. D. Select a sample of entries to the pension fund income account and trace to the cash journal to determine if cash was received.

7.3.27 XYZ Bank Reconciliation Legend: June 30, Year 1 (a Confirmed with bank -- see (Amounts in currency units) confirmation on W/P A-4. Balance per bank (a 16,482.97 (B Verified by tracing to July 15 Deposits in transit (B cutoff statement; traced to cash 6/29 2,561.14 receipts journal. 6/30 1,572.28 4,133.42 (C Okay. (D Examined supporting Subtotal 20,616.39 documentation and traced to final Outstanding checks disposition. (C (e) Footed total and compared with 248 842.11 balance in general ledger. 952 2,000.00 968 571.00 969 459.82 970 714.25 4,587.18 Subtotal 16,029.21 Bank service charge 12.50 NSF check returned 350.00 (D Error on check #954 (14.00) Balance per books (e) To T/B 16,377.71 This working paper will be considered deficient if which other relevant engagement working paper is not cross-referenced and included in the cash section of the working-paper file? A. Petty cash count. B. Confirmation of cash balance with bank. C. Copies of deposit slips for deposits in transit. D. Engagement client representation that the cash balance per books was accurate.

5.3.28 In an attribute sampling application, holding other factors constant, sample size will increase as which of the following becomes smaller? A. Confidence coefficient. B. Population. C. Planned precision. D. Expected rate of occurrence.

6.9.83 An internal auditor was evaluating the effectiveness and efficiency of the operation of the motor pool. The engagement work program included the use of analytical procedures to observe the trend of expenses for major overhauls of heavy-wheeled vehicles. This trend showed a substantial increase in the last year of the ratios of monetary amounts spent in relation to (1) the number of vehicles being used, (2) the mileage of the vehicles, (3) the age of the equipment, and (4) environmental conditions. The auditor's investigation indicated that two new maintenance firms were being used. The expenditure packages from the maintenance work were complete; however, the billings for the work had an unusual regularity. The identification of the vehicles being serviced did not correspond to the vehicle maintenance reports. Possible engagement procedures include 1 Discussing the matter with the superintendent of maintenance and asking for an explanation 2 Preparing a schedule of the types of maintenance being performed and comparing it with manufacturers' maintenance guides 3 Analyzing vehicles' trip tickets to determine if they contain indications of problems needing attention 4 Reviewing deadline reports to determine that vehicles were not in service on the dates of maintenance work 5 Reviewing dispatch schedules to determine whether vehicles were dispatched for use on days the maintenance work was reported as performed 6 Discussing the matter with plant security Which of the above actions should have the highest priority? A. 1, 6, and 4. B. 4, 5, and 6. C. 6, 5, and 1. D. 2, 3, and 4.

6.9.87 An internal auditor's preliminary analysis of accounts receivable turnover revealed the following rates: Year 1 Year 2 Year 3 7.3 6.2 4.3 Which of the following is the most likely cause of the decrease in accounts receivable turnover? A. Increase in the cash discount offered. B. Liberalization of credit policy. C. Shortening of due date terms. D. Increased cash sales.

6.9.88 A company's accounts receivable turnover rate decreased from 7.3 to 4.3 over the last 3 years. What is the most likely cause for the decrease? A. An increase in the discount offered for early payment. B. A more liberal credit policy. C. A change in net payment due from 30 to 25 days. D. Increased cash sales.

6.9.92 A medium-sized municipality provides 8.5 billion gallons of water per year for 31,000 customers. The water meters are replaced at least every 5 years to ensure accurate billing. The water department tracks unmetered water to identify water consumption that is not being billed. The department recently issued the following water activity report: Based on the activity reported for the unmetered water, an internal auditor would conclude that A. Established operating standards are understood and are being met. B. Further audit investigation of unmetered water is not warranted. C. Deviations from the goal were probably not corrected. D. The operating standard should be changed.

7.10.94 The most conclusive information to support supplier account balances is obtained by A. Reviewing the vendor statements obtained from the accounts payable clerk. B. Obtaining confirmations of balances from the suppliers. C. Performing analytical account analysis. D. Interviewing the accounts payable manager to determine the internal controls maintained over accounts payable processing.

7.11.103 The internal auditor wants to understand the actual flow of data regarding cash processing. The most convincing information is obtained by A. Reviewing the systems flowchart. B. Performing a walk-through of the processing and obtaining copies of all documents used. C. Reviewing the programming flowchart for information about control procedures placed into the computer programs. D. Interviewing the treasurer.

7.11.98 Documents provide information with differing degrees of persuasiveness. If the engagement objective is to obtain information that payment has actually been made for a specific invoice from a vendor, which of the following documents ordinarily is the most persuasive? A. An entry in the engagement client's cash disbursements journal supported by a voucher package containing the vendor's invoice. B. A canceled check, made out to the vendor and referenced to the invoice, included in a cutoff bank statement that the internal auditor received directly from the bank. C. An accounts payable subsidiary ledger that shows payment of the invoice. D. A vendor's original invoice stamped "PAID" and referenced to a check number.

7.2.13 An internal auditor's working papers should be reviewed by the A. Management of the engagement client. B. Management of the internal audit activity. C. Audit committee of the board. D. Management of the organization's security division.

7.2.4 An internal auditor's working papers should support the observations, conclusions, and recommendations to be communicated. One of the purposes of this requirement is to A. Provide support for the internal audit activity's financial budget. B. Facilitate quality assurance reviews. C. Provide control over working papers. D. Permit the audit committee to review observations, conclusions, and recommendations.

7.3.17 Productivity statistics are provided quarterly to the board of directors. An internal auditor checked the ratios and other statistics in the four most recent reports. The internal auditor used scratch paper and copies of the reports to verify the accuracy of computations and compared the data used in the computations with supporting documents. The internal auditor wrote a note for the working papers describing these procedures and then discarded the scratch paper and report copies. The note stated, The ratios and other statistics in the quarterly reports to the board were checked for the last 4 quarters and appropriate supporting documents were examined. All amounts appear to be appropriate. In this situation, A. Four quarters do not provide a large enough sample on which to base a conclusion. B. The internal auditor's working papers are not sufficient to facilitate an efficient review of the internal auditor's work. C. The internal auditor should have included the scratch paper in the working papers. D. The internal auditor did not consider whether the information in the report to the board was compiled efficiently.

7.3.28 XYZ Bank Reconciliation Legend: June 30, Year 1 (a Confirmed with bank -- see (Amounts in currency units) confirmation on W/P A-4. Balance per bank (a 16,482.97 (B Verified by tracing to July 15 Deposits in transit (B cutoff statement; traced to cash 6/29 2,561.14 receipts journal. 6/30 1,572.28 4,133.42 (C Okay. (D Examined supporting Subtotal 20,616.39 documentation and traced to final Outstanding checks disposition. (C (e) Footed total and compared with 248 842.11 balance in general ledger. 952 2,000.00 968 571.00 969 459.82 970 714.25 4,587.18 Subtotal 16,029.21 Bank service charge 12.50 NSF check returned 350.00 (D Error on check #954 (14.00) Balance per books (e) To T/B 16,377.71 A deficiency in this working paper is that A. A standardized cash reconciliation working paper was not used. B. All verification symbols were not properly explained. C. Analytical review procedures were not performed. D. Cross-referencing of working papers was not accomplished.

7.4.32 Working papers contain a record of engagement work performed and much confidential information. They are the property of the internal audit activity, which is responsible for their security. Which of the following is the most important control requirement for working papers? A. Allow access to working papers only to internal audit activity personnel. B. Provide for the protection of working papers at all times and to the extent appropriate. C. Make the administrative section of the internal audit activity responsible for the security of working papers. D. Purge working papers periodically of materials that are considered confidential.

7.4.34 A fire destroyed a large portion of an organization's inventory. Management is filing an insurance claim and needs to use the internal auditors' working papers in preparing the claim. Management A. May not use the working papers in preparing the claim. B. May use the working papers in preparing the claim, but such use should be approved by the chief audit executive. C. Should be precluded from preparing the claim, and this function should be performed by the internal audit activity. D. May use the working papers in preparing the claim, but such use should be approved by the organization's external auditors.

7.5.37 Which of the following states an inappropriate policy relating to the retention of engagement working papers? A. Working papers should be disposed of when they have no further use. B. Working papers prepared for fraud investigators should be retained indefinitely. C. Working-paper retention schedules should be approved by legal counsel. D. Working-paper retention schedules should consider legal and contractual requirements.

7.6.44 An internal auditor develops a flowchart primarily to A. Detect errors and irregularities. B. Analyze a system and identify internal controls. C. Determine functional responsibilities. D. Reduce the need for interviewing auditee personnel.

7.6.51 (Refer to Figure CIA2_08_14.) This figure could be expanded to show the A. Edit checks used in preparing purchase orders from stock records. B. Details of the preparation of purchase orders. C. Physical media used for stock records, the vendor file, and purchase orders. D. Workstations required in a distributed system for preparing purchase orders.

7.6.52 An internal auditor reviews and adapts a systems flowchart to understand the flow of information in the processing of cash receipts. Which of the following statements is true regarding the use of such flowcharts? The flowcharts A. Show specific control procedures used, such as edit tests that are implemented and batch control reconciliations. B. Are a good guide to potential segregation of duties. C. Are generally kept up to date for systems changes. D. Show only computer processing, not manual processing.

7.6.55 Which of the following is a true statement comparing a horizontal flowchart with a vertical flowchart? A. A horizontal flowchart provides more room for written descriptions that parallel the symbols. B. A horizontal flowchart brings into sharper focus the assignment of duties and independent checks on performance. C. A horizontal flowchart is usually longer. D. A horizontal flowchart does not provide as broad a picture at a glance.

7.7.64 While performing an engagement relating to an organization's cash controls, the internal auditor observed that cash deposits are not deposited intact daily. A comparison of a sample of cash receipts lists revealed that each cash receipt list equaled cash journal entry amounts but not daily bank deposits amounts, and cash receipts list totals equaled bank deposit totals in the long run. This information as support for the internal auditor's observations is A. Sufficient but not reliable or relevant. B. Sufficient, reliable, and relevant. C. Not sufficient, reliable, or relevant. D. Relevant but not sufficient or reliable.

7.8.65 What characteristic of information is satisfied by an original signed document? A. Sufficiency. B. Reliability. C. Relevance. D. Usefulness.

7.8.74 Management is investigating the acquisition of an upgraded version of the existing client-server system to increase the system's capacity. Management has requested that the internal auditor perform an operational engagement to determine the efficiency of the existing computer processing resource. What is the most relevant source of information to meet the engagement objective? A. A survey of current user satisfaction. B. A review of computer job log records, listings of scheduled jobs, and computer down-time. C. A comparison of server capacity with desktop computer capacity. D. A detailed analysis of hard drive growth over the last 3 years.

7.9.78 A letter to the internal auditor in response to an inquiry is an example of which type of information? A. Physical. B. Testimonial. C. Documentary. D. Analytical.

7.9.83 During an engagement to review the personnel function, an internal auditor notes that there are several employee benefit programs and that participation in some of the programs is optional. Which of the following is the best information for assessing the acceptability of various benefit programs to employees? A. Discuss satisfaction levels with program participants. B. Evaluate program participation ratios and their trends. C. Discuss satisfaction levels with the director of personnel. D. Evaluate methods used to make employees aware of available program options.

7.9.86 When evaluating the propriety of a payment to a consultant, the most appropriate information for the internal auditor to obtain and review is A. Oral information in the form of opinions of operating management. B. Documentary information in the form of a contract. C. Analytical information in the form of comparisons with prior years' expenditures on consultants. D. Physical information in the form of the consultant's report.

7.9.88 The most likely source of information indicating employee theft of inventory is A. Physical inspection of the condition of inventory items on hand. B. A warehouse employee's verbal charge of theft. C. Differences between an inventory count and perpetual inventory records. D. Accounts payable transactions vouched to inventory receiving reports.

2.1.8 The CAE should report functionally to the board. The board is responsible for which of the following activities? I. Internal communication and information flows II. Approval of the internal audit risk assessment and related audit plan III. Approval of annual compensation and salary adjustments for the CAE A. I and II. B. II and III. C. I and III. D. I, II, and III.

B Approving the internal audit charter Approving the risk-based internal audit plan Receiving communications from the CAE on the internal audit activity's performance Approving decisions regarding the appointment and removal of the CAE Making appropriate inquiries of management and the CAE to determine whether there are inappropriate scope or resource limitations (Inter. Attr. Std. 1110)

2.6.107 Assurance engagements must be performed with proficiency and due professional care. Accordingly, the Standards require internal auditors to I. Consider the probability of significant noncompliance II. Perform assurance procedures with due professional care so that all significant risks are identified III. Weigh the cost of assurance against the benefits A. I and II only. B. I and III only. C. II and III only. D. I, II, and III.

B considering the Extent of work needed to achieve the engagement's objectives Relative complexity, materiality, or significance of matters to which assurance procedures are applied Adequacy and effectiveness of governance, risk management, and control processes Probability of significant errors, fraud, or noncompliance Cost of assurance in relation to potential benefits (Impl. Std. 1220.A1) Assurance procedures alone, even when performed with due professional care, do not guarantee that all significant risks will be identified (Impl. Std. 1220.A3).

6.5.45 Data-gathering activities such as interviewing operating personnel, identifying standards to be used to evaluate performance, and assessing risks inherent in a department's operations are typically performed in which phase of an audit engagement? A. Field work. B. Preliminary survey. C. Engagement program development. D. Examination and evaluation of evidence.

B (2) invite comments and suggestions from engagement clients (PA 2210.A1-1, para. 3). Thus, among many other things, a survey should include discussions with the engagement client (e.g., interviews with operating personnel) and documenting key control activities (including identifying performance standards).

7.2.7 The internal auditor prepares working papers primarily for the benefit of A. The external auditor. B. The internal audit activity. C. The engagement client. D. Senior management.

B (4) support the accuracy and completeness of the work performed; (5) provide a basis for the internal audit activity's quality assurance and improvement program; and (6) facilitate third-party review (PA 2330-1, para. 2). Hence, they primarily benefit internal auditors.

1.5.47 An internal auditor for a large regional bank was asked to serve on the board of directors of a local bank. The bank competes in many of the same markets as the regional bank but focuses more on consumer financing than on business financing. In accepting this position, the internal auditor I. Violates The IIA's Code of Ethics because serving on the board may be in conflict with the best interests of the internal auditor's employer Violates The IIA's Code of Ethics because the information gained while serving on the board of directors of the local bank may influence recommendations regarding potential acquisitions I only. II only. I and II. Neither I nor II.

6.7.67 Analytical procedures in which current financial statements are compared with budgets or previous statements are primarily intended to determine the A. Adequacy of financial statement disclosure. B. Existence of specific errors or omissions. C. Overall reasonableness of statement contents. D. Use of an erroneous cutoff date.

1.5.54 An internal auditor, nearly finished with an engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement, and the internal auditor is under pressure to complete it quickly. The internal auditor notes the problem and passes the information on to the chief audit executive but does no further follow-up. The internal auditor's actions A. Are in violation of The IIA's Code of Ethics for withholding meaningful information. B. Are in violation of the Standards because the internal auditor did not properly follow up on a red flag that might indicate the existence of fraud. C. Are not in violation of either The IIA's Code of Ethics or the Standards. D. Are in violation of The IIA's Code of Ethics for withholding meaningful information and are in violation of the Standards because the internal auditor did not properly follow up on a red flag that might indicate the existence of fraud.

1.5.55 An engagement at a foreign subsidiary disclosed payments to local government officials in return for orders. What action does The IIA's Code of Ethics suggest for an internal auditor in such a case? A. Refrain from any action that might be detrimental to the organization. B. Report the incident to appropriate regulatory authorities. C. Inform appropriate organizational officials. D. Report the practice to the board of The Institute of Internal Auditors.

1.5.64 Which of the following activities of an internal auditor is most likely to be acceptable under The IIA's Code of Ethics? A. Late arrivals and early departures from work because this practice is common in the organization. B. Frequent luncheons and other socializing with major suppliers of the organization without the consent of senior management. C. Conducting an unrelated business outside of office hours. D. Acceptance of a material gift from a supplier.

1.1.10 The Standards consist of three types of Standards. Which Standards apply to the characteristics of providers of internal auditing services? A. Implementation Standards. B. Performance Standards. C. Attribute Standards. D. Independence Standards.

1.1.11 According to The IIA's International Professional Practices Framework, which of the following constitute mandatory guidance for implementing the Standards? A. Development Aids. B. Practice Aids. C. Performance Standards. D. Practice Advisories.

1.1.13 The Sarbanes-Oxley Act of 2002 (SOX) imposes which of the following requirements? A. The board of directors must be composed entirely of independent shareholders. B. At least one member of the audit committee must be a former partner of the independent public accounting firm. C. The audit committee must be composed entirely of independent members of the board. D. Once the audit committee has selected the independent public accounting firm, the committee must not interfere with the firm's conduct of the financial statement audit.

1.1.18 The types of services provided by the internal audit activity can best be described as A. Auditing and engagement. B. Auditing and consulting. C. Assurance and consulting. D. Auditing and assurance.

1.1.19 Support from which persons or combination of persons listed below is most important to the success of the internal audit activity? A. The chief executive officer and chief financial officer. B. The chief executive officer. C. Management and the board. D. The audit committee.

1.1.4 Which Standards expand upon the other categories of Standards? A. Performance Standards. B. Attribute Standards. C. Implementation Standards. D. All of the choices are correct.

1.1.9 The internal audit activity's scope of responsibilities includes A. Eliminating risk. B. Managing risk. C. Evaluating risk. D. Controlling risk.

1.2.21 A primary purpose of establishing a code of conduct within a professional organization is to A. Reduce the likelihood that members of the profession will be sued for substandard work. B. Ensure that all members of the profession perform at approximately the same level of competence. C. Promote an ethical culture among professionals who serve others. D. Require members of the profession to exhibit loyalty in all matters pertaining to the affairs of their organization.

1.2.27 A formal code of ethics should do all of the following except A. Effectively communicate acceptable values to all members. B. Communicate the organization's value system to outsiders. C. Reflect only legal standards of conduct for individuals and the organization. D. Provide a method of policing and disciplining members of the organization for violations.

1.5.44 In a review of travel and entertainment expenses, a certified internal auditor questioned the business purposes of an officer's reimbursed travel expenses. The officer promised to compensate for the questioned amounts by not claiming legitimate expenses in the future. If the officer makes good on the promise, the internal auditor A. Can ignore the original charging of the nonbusiness expenses. B. Should inform the tax authorities in any event. C. Should still include the finding in the final engagement communication. D. Should recommend that the officer forfeit any frequent flyer miles received as part of the questionable travel.

1.5.69 Which of the following actions by an internal auditor is most likely a violation of The IIA's Code of Ethics? A. Accepting payment for teaching auditing at a local university. B. Having a material ownership interest in a competitor. C. Accepting a moderate gift from a customer of his/her organization. D. Allowing use of the Certified Internal Auditor designation in a context not involving his/her employment.

1.7.80 During the course of an engagement, an internal auditor discovers that a clerk is embezzling funds from the organization. Although this is the first embezzlement ever encountered and the organization has a security department, the internal auditor decides to interrogate the suspect. If the internal auditor is violating The IIA's Code of Ethics, the rule violated is most likely A. Failing to exercise due diligence. B. Lack of loyalty to the organization. C. Lack of competence in this area. D. Failing to comply with the law.

1.7.81 Internal auditors who fail to maintain their proficiency through continuing education could be found to be in violation of A. The International Standards for the Professional Practice of Internal Auditing. B. The IIA's Code of Ethics. C. Both the International Standards for the Professional Practice of Internal Auditing and The IIA's Code of Ethics. D. None of the answers are correct.

1.7.84 Which of the following most likely constitutes a violation of The IIA's Code of Ethics? A. Auditor A has accepted an assignment to perform an engagement at the electronics manufacturing division. Auditor A has recently joined the internal audit activity. But Auditor A was senior auditor for the external audit of that division and has audited many electronics organizations during the past 2 years. B. Auditor B has been assigned to perform an engagement at the warehousing function 6 months from now. Auditor B has no expertise in that area but accepted the assignment anyway. Auditor B has signed up for continuing professional education courses in warehousing that will be completed before the assignment begins. C. Auditor C is content as an internal auditor and has come to look at it as a regular 9-to-5 job. Auditor C has not engaged in continuing professional education or other activities to improve effectiveness during the last 3 years. However, Auditor C feels performance of quality work is the same as before. D. Auditor D discovered an internal financial fraud during the year. The books were adjusted to properly reflect the loss associated with the fraud. Auditor D discussed the fraud with the external auditor when the external auditor reviewed working papers detailing the incident.

1.8.100 The chief audit executive meets with the members of the internal audit activity at scheduled staff meetings. Which of the following is the most appropriate function of such a staff meeting? A. Developing the engagement work schedule. B. Revising travel, promotion, and compensation policies. C. Explaining administrative policies and obtaining suggestions from the staff. D. Developing long-range training programs that will meet the staff's needs.

1.8.89 The board of an organization has charged the chief audit executive (CAE) with upgrading the internal audit activity. The CAE's first task is to develop a charter. What item should be included in the statement of objectives? A. Report all engagement results to the board every quarter. B. Notify governmental regulatory agencies of unethical business practices by organization management. C. Evaluate the adequacy and effectiveness of the organization's controls. D. Submit budget variance reports to management every month.

1.8.90 An element of authority that must be included in the charter of the internal audit activity is A. Identification of the organizational units where engagements are to be performed. B. Identification of the types of disclosures that should be made to the board. C. Access to records, personnel, and physical properties relevant to the performance of engagements. D. Access to the external auditor's engagement records.

1.8.91 The authority of the internal audit activity is limited to that granted by A. The board and the controller. B. Senior management and the Standards. C. Management and the board. D. The board and the chief financial officer.

1.8.92 A charter is one of the more important factors positively affecting the internal audit activity's independence. Which of the following is least likely to be part of the charter? A. Access to records within the organization. B. The scope of internal audit activities. C. The length of tenure of the chief audit executive. D. Access to personnel within the organization.

1.8.98 After the chief audit executive receives approval from the board to offer consulting services, what should be done? A. The CAE should begin performing consulting services. B. The CAE should get approval from the internal auditors. C. The internal audit charter should be amended. D. The board should develop appropriate policies and procedures for conducting such engagements.

1.8.99 Staff members should be afforded an appropriate means through which they can discuss problems and receive updates regarding the internal audit activity's policies. The most appropriate forum for this objective is A. The internal audit activity's informal communication lines. B. Internal memoranda. C. Staff meetings. D. Employee evaluation conferences.

2.1.14 The reporting structure that is most likely to allow the internal audit activity to accomplish its responsibilities is to report administratively to the A. Board and functionally to the chief executive officer. B. Controller and functionally to the chief financial officer. C. Chief executive officer and functionally to the board of directors. D. Chief executive officer and functionally to the external auditor.

2.1.21 Freedom from conditions that threaten internal auditors' ability to do unbiased work is A. Control. B. Compliance. C. Independence. D. Avoidance of conflicts of interest.

2.1.4 A medium-sized publicly owned organization operating in Country X has grown to a size that the governing authority believes warrants the establishment of an internal audit activity. Country X has legislated internal audit requirements for government-owned organizations. The organization changed the bylaws to reflect the establishment of the internal audit activity. The governing authority decided that the chief audit executive (CAE) must be a certified internal auditor and will report directly to the newly established audit committee. Which of the items discussed above will contribute the most to the new CAE's independence? A. The establishment of the internal audit activity is documented in the bylaws. B. Country X has legislated internal auditing requirements. C. The CAE will report to the audit committee. D. The CAE is to be a certified internal auditor.

2.2.34 An activity appropriately performed by the internal audit activity is A. Designing systems of control. B. Drafting procedures for systems of control. C. Reviewing systems of control before implementation. D. Installing systems of control.

2.2.38 Assuming that the internal auditing staff possesses the necessary experience and training, which of the following services is most appropriate for a staff internal auditor to undertake? A. Substitute for the accounts payable supervisor while (s)he is on sick leave. B. Determine the profitability of alternative investment acquisitions and select the best alternative. C. As part of an evaluation team, review vendor accounting software internal controls and rank according to exposures. D. Participate in an internal audit of the accounting department shortly after transferring from the accounting department.

2.3.53 A treasury department employee transferred to the internal audit activity of the same organization last month. The chief financial officer of the organization has suggested that, because of the employee's significant knowledge in this area, it would be a good idea for the employee to immediately begin an engagement to evaluate the treasury department. In this circumstance, the employee should A. Accept the engagement and begin work immediately. B. Discuss the need for such an engagement with the employee's former superior, the treasurer. C. Suggest that the engagement be performed by another member of the internal audit staff. D. Offer to prepare an engagement work program but suggest that interviews with the employee's former co-workers be conducted by other members of the internal audit staff.

2.3.54 The internal audit activity encounters a scope limitation from senior management that will affect the activity's ability to meet its goals and objectives for a potential engagement client. The nature of the scope limitation needs to be A. Noted in the engagement working papers, but the engagement should be carried out as scheduled and the scope limitation worked around, if possible. B. Communicated to the external auditors, so they can investigate the area in more detail. C. Communicated, preferably in writing, to the board. D. Communicated to management stating that the limitation will not be accepted because it would impair the internal audit activity's independence.

2.3.60 As part of a company-sponsored award program, an internal auditor was offered an award of significant monetary value by a division in recognition of the cost savings that resulted from the auditor's recommendations. According to the International Professional Practices Framework, what is the most appropriate action for the auditor to take? A. Accept the gift because the engagement is already concluded and the report issued. B. Accept the award under the condition that any proceeds go to charity. C. Inform audit management and ask for direction on whether to accept the gift. D. Decline the gift and advise the division manager's superior.

2.4.63 An organization has two manufacturing facilities. Each facility has two manufacturing processes and a separate packaging process. The processes are similar at both facilities. Raw materials used include aluminum, materials to make plastic, various chemicals, and solvents. Pollution occurs at several operational stages, including raw materials handling and storage, process chemical use, finished goods handling, and disposal. Waste products produced during the manufacturing processes include several that are considered hazardous. The nonhazardous waste is transported to the local landfill. An outside waste vendor is used for the treatment, storage, and disposal of all hazardous waste. Management is aware of the need for compliance with environmental laws. The organization recently developed an environmental policy including a statement that each employee is responsible for compliance with environmental laws. If the internal audit activity is assigned the responsibility of conducting an environmental audit, which of the following actions should be performed first? A. Conduct risk assessments for each site. B. Review organizational policies and procedures and verify compliance. C. Provide the assigned staff with technical training. D. Review the environmental management system.

2.4.64 When hiring entry-level internal auditing staff, which of the following will most likely predict the applicant's success as an internal auditor? A. Grade point average on college accounting courses. B. Ability to fit well socially into a group. C. Ability to organize and express thoughts well. D. Level of detailed knowledge of the organization.

2.4.65 A chief audit executive (CAE) for a very small internal audit department has just received a request from management to perform an audit of an extremely complex area in which the CAE and the department have no expertise. The nature of the audit engagement is within the scope of internal audit activities. Management has expressed a desire to have the engagement conducted in the very near future because of the high level of risk involved. Which of the following responses by the CAE would be in violation of the Standards? A. Discuss with management the possibility of outsourcing the audit of this complex area. B. Add an outside consultant to the audit staff to assist in the performance of the audit engagement. C. Accept the audit engagement and begin immediately, since it is a high-risk area. D. Discuss the timeline of the audit engagement with management to determine if sufficient time exists in which to develop appropriate expertise.

2.4.69 Internal auditing is unique in that its scope often encompasses all areas of an organization. Thus, it is not possible for each internal auditor to possess detailed competence in all areas that might be the subject of engagements. Which of the following competencies must the internal audit activity possess collectively? A. Understanding of taxation and law as it applies to operation of the organization. B. Proficiency in accounting principles. C. Understanding of management principles. D. Proficiency in information technology.

2.4.74 Communication skills are important to internal auditors. They should be able to convey effectively all of the following to engagement clients except A. The objectives designed for a specific engagement. B. The engagement evaluations based on a survey. C. The risk assessment used in selecting the area for investigation. D. Recommendations that are generated in relationship to a specific engagement client.

2.5.80 All of the following will help the CAE identify the available knowledge, skills, and competencies of the internal audit staff except A. Hiring practices. B. Periodic skills assessment. C. External service provider. D. Staff performance appraisals.

2.5.83 An internal audit activity has scheduled an engagement relating to a construction contract. One portion of this engagement will include comparing materials purchased with those specified in the engineering drawings. The internal audit activity does not have anyone on staff with sufficient expertise to complete this procedure. The chief audit executive should A. Delete the engagement from the schedule. B. Perform the entire engagement using current staff. C. Engage an engineering consultant to perform the comparison. D. Accept the contractor's written representations.

2.5.88 A chief audit executive (CAE) has been requested by the audit committee to conduct an engagement at a chemical factory as soon as possible. The engagement will include reviews of health, safety, and environmental (HSE) management and processes. The CAE knows that the internal audit activity does not possess the HSE knowledge necessary to conduct such an engagement. The CAE must A. Begin the engagement and incorporate HSE training into next year's planning to prepare for a follow-up engagement. B. Suggest to the audit committee that the factory's own HSE staff conduct the engagement. C. Seek permission from the audit committee to obtain appropriate support from an HSE professional. D. Defer the engagement and tell the audit committee that it will take several months to train internal audit staff for such an engagement.

2.5.90 The internal audit activity is considering hiring a person who has a thorough understanding of internal auditing techniques, accounting, and principles of management but has nonspecialized knowledge of economics and information technology. Hiring the person is most appropriate if A. A professional development program is agreed to in advance of actual hiring. B. A mentor is assigned to ensure completion of an individually designed professional development program. C. Other internal auditors possess sufficient knowledge of economics and information technology. D. The prospective employee could reasonably be expected to gain sufficient knowledge of these competencies in the long run.

2.5.93 The CAE determines that an external service provider (ESP) possesses the necessary knowledge, skills, and other competencies to perform the engagement. The most effective procedure to evaluate the ESP is A. Considering the current compensation of the potential ESP. B. Verifying that no financial, organizational, or personal relationships will prevent the ESP from rendering impartial and unbiased judgments. C. Contacting others familiar with the ESP's work. D. Determining the financial interest the ESP may have in the organization.

2.6.100 The internal audit activity can perform an important role in preventing and detecting significant fraud by being assigned all but which one of the following tasks? A. Review large, abnormal, or unexplained expenditures. B. Review sensitive expenses, such as legal fees, consultant fees, and foreign sales commissions. C. Review every control feature pertaining to petty cash receipts. D. Review contributions by the organization that appear to be unusual.

2.6.103 A staff internal auditor performed a portion of an engagement to review an organization's marketing function. In particular, the internal auditor evaluated the function's effective and efficient use of resources to identify I. Underused facilities II. Overstaffing or understaffing III. Nonproductive work IV. Procedures that were not cost justified To test for underused facilities, the internal auditor performed a complete walkthrough of all spaces assigned to the marketing function and evaluated the use of both space and capital equipment. The internal auditor analyzed reports on space usage for the last year and concluded that facilities were neither underused nor used at maximum capacity. To test for overstaffing or understaffing, the internal auditor compared current staffing levels with a staffing analysis recently completed by an independent contractor. Because the staffing analysis used work standards and service demands to provide factual and reliable information on staffing requirements, the internal auditor was able to conclude that staffing levels were optimal. To test for nonproductive work, the internal auditor interviewed an employee from each level and, based upon their responses, concluded that no significant amount of nonproductive work was being performed. Thus, the internal auditor concluded that additional engagement work to search for procedures that were not cost-justified would not be necessary. In reference to requirements III and IV, due professional care A. Was exercised because the internal auditor applied reasonable care and competence in both areas. B. Was not exercised because the internal auditor failed to apply reasonable care and competence regarding requirement III. C. Was not exercised because the internal auditor failed to apply reasonable care and competence regarding both requirements III and IV. D. Was not exercised because the internal auditor failed to apply reasonable care and competence regarding requirement IV.

2.6.104 Due professional care calls for A. Detailed reviews of all transactions related to a particular function. B. Infallibility and extraordinary performance when the system of internal control is known to be weak. C. Consideration of the possibility of material irregularities during every engagement. D. Testing in sufficient detail to give absolute assurance that noncompliance does not exist.

2.6.111 An internal auditor has some suspicion of, but no information about, potential misstatement of financial statements. The internal auditor fails to exercise due professional care by A. Identifying potential ways in which a misstatement could occur and ranking the items for investigation. B. Informing the engagement manager of the suspicions and asking for advice on how to proceed. C. Not testing for possible misstatement because the engagement work program had already been approved by engagement management. D. Expanding the engagement work program, without the engagement client's approval, to address the highest ranked ways in which a misstatement may have occurred.

2.6.95 Which of the following statements is true with respect to due professional care? A. An internal auditor should perform detailed tests of all transactions before communicating results. B. An item should not be mentioned in an engagement communication unless the internal auditor is absolutely certain of the item. C. An engagement communication should never be viewed as providing an infallible truth about a subject. D. An internal auditor has no responsibility to recommend improvements.

2.6.96 An internal auditor observes that a receivables clerk has physical access to and control of cash receipts. The auditor worked with the clerk several years before and has a high level of trust in the individual. Accordingly, the auditor notes in the engagement working papers that controls over receipts are adequate. Has the auditor exercised due professional care? A. Yes, reasonable care has been taken. B. No, irregularities were not noted. C. No, alertness to conditions most likely indicative of irregularities was not shown. D. Yes, the engagement working papers were annotated.

2.7.112 A quality assurance and improvement program of an internal audit activity provides reasonable assurance that internal auditing work is performed in accordance with its charter. Which of the following are designed to provide feedback on the effectiveness of an internal audit activity? I. Proper supervision II. Proper training III. Internal reviews IV. External reviews A. I, II, and III only. B. II, III, and IV only. C. I, III, and IV only. D. I, II, III, and IV.

2.8.118 At what minimal required frequency does the chief audit executive report the results of internal assessments in the form of ongoing monitoring to senior management and the board? A. Monthly. B. Quarterly. C. Annually. D. Biennially.

2.8.121 Following an external assessment of the internal audit activity, who is (are) responsible for communicating the results to the board? A. Internal auditors. B. Audit committee. C. Chief audit executive. D. External auditors.

2.9.126 Periodic internal assessments of the internal audit activity primarily serve the needs of A. The board of directors. B. The internal audit activity's staff. C. The chief audit executive (CAE). D. Senior management.

2.9.128 External assessment of an internal audit activity is not likely to evaluate A. Adherence to the internal audit activity's charter. B. Conformance with the Standards. C. Detailed cost-benefit analysis of the internal audit activity. D. The tools and techniques employed by the internal audit activity.

3.1.1 Which of the following is not implied by the definition of control? A. Measurement of progress toward goals. B. Uncovering of deviations from plans. C. Assignment of responsibility for deviations. D. Indication of the need for corrective action.

3.1.8 The actions taken to manage risk and increase the likelihood that established objectives and goals will be achieved are best described as A. Supervision. B. Quality assurance. C. Control. D. Compliance.

3.1.9 According to The IIA Glossary appended to the Standards, which of the following are most directly designed to ensure that risks are contained? A. Risk management processes. B. Internal audit activities. C. Control processes. D. Governance processes.

3.2.18 The use of financial statement analysis, quality control procedures, and employee performance evaluations are all examples of A. Preliminary controls. B. Concurrent controls. C. Feedback controls. D. Feedforward controls.

3.2.25 When a copy of the sale invoice is not received by an organization's shipping department, an employee requests the document from the proper authority. This process is a(n) A. Directive, detective control. B. Passive, mitigating control. C. Active, detective control. D. Detective, preventive control.

3.3.30 An organization has grown rapidly and has just automated its human resource system. The organization has developed a large database that tracks employees, employee benefits, payroll deductions, job classifications, ethnic code, age, insurance, medical protection, and other similar information. Management has asked the internal audit activity to review the new system. Human resources and payroll are separate departments. Which of the following combinations provides the best segregation of duties? A. Human resources adds employees, payroll processes hours, and human resources delivers the paychecks to employees. B. Human resources adds employees, reviews and submits payroll hours to payroll for processing, and delivers paychecks to employees. C. Human resources adds employees, and payroll processes hours and enters employee bank account numbers. Paychecks are automatically deposited in the employee's bank account. D. Payroll adds employees and enters employees' bank account numbers but processes hours only as approved by human resources. Paychecks are automatically deposited in the employee's bank account.

3.3.32 Upon receipt of purchased goods, receiving department personnel match the quantity received with the packing slip quantity and mark the retail price on the goods based on a master price list. The annotated packing slip is then forwarded to inventory control and goods are automatically moved to the retail sales area. The most significant control strength of this activity is A. Immediately pricing goods for retail sale. B. Matching quantity received with the packing slip. C. Using a master price list for marking the sale price. D. Automatically moving goods to the retail sales area.

3.3.34 Which one of the following is most likely to be considered an internal control weakness? A. The petty cash custodian has the ability to steal petty cash. Documentation for all disbursements from the fund must be submitted with the request for replenishment of the fund. B. An inventory control clerk at a manufacturing plant has the ability to steal one completed television set from inventory a year. The theft probably will never be detected. C. An accounts receivable clerk, who approves sales returns and allowances, receives customer remittances and deposits them in the bank. Limited supervision is maintained over the employee. D. A clerk in the invoice processing department fails to match a vendor's invoice with its related receiving report. Checks are not signed unless all appropriate documents are attached to a voucher.

3.3.39 Checks from customers are received in the organization's mail room each day. What controls should be in place to safeguard them? A. Establishing a separate post office box for customer payments. B. Forwarding all checks to the cashier upon receipt. C. Requiring a specific mail clerk to list and restrictively endorse each check. D. Providing bonding protection for mail clerks.

3.3.43 Which of the following observations made during the preliminary survey of a local department store's disbursement cycle reflects a control strength? A. Individual department managers use prenumbered forms to order merchandise from vendors. B. The receiving department is given a copy of the purchase order complete with a description of goods, quantity ordered, and extended price for all merchandise ordered. C. The treasurer's office prepares checks for suppliers based on vouchers prepared by the accounts payable department. D. Individual department managers are responsible for the movement of merchandise from the receiving dock to storage or sales areas as appropriate.

3.3.45 A receiving department receives copies of purchase orders for use in identifying and recording inventory receipts. The purchase orders list the name of the vendor and the quantities of the materials ordered. A possible error that this system could allow is A. Payment to unauthorized vendors. B. Payment for unauthorized purchases. C. Overpayment for partial deliveries. D. Delay in recording purchases.

3.3.50 Which of the following activities represents both an appropriate human resources department function and a deterrent to payroll fraud? A. Distribution of paychecks. B. Authorization of overtime. C. Authorization of additions and deletions from the payroll. D. Collection and retention of unclaimed paychecks.

3.3.58 To control purchasing and accounts payable, an information system must include certain source documents. For a manufacturing organization, these documents should include A. Purchase orders, receiving reports, and vendor invoices. B. Receiving reports and vendor invoices. C. Purchase requisitions, purchase orders, receiving reports, and vendor invoices. D. Purchase requisitions, purchase orders, inventory reports of goods needed, and vendor invoices.

3.3.60 The initiation of the purchase of materials and supplies would be the responsibility of the A. Purchasing department. B. Stores control department. C. Inventory control department. D. Production department.

3.4.78 Management can best strengthen internal control over the custody of inventory stored in an off-site warehouse by implementing A. Reconciliations of transfer slips to/from the warehouse with inventory records. B. Increases in insurance coverage. C. Regular reconciliation of physical inventories to accounting records. D. Regular confirmation of the amount on hand with the custodian of the warehouse.

3.4.81 A control likely to prevent purchasing agents from favoring specific suppliers is A. Requiring management's review of a monthly report of the totals spent by each buyer. B. Requiring buyers to adhere to detailed material specifications. C. Rotating buyer assignments periodically. D. Monitoring the number of orders placed by each buyer.

3.4.88 During an engagement involving a purchasing department, an internal auditor discovered that many purchases were made (at normal prices) from an office supplier whose owner was the brother of the director of purchasing. Controls were in place to restrict such purchases and no fraud appears to have been committed. In this case, the internal auditor should recommend A. The development of an approved-vendor file initiated by the buyer and approved by the director of purchasing. B. Establishment of a price policy (range) for all goods. C. The initiation of a conflict-of-interest policy. D. The inspection of all receipts by receiving inspectors.

3.4.89 Which of the following policies and procedures is consistent with effective administration of the insurance function? A. Billings for insurance coverage are received and payments disbursed by the insurance manager. B. Policy coverages are adjusted each year by applying a price index to previous year coverages. C. Final settlements are negotiated after claims are developed and submitted. D. Policies are always placed with the carrier that offers the lowest rate for a specified level of coverage.

3.4.93 A. Assigning the second office clerk to make an independent check of prices, discounts, extensions, footings, and invoice serial numbers. B. Requiring that monthly statements be prepared by the bookkeeper and verified by one of the other office clerks prior to mailing. C. Using predetermined totals to control posting routines. D. Requiring the bookkeeper to perform periodic reconciliations of the accounts receivable subsidiary ledger and the general ledger.

4.1.12 Which of the following is the common name for Internal Control: Guidance for Directors on the Combined Code? A. COSO. B. COBIT. C. The Turnbull Report. D. CoCo.

4.1.13 A restaurant chain has over 680 restaurants. All food orders for each restaurant are required to be entered into an electronic device that records all food orders by food servers and transmits the order to the kitchen for preparation. All food servers are responsible for collecting cash for all their orders and must turn in cash at the end of their shift equal to the sales value of food ordered for their I.D. number. The manager then reconciles the cash received for the day with the computerized record of food orders generated. All differences are investigated immediately by the restaurant. Organizational headquarters has established monitoring controls to determine when an individual restaurant might not be recording all its revenue and transmitting the applicable cash to the corporate headquarters. Which one of the following is the best example of a monitoring control? A. The restaurant manager reconciles the cash received with the food orders recorded on the computer. B. All food orders must be entered on the computer, and segregation of duties is maintained between the food servers and the cooks. C. Management prepares a detailed analysis of gross margin per store and investigates any store that shows a significantly lower gross margin. D. Cash is transmitted to corporate headquarters on a daily basis.

4.1.3 Which of the following is not a component of the CoCo model? A. Commitment. B. Capability. C. Control environment. D. Monitoring and learning.

4.1.6 The policies and procedures helping to ensure that management directives are executed and actions are taken to address risks to achievement of objectives describes A. Risk assessments. B. Control environments. C. Control activities. D. Monitoring.

4.1.8 Which term best reflects the attitude and actions of the board and management regarding the significance of control within the organization? A. Risk assessment. B. Control activities. C. Control environment. D. Monitoring.

4.1.9 Internal control can provide only reasonable assurance that the organization's objectives will be met efficiently and effectively. One factor limiting the likelihood of achieving those objectives is that A. The internal auditor's primary responsibility is the detection of fraud. B. The board is active and independent. C. The cost of internal control should not exceed its benefits. D. Management monitors performance.

4.2.17 Enterprise risk management A. Guarantees achievement of organizational objectives. B. Requires establishment of risk and control activities by internal auditors. C. Involves the identification of events with negative impacts on organizational objectives. D. Includes selection of the best risk response for the organization.

4.2.20 What is residual risk? A. Impact of risk. B. Risk that is under control. C. Risk that is not managed. D. Underlying risk in the environment.

4.2.29 Which of the following is closely related to traditional risk management instead of enterprise risk management (ERM)? A. Rapid response to opportunities. B. Organization-level view of risk. C. Emphasis on specific functions. D. Achieving financial goals.

4.3.34 Which of the following represents the best statement of responsibilities for risk management? Internal Management Auditing Board A. Responsibility for risk Oversight role Advisory role B. Oversight role Responsibility for risk Advisory role C. Responsibility for risk Advisory role Oversight role D. Oversight role Advisory role Responsibility for risk

4.3.35 An internal auditor plans to conduct an audit of the adequacy of controls over investments in new financial instruments. Which of the following would not be required as part of such an engagement? A. Determine if policies exist which describe the risks the treasurer may take and the types of instruments in which the treasurer may make investments. B. Determine the extent of management oversight over investments in sophisticated instruments. C. Determine whether the treasurer is getting higher or lower rates of return on investments than are treasurers in comparable organizations. D. Determine the nature of controls established by the treasurer to monitor the risks in the investments.

4.3.37 Internal auditors should review the means of physically safeguarding assets from losses arising from A. Misapplication of accounting principles. B. Procedures that are not cost justified. C. Exposure to the elements. D. Underusage of physical facilities.

4.3.42 The board's expectations of the internal audit activity regarding the risk management process is A. Noted in the work programs for formal consulting engagements. B. Included in the business continuity plan. C. Codified in the charters of the internal audit activity and the board. D. Reviewed by the internal auditors immediately following a disaster.

4.3.43 Which of the following is the most accurate term for a process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization's objectives? A. The internal audit activity. B. Control process. C. Risk management. D. Consulting service.

4.3.48 Which of the following is not a responsibility of the chief audit executive? A. To communicate the internal audit activity's plans and resource requirements to senior management and the board for review and approval. B. To coordinate with other internal and external providers of audit and consulting services to ensure proper coverage and minimize duplication. C. To oversee the establishment, administration, and assessment of the organization's system of risk management processes. D. To follow up on whether appropriate management actions have been taken on significant reported risks.

4.4.51 Internal auditors need to ascertain the extent to which management has established adequate control criteria. For this purpose, which of the following actions may be appropriate? I. Determining whether objectives have been accomplished II. Using the criteria in their evaluation III. Working with management to develop appropriate control evaluation criteria A. I only. B. I and II only. C. I, II, and III. D. II only.

4.4.56 A significant employee fraud took place shortly after an internal auditing engagement. The internal auditor may not have properly fulfilled the responsibility for the prevention of fraud by failing to note and report that A. Policies, practices, and procedures to monitor activities and safeguard assets were less extensive in low-risk areas than in high-risk areas. B. A system of control that depended upon separation of duties could be circumvented by collusion among three employees. C. There were no written policies describing prohibited activities and the action required whenever violations are discovered. D. Divisional employees had not been properly trained to distinguish between bona fide signatures and cleverly forged ones on authorization forms.

4.4.59 Internal auditing is responsible for assisting in the prevention of fraud by A. Informing the appropriate authorities within the organization and recommending whatever investigation is considered necessary in the circumstances when wrongdoing is suspected. B. Establishing the organization's governance, operations, and information systems concerning compliance with laws, regulations, and contracts. C. Examining and evaluating the adequacy and the effectiveness of control, commensurate with the extent of the potential exposure or risk in the various segments of the organization's operations. D. Determining whether operating standards are acceptable and are being met.

4.4.61 The internal audit activity's responsibility for preventing fraud is to A. Establish internal control. B. Maintain internal control. C. Evaluate the system of internal control. D. Exercise operating authority over fraud prevention activities.

4.4.63 An international nonprofit organization finances medical research. The majority of its revenue and support comes from fundraising activities, investments, and specific grants from an initial sponsoring corporation. The organization has been in operation over 15 years and has a small internal audit department. The organization has just finished a major fundraising drive that raised US $500 million for the current fiscal period. The following are selected data from recent financial statements (US dollar figures in millions): Current Past Year Year Revenue US $500 US $425 Investments (average balances) 210 185 Medical research grants made 418 325 Investment income 16 20 Administrative expense 10 6 Auditors must always be alert for the possibility of fraud. Assume the controls over each risk listed below are marginal. Which of the following possible frauds or misuses of organization assets should be considered the area of greatest risk? A. The president is using company travel and entertainment funds for activities that might be considered questionable. B. Purchases of supplies are made from fictitious vendors. C. Grants are made to organizations that might be associated with the president or are not for purposes dictated in the organization's charter. D. The payroll clerk has added ghost employees.

4.4.66 When an internal auditor identifies multiple factors that have been linked with possible fraudulent conditions and suspects that fraud has taken place, the auditor should A. Immediately report to senior management and the board. B. Immediately report to the board. C. Recommend an investigation. D. Extend tests to determine the extent of the fraud.

4.4.67 An internal auditor suspects that a mailroom clerk is embezzling funds. In exercising due professional care, the internal auditor should A. Reassign the clerk to another department. B. Institute stricter controls over mailroom operations. C. Evaluate fraud indicators and decide whether further action is necessary. D. Confront the clerk with the auditor's suspicions.

4.4.68 An internal auditor's field work uncovers a series of transactions that indicate a possible embezzlement. Which of the following actions should the chief audit executive take? A. Confront the suspected embezzler to determine that the facts are correct. B. Review the finding with the suspect's fellow workers to see whether the workers can furnish additional evidence. C. Decide whether to recommend an investigation. D. Discuss the case with the board.

4.5.76 Randy and John had known each other for many years. They had become best friends in college, where they both majored in accounting. After graduation, Randy took over the family business from his father. His family had been in the grocery business for several generations. When John had difficulty finding a job, Randy offered him a job in the family store. John proved to be a very capable employee. As John demonstrated his abilities, Randy began delegating more and more responsibility to him. After a period of time, John was doing all of the general accounting and authorization functions for checks, cash, inventories, documents, records, and bank reconciliations. (1) John was trusted completely and handled all financial functions. No one checked his work. Randy decided to expand the business and opened several new stores. (2) Randy was always handling the most urgent problem . . . "crisis management" is what his college professors had termed it. John assisted with the problems when his other duties allowed him time. Although successful at work, John had (3) difficulties with personal financial problems. At first, the amounts stolen by John were small. John didn't even worry about making the accounts balance. But John became greedy. "How easy it is to take the money," he said. He felt that he was a critical member of the business team (4) and that he contributed much more to the success of the company than was represented by his salary. "It would take two or three people to replace me," he often thought to himself. As the amounts became larger and larger, (5) he made the books balance. Because of these activities, John was able to purchase an expensive car and take his family on several trips each year. (6) He also joined an expensive country club. Things were changing at home, however. (7) John's family observed that he was often argumentative and at other times very depressed. The fraud continued for 6 years. Each year, the business performed more and more poorly. In the last year, the stores had a substantial net loss. Randy's bank required an audit. John confessed when he thought the auditors had discovered his embezzlements. When discussing frauds, the pressures, opportunities, and rationalizations that cause/allow a perpetrator to commit the fraud are often identified. Symptoms of fraud are also studied. Number 1, "John was trusted completely . . .," is an example of a(n) A. Document symptom. B. Situational pressure. C. Opportunity to commit. D. Physical symptom.

4.5.82 Randy and John had known each other for many years. They had become best friends in college, where they both majored in accounting. After graduation, Randy took over the family business from his father. His family had been in the grocery business for several generations. When John had difficulty finding a job, Randy offered him a job in the family store. John proved to be a very capable employee. As John demonstrated his abilities, Randy began delegating more and more responsibility to him. After a period of time, John was doing all of the general accounting and authorization functions for checks, cash, inventories, documents, records, and bank reconciliations. (1) John was trusted completely and handled all financial functions. No one checked his work. Randy decided to expand the business and opened several new stores. (2) Randy was always handling the most urgent problem . . . "crisis management" is what his college professors had termed it. John assisted with the problems when his other duties allowed him time. Although successful at work, John had (3) difficulties with personal financial problems. At first, the amounts stolen by John were small. John didn't even worry about making the accounts balance. But John became greedy. "How easy it is to take the money," he said. He felt that he was a critical member of the business team (4) and that he contributed much more to the success of the company than was represented by his salary. "It would take two or three people to replace me," he often thought to himself. As the amounts became larger and larger, (5) he made the books balance. Because of these activities, John was able to purchase an expensive car and take his family on several trips each year. (6) He also joined an expensive country club. Things were changing at home, however. (7) John's family observed that he was often argumentative and at other times very depressed. The fraud continued for 6 years. Each year, the business performed more and more poorly. In the last year, the stores had a substantial net loss. Randy's bank required an audit. John confessed when he thought the auditors had discovered his embezzlements. When discussing frauds, the pressures, opportunities, and rationalizations that cause/allow a perpetrator to commit the fraud are often identified. Symptoms of fraud are also studied. Number 7, "John's family observed that he was often argumentative . . .," is an example of a A. Rationalization. B. Lifestyle symptom. C. Behavioral symptom. D. Physical symptom.

4.5.84 Internal auditors should have knowledge about factors (red flags) that have proven to be associated with management fraud. Which of the following factors have generally not been associated with management fraud? A. Generous performance-based reward systems. B. A domineering management. C. Regular comparison of actual results with budgets. D. A management preoccupation with increased financial performance.

4.5.94 The internal audit activity has been assigned to perform an engagement involving a division. Based on background review, the internal auditor knows the following about management policies: Organizational policy is to rapidly promote divisional managers who show significant success. Thus, successful managers rarely stay at a division for more than 3 years. A significant portion of division management's compensation comes in the form of bonuses based on the division's profitability. The division was identified by senior management as a turnaround opportunity. The division is growing but is not scheduled for a full audit by the external auditors this year. The division has been growing about 7% per year for the past 3 years and uses a standard cost system. During the preliminary review, the internal auditor notes the following changes in financial data compared with the prior year: Sales have increased by 10%. Cost of goods sold has increased by 2%. Inventory has increased by 15%. Divisional net profit has increased by 8%. Which of the following items might alert the internal auditor to the possibility of fraud in the division? A. The division is not scheduled for an external audit this year. B. Sales have increased by 10%. C. A significant portion of management's compensation is directly tied to reported net profit of the division. D. All of the answers are correct.

4.5.98 The most common motivation for management fraud is the existence of A. Vices, such as a gambling habit. B. Job dissatisfaction. C. Financial pressures on the organization. D. The challenge of committing the perfect crime.

5.1.3 The measure of variability of a statistical sample that serves as an estimate of the population variability is the A. Basic precision. B. Range. C. Standard deviation. D. Confidence interval.

5.1.4 The measure of variability most useful in variables sampling is the A. Median. B. Range. C. Standard deviation. D. Mean.

5.1.5 In sampling applications, the standard deviation represents a measure of the A. Expected error rate. B. Level of confidence desired. C. Degree of data variability. D. Extent of precision achieved.

5.1.6 A specified range is based on an estimate of a population characteristic calculated from a random sample. The probability that the range contains the true population value is the A. Error rate. B. Lower precision limit. C. Confidence level. D. Standard error of the mean.

5.1.8 The degree to which the auditor is justified in believing that the estimate based on a random sample will fall within a specified range is called A. Sampling risk. B. Non-sampling risk. C. Confidence level. D. Precision.

5.2.15 A distinguishing characteristic of random number sample selection is that each A. Item is selected from a stratum having minimum variability. B. Item's chance for selection is proportional to its dollar value. C. Item in the population has an equal chance of being selected. D. Stratum in the population has an equal number of items selected.

5.2.18 Random numbers can be used to select a sample only when each item in the population A. Can be assigned to a specific stratum. B. Is independent of outside influence. C. Can be identified with a unique number. D. Is expected to be within plus or minus three standard deviations of the population mean.

5.3.23 In selecting a sample of items for attributes testing, an auditor must consider the confidence level factor, the desired precision, and the A. Recorded monetary amount of the population. B. Sampling interval. C. Expected occurrence rate. D. Standard deviation in the population.

5.3.24 The size of a given sample is jointly a result of characteristics of the population of interest and decisions made by the internal auditor. Everything else being equal, sample size will A. Increase if the internal auditor decides to accept more risk of incorrectly concluding that controls are effective when they are in fact ineffective. B. Double if the internal auditor finds that the variance of the population is twice as large as was indicated in the pilot sample. C. Decrease if the internal auditor increases the tolerable rate of deviation. D. Increase as sampling risk increases.

5.3.29 An auditor has to make a number of decisions when using attribute sampling. The term efficiency is used to describe anything that affects sample size. The term effectiveness is used to describe the likelihood that the statistical sample result will be a more accurate estimate of the true population error rate. Assume an auditor expects a control procedure failure rate of 0.5%. The auditor is making a decision on whether to use a 90% or a 95% confidence level and whether to set the tolerable control failure rate at 3% or 4%. Which of the following statements regarding efficiency and effectiveness of an attribute sample is true? A. Decreasing the confidence level to 90% and decreasing the tolerable control failure rate to 3% will result in both increased efficiency and effectiveness. B. Decreasing the tolerable failure rate from 4% to 3% will increase audit efficiency. C. Increasing the confidence level to 95% and decreasing the tolerable control failure rate to 3% will increase audit effectiveness. D. Increasing the confidence level to 95% will increase audit efficiency.

5.3.30 Which of the following must be known to evaluate the results of an attribute sample? A. Estimated dollar value of the population. B. Standard deviation of the sample values. C. Actual size of the sample selected. D. Finite population correction factor.

5.4.36 In a variables sampling application, which of the following will result when confidence level is changed from 90% to 95%? A. Standard error of the mean will not be affected. B. Nonsampling error will decrease. C. Sample size will increase. D. Point estimate of the arithmetic mean will increase.

5.4.45 Difference estimation sampling would be appropriate to use to project the monetary error in a population if A. Subsidiary ledger book balances for some individual inventory items are unknown. B. Virtually no differences between the individual carrying amounts and the audited amounts exist. C. A number of nonproportional differences between carrying amounts and audited amounts exist. D. Observed differences between carrying amounts and audited amounts are proportional to carrying amounts.

5.4.50 The use of probability-proportional-to-size sampling is inefficient if A. Bank accounts are being examined. B. Statistical inferences are to be made. C. Each account is of equal importance. D. The number of sampling units is large.

5.4.53 What effect does an increase in the standard deviation have on the required sample size of mean-per-unit estimation and probability-proportional-to-size sampling? Assume no change in any of the other characteristics of the population and no change in desired precision and confidence. Probability Mean-per-Unit Estimation Proportional to Size A. Increase in sample size Increase in sample size B. No change in sample size Decrease in sample size C. Increase in sample size No change in sample size D. Decrease in sample size No change in sample size

5.5.62 An internal auditor uses a number of techniques to select samples. A frequently, and appropriately, used technique is random selection. In which of the following situations would random selection be least justified? The auditor needs to A. Test sales transactions to determine that they were properly authorized and are supported by shipping documents. B. Confirm accounts receivable and has already selected the 10 largest accounts for confirmation. The remaining accounts are not numbered. The auditor only has a computer listing of the accounts in alphabetical order approximately 250 pages long with 50 account balances on every page. C. Obtain evidence on the proper sales cut-off by sampling items from the monthly sales journal to determine if the items were recorded in the correct time period. D. Test the perpetual inventory records to ensure that the sample covers the largest monetary value items in the account.

5.5.64 An auditor is conducting a survey of perceptions and beliefs of employees concerning an organization health care plan. The best approach to selecting a sample is to A. Focus on people who are likely to respond so that a larger sample can be obtained. B. Focus on managers and supervisors because they can also reflect the opinions of the people in their departments. C. Use stratified sampling where the strata are defined by marital and family status, age, and salaried/hourly status. D. Use monetary-unit sampling according to employee salaries.

5.5.71 After partially completing an internal control review of the accounts payable department, an auditor suspects that some type of fraud has occurred. To ascertain whether the fraud is present, the best sampling approach is to use A. Simple random sampling to select a sample of vouchers processed by the department during the past year. B. Probability-proportional-to-size sampling to select a sample of vouchers processed by the department during the past year. C. Discovery sampling to select a sample of vouchers processed by the department during the past year. D. Judgmental sampling to select a sample of vouchers processed by clerks identified by the department manager as acting suspiciously.

5.5.73 Variability of the monetary amount of individual items in a population affects sample size in which of the following sampling plans? A. Attribute sampling. B. Monetary-unit sampling. C. Mean-per-unit sampling. D. Discovery sampling.

5.6.77 An organization has collected data on the complaints made by personal computer users and has categorized the complaints. (Refer to Figure FIGURE18_12.) Using the information collected, the organization should focus on A. The total number of personal computer complaints that occurred. B. The number of computer complaints associated with CD-ROM problems and new software usage. C. The number of computer complaints associated with the lack of user knowledge and hardware problems. D. The cost to alleviate all computer complaints.

5.6.79 Statistical quality control often involves the use of control charts whose basic purpose is to A. Determine when accounting control procedures are not working. B. Control labor costs in production operations. C. Detect performance trends away from normal operations. D. Monitor internal control applications of information technology.

6.1.12 The audit committee has raised a few issues that the internal audit activity will examine during an operational audit for the current year. When performing the preliminary survey, which of the following is not an appropriate technique? A. Performing interviews. B. Developing questionnaires. C. Determining the largest risk of financial statement misstatement. D. All of the answers are appropriate techniques.

6.1.7 An internal auditor conducts a preliminary survey and identifies a number of significant engagement issues and reasons for pursuing them in more depth. The engagement client informally communicates concurrence with the preliminary survey results and asks that the internal auditor not report on the areas of significant concern until the client has an opportunity to respond to the problem areas. Which of the following engagement responses is not appropriate? A. Keep the engagement on schedule and discuss with management the need for completing the engagement on a timely basis. B. Consider the risk involved in the areas involved, and, if the risk is high, proceed with the engagement. C. Consider the engagement to be terminated with no communication of results needed because the engagement client has already agreed to take constructive action. D. Work with the engagement client to keep the engagement on schedule and address the significant issues in more depth, as well as the client's responses, during the course of the engagement.

6.10.95 "Except for the missing documentation noted above, the system of internal controls over petty cash is functioning as intended." The above statement is an example of a(n) A. Observation. B. Objective. C. Conclusion. D. Finding.

6.2.13 A well-designed internal control questionnaire should A. Elicit "yes" or "no" responses rather than narrative responses and be organized by department. B. Be a sufficient source of data for assessment of control risk. C. Help evaluate the effectiveness of internal control. D. Be independent of the objectives of the internal auditing engagement.

6.2.21 A questionnaire consists of a series of questions relating to controls normally required to prevent or detect errors and fraud that may occur for each type of transaction. Which of the following is not an advantage of a questionnaire? A. A questionnaire provides a framework that minimizes the possibility of overlooking aspects of internal control. B. A questionnaire can be easily completed. C. A questionnaire is flexible in design and application. D. The completed questionnaire provides documentation that the internal auditor become familiar with internal control.

6.3.27 To elicit views on broad organizational risks and objectives from the board and senior management, an internal auditor should A. List specific risk factors for consideration. B. Develop spreadsheets with quantitative data relevant to the industry. C. Use a nondirective approach to initiating discussion of mitigating risks. D. Ask each member of management about specific risks listed in an industry reference.

6.3.29 Auditors must be effective listeners, especially when asking complex questions. To improve their listening, auditors should take care to do all the following except A. Stop talking. It is very difficult to listen and talk at the same time. B. Be patient. Allow the speaker ample time to respond. C. Avoid all questions until the speaker has concluded. D. Put the speaker at ease. A nervous speaker will be difficult to understand.

6.3.32 A supportive behavior that a listener, such as an auditor or a supervisor, can use to encourage a speaker is to A. Look away from the speaker to avoid any intimidation. B. Interject a similar incident or experience. C. Stop other activity or work while the person is talking. D. Not respond verbally until the speaker stops talking.

6.4.35 An internal auditor must weigh the cost of an engagement procedure against the persuasiveness of the evidence to be gathered. Observation is one engagement procedure that involves cost-benefit trade-offs. Which of the following statements regarding observation as an engagement technique is (are) true? I. Observation is limited because individuals may react differently when being observed. II. When testing financial statement balances, observation is more persuasive for the completeness assertion than it is for the existence assertion. Observation is effective in providing information about how the organization's processes differ from those specified by written policies. I only. II only. I and III only. I, II, and III.

6.4.42 Checklists used to assess risk have been criticized for all of the following reasons except A. Providing a false sense of security that all relevant factors are addressed. B. Inappropriately implying equal weight to each item on the checklist. C. Decreasing the uniformity of data acquisition. D. Being incapable of translating the experience or sound reasoning intended to be captured by each item on the checklist.

6.6.54 A primary advantage of using generalized audit software (GAS) packages in auditing the financial statements of a client that uses a computer system is that the auditor may A. Substantiate the accuracy of data through self-checking digits and hash totals. B. Reduce the level of required tests of controls to a relatively small amount. C. Access information stored on computer files without a complete understanding of the client's hardware and software features. D. Consider increasing the use of substantive tests of transactions in place of analytical procedures.

6.6.61 A company that has many branch stores has decided to use its best-performing store as a benchmark organization for the purpose of analyzing the accuracy and reliability of branch store financial reporting. Which one of the following is the most likely measure to be included in a financial benchmark? A. High turnover of employees. B. High level of employee participation in setting budgets. C. High amount of bad debt write-offs. D. High number of suppliers.

6.7.63 Analytical procedures A. Are considered direct information about the assertion being evaluated. B. Involve such tests as confirmation of receivables. C. May provide the best available information for the completeness assertion. D. Are never sufficient by themselves to support management assertions.

6.7.65 The internal auditor of an organization with a recently automated human resources system reviews the retirement benefits plan and determines that the pension and medical benefits have been changed several times in the past 10 years. The internal auditor wishes to determine whether further investigation is justified. The most appropriate engagement procedure is to A. Review the trend of overall retirement expense over the last 10 years. If it has increased, further investigation is needed. B. Use generalized audit software to take a monetary-unit sample of retirement pay and determine whether each retired employee was paid correctly. C. Review reasonableness of retirement pay and medical expenses on a per-person basis stratified by which plan was in effect when the employee retired. D. Use generalized audit software to take an attribute sample of retirement pay and perform detailed testing to determine whether each person chosen was given the proper benefits.

6.8.71 A company with many branch stores has decided to benchmark one of its stores for the purpose of analyzing the accuracy and reliability of branch store financial reporting. Which one of the following is the most likely measure to be included in a financial benchmark? A. High turnover of employees. B. High level of employee participation in setting budgets. C. High amount of bad debt write-offs. D. High number of suppliers.

6.9.84 The internal auditor of a construction enterprise that builds foundations for bridges and large buildings performed a review of the expense accounts for equipment (augers) used to drill holes in rocks to set the foundation for the buildings. During the review, the internal auditor noted that the expenses related to some of the auger accounts had increased dramatically during the year. The internal auditor inquired of the construction manager who offered the explanation that the augers last 2 to 3 years and are expensed when purchased. Thus, the internal auditor should see a decrease in the expense accounts for these augers in the next year but would expect an increase in the expenses of other augers. The internal auditor also found out that the construction manager is responsible for the inventorying and receiving of the augers and is a part owner of a business that supplies augers to the organization. The supplier was approved by the president to improve the quality of equipment. Assume the internal auditor did not find a satisfactory explanation for the results of the analytical procedures performed and has conducted the appropriate follow-up procedures. The engagement in this area is otherwise complete. Which of the following would be the most appropriate action to take? A. Note the actions and follow-up next year. Defer the reporting to management until a satisfactory explanation can be obtained. B. Expand engagement procedures by observing the receipt of all augers during a reasonable period of time and trace the receipts to the appropriate accounts. Determine causes of any discrepancies. C. Report the observations, as they are, to management and recommend an investigation for possible fraud. D. Report the observations to the construction manager and insist that appropriate controls such as independent receiving reports be implemented. Follow up to see if the controls are properly implemented.

6.9.90 An internal auditor performs an analytical review by comparing the gross margins of various divisional operations with those of other divisions and with the individual division's performance in previous years. The internal auditor notes a significant increase in the gross margin at one division. The internal auditor does some preliminary investigation and also notes that no changes occurred in products, production methods, or divisional management during the year. The most likely cause of the increase in gross margin is a(n) A. Increase in the number of competitors selling similar products. B. Decrease in the number of suppliers of the material used in manufacturing the product. C. Overstatement of year-end inventory. D. Understatement of year-end accounts receivable.

6.9.91 A medium-sized municipality provides 8.5 billion gallons of water per year for 31,000 customers. The water meters are replaced at least every 5 years to ensure accurate billing. The water department tracks unmetered water to identify water consumption that is not being billed. The department recently issued the following water activity report: Based on the activity reported for the meter replacement program, an internal auditor would conclude that A. Established operating standards are understood and are being met. B. Any corrective action needed has probably been taken during the quarter. C. Deviations from the goal should be analyzed and corrected. D. Meters should be changed every 3 years.

7.1.1 An internal audit staffer has just completed an assessment of the engagement client's operating and financial controls. The auditor's preliminary conclusion is that controls are adequately designed to achieve management's operating and financial objectives. The auditor's next step is to A. Present his/her findings to the chief audit executive. B. Prepare a preliminary report on internal controls for presentation to the board. C. Report his/her results to the auditor in charge. D. Prepare a plan for testing internal controls.

7.1.2 The internal auditor has concluded that an engagement client's system of internal controls is inadequate to achieve management's objectives. The most appropriate next step is to A. Test controls to determine whether they are functioning as designed. B. Halt the engagement and issue a report about inadequate controls. C. Draw preliminary conclusions about internal control. D. Contact the engagement client's direct supervisor to recommend that the head of the department or function under audit is transferred or terminated.

7.10.89 To verify the proper value of costs charged to real property records for improvements to the property, the best source of information is A. Inspection by the internal auditor of real property improvements. B. A letter signed by the real property manager asserting the propriety of costs incurred. C. Original invoices supporting entries into the accounting records. D. Comparison of billed amounts with contract estimates.

7.10.92 During an investigation of unexplained inventory shrinkage, an internal auditor is testing inventory additions as recorded in the perpetual inventory records. Because of internal control weaknesses, the information recorded on receiving reports may not be reliable. Under these circumstances, which of the following documents provides the best information about additions to inventory? A. Purchase orders. B. Purchase requisitions. C. Vendors' invoices. D. Vendors' statements.

7.10.93 In engagement planning, internal auditors should review all relevant information. Which of the following sources of information would most likely help identify suspected violations of environmental regulations? A. Discussions with operating executives. B. Review of trade publications. C. Review of correspondence the entity has conducted with governmental agencies. D. Discussions conducted with the external auditors in coordinating engagement efforts.

7.10.95 A set of engagement working papers contained a copy of a document providing information that an expensive item that had been special-ordered was actually on hand on a particular date. The most likely source of this information is a printout from a computerized A. Purchases journal. B. Cash payments journal. C. Perpetual inventory file. D. Receiving report file.

7.11.101 The most persuasive information about the existence of newly acquired computers for the sales department is A. Inquiry of management. B. Observation of engagement client's procedures. C. Physical examination. D. Documentation prepared externally.

7.11.97 Which of the following types of tests is the most persuasive if an internal auditor wants assurance of the existence of inventory stored in a warehouse? A. Examining the shipping documents that support recorded transfers to and from the warehouse. B. Obtaining written confirmation from management. C. Physically observing the inventory in the warehouse. D. Examining warehouse receipts contained in the engagement client's records.

7.11.99 An internal auditor at a savings and loan association concludes that a secured real estate loan is collectible. Which of the following engagement procedures provides the most persuasive information about the loan's collectibility? A. Confirming the loan balance with the borrower. B. Reviewing the loan file for proper authorization by the credit committee. C. Examining documentation of a recent, independent appraisal of the real estate. D. Examining the loan application for appropriate borrowers' signatures.

7.2.10 Which of the following most completely describes the appropriate content of working papers? A. Engagement objectives, procedures, and conclusions. B. Engagement purposes, criteria, techniques, and recommendations. C. Engagement objectives, procedures, observations, conclusions, and recommendations. D. Engagement subject, purposes, sampling information, and analysis.

7.2.8 Which of the following is the most important if working papers are to have the characteristics that will ensure that they achieve their primary purposes? A. Working papers must be of standard format and standard content. B. Working papers must be properly indexed and cross-referenced to the draft final engagement communication. C. Working papers must provide sufficient, reliable, and useful information to support the engagement results. D. Working papers must be arranged in logical order following the engagement work program sequence.

7.3.16 An internal auditor prepared a working paper that consisted of a list of employee names and identification numbers as well as the following statement: By matching random numbers with employee identification numbers, 40 employee personnel files were selected to verify that they contain all documents required by the organization's policy 501. No exceptions were noted. The internal auditor did not place any tick marks on this working paper. Which one of the following changes will improve the internal auditor's working paper the most? A. Use of tick marks to show that each file was examined. B. Removal of the employee names to protect their confidentiality. C. Justification for the sample size. D. Listing of the actual documents examined for each employee.

7.3.23 Internal auditors often include summaries within their working papers. Which of the following best describes the purpose of such summaries? A. Summaries are prepared to conform with the Standards. B. Summaries are usually required to complete each section of an engagement work program. C. Summaries distill the most useful information from several working papers into a more usable form. D. Summaries document that the internal auditor has considered all relevant information.

7.3.24 When engagement conclusions are challenged, the internal auditor's factual rebuttal is best facilitated by A. Summaries in the engagement work program. B. Pro forma working papers. C. Cross-referencing of the working papers. D. Explicit procedures in the engagement work program.

7.5.36 Working papers should be disposed of when they are of no further use. Retention policies must A. Specify a minimum retention period of 3 years. B. Be prepared by the audit committee. C. Be approved by legal counsel. D. Be approved by the external auditor.

7.5.39 The best description of the principal purpose for retaining working papers is to A. Help perform the engagement in an orderly fashion. B. Maintain the engagement work program for reuse in the next engagement. C. Provide support for the final engagement communication. D. Provide a basis for supervisory review.

7.6.48 The internal auditor wishes to develop a flowchart of (1) the process of receiving sales order information at headquarters, (2) the transmission of the data to the plants to generate the shipment, and (3) the plants' processing of the information for shipment. The internal auditor should A. Start with management's decisions to set sales prices. Gather internal documentation on the approval process for changing sales prices. Complement documentation with a copy of the program flowchart. Prepare an overview flowchart that links these details. B. Start with a shipment of goods and trace the transaction back through the origination of the sales order as received from the sales representative. C. Start with the receipt of a sales order from a sales representative and "walk through" both the manual and computerized processing at headquarters and the plant until the goods are shipped and billed. D. Obtain a copy of the plants' systems flowchart for the sales process, interview relevant personnel to determine if any changes have been made, and then develop an overview flowchart which will highlight the basic process.

7.6.49 The diamond-shaped symbol is commonly used in flowcharting to show or represent a A. Process or a single step in a procedure or program. B. Terminal output display. C. Decision point, conditional testing, or branching. D. Predefined process.

7.6.50 (Refer to Figure CIA2_08_14.) This figure shows how A. Physical media are used in the system. B. Input/output procedures are conducted. C. Data flow within and out of the system. D. Accountability is allocated in the system.

7.7.57 To determine the sufficiency of information regarding interpretation of a contract, an internal auditor uses A. The best obtainable information. B. Subjective judgments. C. Objective evaluations. D. Logical relationships between information and issues.

7.7.61 In an operational audit, the internal auditors discovered an increase in absenteeism. Accordingly, the chief audit executive decided to identify information about workforce morale. To achieve this engagement objective, the internal auditors must understand that A. Morale cannot be reliably analyzed. B. Only outcomes that are directly quantifiable can be reliably analyzed. C. Reliable information may be obtained about morale factors such as job satisfaction. D. Morale is always proportional to compensation.

7.8.75 In testing the write-off of a deteriorated piece of equipment, the best information about the condition of the equipment is A. The equipment manager's statement regarding condition. B. Accounting records showing maintenance and repair costs. C. A physical inspection of the actual piece of equipment. D. The production department's equipment downtime report.

7.8.76 The most reliable information an internal auditor can assess when determining an organization's legal title to inventories is A. Monthly gross profit and inventory levels. B. Purchase orders. C. Paid vendor invoices. D. Records of inventories stored at off-site locations.

7.9.77 During interviews with the inventory management personnel, an internal auditor learned that salespersons often order inventory for stock without receiving the approval of the vice president of sales. Also, detail testing showed that there are no written approvals on purchase orders for replacement parts. The results of detail testing are a good example of A. Indirect information. B. Circumstantial information. C. Corroborative information. D. Subjective information.

7.9.81 Which of the following is an example of documentary information? A. A photograph of an engagement client's workplace. B. A letter from a former employee alleging a fraud. C. A page of the general ledger containing irregularities placed there by the perpetrator of a fraud. D. A page of the internal auditor's working papers containing the computations that demonstrate the existence of an error or irregularity.

7.9.84 In an engagement to review travel expenses, the internal auditor calculates average expenses per day traveled for all sales personnel and then examines detailed receipts for those with high averages. These procedures represent the identification of which types of information? A. Documentary and physical. B. Analytical and physical. C. Documentary and analytical. D. Physical and testimonial.

2.6.106 In exercising due professional care, internal auditors must consider which of the following? I. The relative complexity, materiality, or significance of matters to which assurance procedures are applied II. The extent of assurance procedures necessary to ensure that all significant risks will be identified III. The probability of significant errors, irregularities, or noncompliance A. I and II only. B. II and III only. C. I and III only. D. I, II, and III.

C considering the Extent of work needed to achieve the engagement's objectives Relative complexity, materiality, or significance of matters to which assurance procedures are applied Adequacy and effectiveness of governance, risk management, and control processes Probability of significant errors, fraud, or noncompliance Cost of assurance in relation to potential benefits (Impl. Std. 1220.A1) Assurance procedures alone, even when performed with due professional care, do not guarantee that all significant risks will be identified (Impl. Std. 1220.A3).

6.5.43 The chief audit executive was reviewing recent reports that had recommended additional engagements because of risk exposures to the organization. Which of the following represents the greatest risk and should be the next assignment? A. Three prenumbered receiving reports were missing. B. There were several purchase orders issued without purchase requisitions. C. Payment had been made for routine inventory items without a purchase order or receiving report. D. Several times cash receipts had been held over an extra day before depositing.

C (1) a properly authorized purchase requisition, (2) a purchase order executing the transaction, (3) a receiving report indicating all goods ordered have been received in good condition, and (4) a vendor invoice confirming the amount owed. Lack of such support for cash payments suggests a high risk of fraud.

1.1.20 Which of the following is not appropriate for inclusion in the internal audit charter? A. The nature of the chief audit executive's functional reporting relationship with the board. B. Authorization of internal audit access to records, personnel, and physical properties. C. Definition of the scope of internal audit activities. D. Authorization of the board to approve the charter.

1.1.3 One of the purposes of the International Standards for the Professional Practice of Internal Auditing ("the Standards") is to A. Encourage the professionalization of internal auditing. B. Establish the independence of the internal audit activity and emphasize the objectivity of internal auditing. C. Encourage external auditors to make more extensive use of the work of internal auditors. D. Establish the basis for evaluating internal auditing performance.

1.1.5 A major reason for establishing an internal audit activity is to A. Relieve overburdened management of the responsibility for establishing effective controls. B. Safeguard resources entrusted to the organization. C. Ensure the reliability and integrity of financial and operational information. D. Evaluate and improve the effectiveness of control processes.

1.2.26 A review of an organization's code of conduct revealed that it contained comprehensive guidelines designed to inspire high levels of ethical behavior. The review also revealed that employees were knowledgeable of its provisions. However, some employees still did not comply with the code. What element should a code of conduct contain to enhance its effectiveness? A. Periodic review and acknowledgment by all employees. B. Employee involvement in its development. C. Public knowledge of its contents and purpose. D. Provisions for disciplinary action in the event of violations.

1.2.28 A typical code of ethical conduct for financial managers or management accountants in an organization requires all of the following except A. Integrity and a refusal to compromise professional values for the sake of personal goals. B. Independence from conflicts of economic interest. C. Independence from conflicts of professional interest. D. Subjectivity in presenting information, preparing reports, and making analyses.

1.3.33 An internal auditor, recently terminated by an organization due to downsizing, has found a job with another organization in the same industry. Which of the following disclosures made by the internal auditor to the new organization would constitute a violation of The IIA's Code of Ethics? A. The internal auditor used the risk assessment approach that was used by the internal auditor's former employer in determining priorities in the new job. B. The new internal audit activity does not use PPS sampling, and the internal auditor believes PPS sampling has advantages for many of the engagements conducted by the new employer. The internal auditor conducts training sessions and develops forms to implement sampling in the same manner as the previous employer. C. While at the previous firm, the internal auditor conducted a great deal of research to identify "best practices" for the management of the treasury function. Because most of the research was done at home and during non-office hours, the internal auditor retained much of the research and plans to use it in conducting a review of the treasury function at the new employer. D. None of the answers represent a violation of the Code.

1.3.35 The IIA's Code of Ethics does not require A. Contribution to the legitimate and ethical objectives of the organization. B. Objectivity, honesty, and diligence. C. Continual improvement in proficiency. D. A report on each engagement.

1.5.53 During an examination of grants awarded by a not-for-profit organization, an internal auditor discovered a number of grants made without the approval of the grant authorization committee (which includes outside representatives), as required by the organization's charter. All the grants, however, were approved and documented by the president. The chair of the grant authorization committee, who is also a member of the board of directors, proposes that the committee meet and retroactively approve all the grants before the engagement communication is issued. If the committee meets and approves the grants before such issuance, the internal auditor should A. Not report the grants in question because they were approved before the issuance of the engagement communication. B. Discuss the matter with the chair of the grant committee to determine the rationale for not approving the grants earlier. If the grants are routine, discussion of the grant committee's inaction should be omitted from the engagement communication. C. Include the items in the communication as an override of the organization's controls. Details about each grant should be reported, and the internal auditor should investigate further for fraud. D. Report the override of control to the board.

1.5.59 An internal auditor has uncovered facts that could be interpreted as indicating unlawful activity on the part of an engagement client. The internal auditor decides not to inform senior management and the board of these facts because of lack of proof. The internal auditor, however, decides that, if questions are raised regarding the omitted facts, they will be answered fully and truthfully. In taking this action, the internal auditor A. Has not violated The IIA's Code of Ethics or the Standards because confidentiality takes precedence over all other standards. B. Has not violated The IIA's Code of Ethics or the Standards because the internal auditor is committed to answering all questions fully and truthfully. C. Has violated The IIA's Code of Ethics because unlawful acts should have been reported to the appropriate regulatory agency to avoid potential "aiding and abetting" by the internal auditor. D. Has violated the Standards because the internal auditor should inform the appropriate authorities in the organization if fraud may be indicated.

1.5.65 Which of the following items is a violation by an internal auditor of The IIA's Code of Ethics? A. Certain facts recorded in the internal auditor's working papers that helped to support the basic allegations made by the internal auditor regarding a case of fraud were not included in the final engagement communication. B. Information in the internal auditor's working papers that proved a criminal act was included in the internal auditor's draft communication. The comments were later removed by internal audit management. C. To keep the engagement effort within the budgeted time, the internal auditor was directed to and did curtail testing in an area that looked suspicious and later was proved to contain massive irregularities. D. A control system that had been recommended by the internal audit staff during the previous engagement was found to be defective. The internal auditor reported the defective function as an engagement client failure.

1.5.68 In their reporting, internal auditors are required by The IIA's Code of Ethics to A. Present sufficient factual information without revealing confidential matters that could be detrimental to the organization. B. Disclose all material information obtained by the auditor as of the date of the final engagement communication. C. Obtain factual information within the established time and budget parameters. D. Disclose material facts known to the internal auditor that could distort the final engagement communication if not revealed.

1.6.75 Which of the following actions taken by a chief audit executive (CAE) could be considered professionally ethical under The IIA's Code of Ethics? A. The CAE decides to delay an engagement at a branch so that his nephew, the branch manager, will have time to "clean things up." B. To save organizational resources, the CAE cancels all staff training for the next 2 years on the basis that all staff are too new to benefit from training. C. To save organizational resources, the CAE limits procedures at foreign branches to confirmations from branch managers that no major personnel changes have occurred. D. The CAE refuses to provide information about organizational operations to his father, who is a part owner.

1.6.76 A chief audit executive (CAE) learned that a staff internal auditor provided confidential information to a relative. Both the CAE and staff internal auditor are CIAs. Although the internal auditor did not benefit from the transaction, the relative used the information to make a significant profit. The most appropriate way for the CAE to deal with this problem is to A. Verbally reprimand the internal auditor. B. Summarily discharge the internal auditor and notify The IIA. C. Take no action because the internal auditor did not benefit from the transaction. D. Inform The IIA's Board of Directors and take the personnel action required by organizational policy.

1.6.77 Which of the following situations is a violation of The IIA's Code of Ethics? A. An internal auditor was ordered to testify in a court case in which a merger partner claimed to have been defrauded by the internal auditor's organization. The internal auditor divulged confidential information to the court. B. An internal auditor for a manufacturer of office products recently completed an engagement to evaluate the marketing function. Based on this experience, the internal auditor spent several hours one Saturday working as a paid consultant to a hospital in the local area that intended to conduct an engagement to evaluate its marketing function. C. An internal auditor gave a speech at a local IIA chapter meeting outlining the contents of a program the internal auditor had developed for engagements relating to electronic data interchange (EDI) connections. Several internal auditors from major competitors were in the audience. D. During an engagement, an internal auditor learned that the organization was about to introduce a new product that would revolutionize the industry. Because of the probable success of the new product, the product manager suggested that the internal auditor buy an additional interest in the organization, which the internal auditor did.

1.6.79 An internal auditor is performing services in a division in which the chief financial officer is a close personal friend, and the internal auditor learns that the friend is to be replaced after a series of critical labor negotiations. The internal auditor relays this information to the friend. Has a violation of The IIA's Code of Ethics occurred? A. No. The use of the confidential information resulted in no personal gain to the internal auditor. B. No. The internal auditor was just being honest with his/her friend. C. Yes. The internal auditor had a conflict of interest with the organization. D. Yes. The internal auditor was not prudent in the use of information acquired in the course of his/her duties.

1.8.101 Any program for selecting and developing the human resources of the internal audit activity will fail unless compensation is adequate at all levels of responsibility. Policies concerning compensation should A. Link internal auditors' compensation to the pay for comparable positions in the controller's department. B. Provide for cost-of-living, longevity, and merit increases annually. C. Be informal and as flexible as possible to allow the chief audit executive to respond to unusual situations. D. Be clearly stated and based on evaluations of position requirements and individual performance.

1.8.88 During an engagement to evaluate the organization's accounts payable function, an internal auditor plans to confirm balances with suppliers. What is the source of authority for such contacts with units outside the organization? A. Internal audit activity policies and procedures. B. The Standards. C. The Code of Ethics. D. The internal audit activity's charter.

2.1.1 Which of the following facts, by themselves, could contribute to a lack of independence of the internal audit activity? I. The CEO accused the new auditor of not operating "in the best interests of the organization." II. The majority of audit committee members come from within the organization. III. The internal audit activity's charter has not been approved by the board. A. I only. B. II only. C. II and III only. D. I, II, and III.

2.1.11 The optimal administrative reporting line of the CAE is to A. The audit committee. B. Line management. C. Board of directors. D. CEO or equivalent.

2.1.13 A formal document (charter) approved by the board that defines the internal audit activity's purpose, authority, and responsibility enhances its A. Exercise of due professional care. B. Proficiency. C. Relationship with management. D. Independence.

2.1.17 The IIA has indicated that to achieve necessary independence, the CAE should report functionally to whom? A. Senior management. B. Shareholders. C. Chief executive officer. D. The board.

2.1.2 To avoid being the apparent cause of conflict between an organization's senior management and the board, the chief audit executive should A. Communicate all engagement results to both senior management and the board. B. Strengthen the independence of the internal audit activity through organizational position. C. Discuss all reports to senior management with the board first. D. Request board approval of policies that include internal audit activity relationships with the board.

2.1.20 According to the International Professional Practices Framework, the independence of the internal audit activity is achieved through A. Staffing and supervision. B. Continuing professional development and due professional care. C. Human relations and communications. D. Organizational status and objectivity.

2.2.23 During the performance of an engagement to evaluate a division's controls over purchasing, the chief purchasing agent asked why the internal auditor had requested documents pertaining to transactions with a particular supplier. The internal auditor's proper response is to A. Treat the inquiry as a scope limitation. B. Explain the reasons for the information request to promote cooperation with the engagement client. C. Refuse to explain the information request to preserve the integrity of the engagement process. D. Consider the specific circumstances before deciding whether to disclose the reasons for the information request.

2.2.27 In which of the following scenarios does the auditor most likely have organizational independence but lack objectivity? A. Reports to the audit client but does not report fully about the reason for corrective action taken. B. Reports to the board and reports fully about corrective action taken. C. Reports to the audit client and reports fully about corrective action taken. D. Reports to the board but does not report fully about the reason for corrective action taken.

2.2.29 Management has requested the internal audit activity to perform an engagement to recommend procedures and policies for improving management control over the telephone marketing operations of a major division. The chief audit executive should A. Not accept the engagement because recommending controls would impair future objectivity regarding this operation. B. Not accept the engagement because internal audit activities are presumed to have expertise regarding accounting controls, not marketing controls. C. Accept the engagement, but indicate to management that, because recommending controls impairs independence, future engagements in the area will be impaired. D. Accept the engagement because objectivity will not be impaired.

2.2.30 Which of the following statements is an appropriate reason for the internal audit activity not to participate in the systems development process? A. Recommendations prior to implementation will affect independence, and the internal auditors will not be able to perform an objective evaluation after the system is implemented. B. Participation will delay implementation of the project. C. Participation will cause the internal auditors to be labeled as partial owners of the application, and they will then have to share the blame for any problems that remain in the system. D. None of the answers are correct.

2.2.31 Assessing individual objectivity of internal auditors is the responsibility of A. The chief executive officer. B. The board. C. The audit committee. D. The chief audit executive.

2.2.32 Which of the following activities is not presumed to impair the objectivity of an internal auditor? I. Recommending standards of control for a new information system application II. Drafting procedures for running a new computer application to ensure that proper controls are installed Performing reviews of procedures for a new computer application before it is installed I only. II only. III only. I and III.

2.2.33 Reengineering is the thorough analysis, fundamental rethinking, and complete redesign of essential business processes. The intended result is a dramatic improvement in service, quality, speed, and cost. An internal auditor's involvement in reengineering should include all of the following except A. Determining whether the process has senior management's support. B. Recommending areas for consideration. C. Developing audit plans for the new system. D. Directing the implementation of the redesigned process.

2.2.36 An organization is planning to develop and implement a new computerized purchase order system in one of its manufacturing subsidiaries. The vice president of manufacturing has requested that internal auditors participate on a team consisting of representatives from finance, manufacturing, purchasing, and marketing. This team will be responsible for the implementation effort. Eager to take on this high profile project, the chief audit executive assigns a senior internal auditor to the project to assist "as needed." Assuming the senior internal auditor performed all of the following activities, which one will impair objectivity if the internal auditor is asked to review the purchase order system on a post-engagement basis? A. Helping to identify and define control objectives. B. Testing for compliance with system development standards. C. Evaluate risk exposures of systems and programming standards. D. Drafting operating procedures for the new system.

2.2.40 The CAE bears the responsibility to do which of the following? A. Assess the level of independence of the board. B. Assess the level of knowledge, skills, and competencies of the chief financial officer. C. Foster collective objectivity. D. Foster individual objectivity.

2.2.41 Which of the following is a true statement regarding the timing of assessments of individual objectivity on the part of internal auditors? A. It must be performed annually. B. It must be performed in conjunction with the audit risk assessment. C. It is performed at the discretion of the board. D. It is performed at the discretion of the CAE.

2.2.42 Which of the following actions is required of the CAE in regard to the objectivity of internal auditors? A. Maximize. B. Prioritize. C. Manage. D. Assess.

2.2.43 The CAE bears the responsibility to do which of the following? A. Encourage the objectivity of the board. B. Encourage the objectivity of the CEO. C. Foster an attitude of professional skepticism among members of the board. D. Maintain individual objectivity.

2.2.44 Maintaining individual objectivity of internal auditors is the responsibility of A. The chairperson of the board of directors. B. The chairperson of the audit committee. C. The external assessment team. D. The chief audit executive.

2.2.45 Maintaining individual objectivity is most dependent on A. Clearly informing auditee departments and functions of The IIA definition of conflict of interest. B. An annual evaluation by the board. C. An annual evaluation by an external assessment team. D. Internal auditors avoiding conflicts of interest.

2.3.56 An internal auditor assigned to audit a vendor's compliance with product quality standards is the brother of the vendor's controller. The auditor should A. Accept the assignment but avoid contact with the controller during fieldwork. B. Accept the assignment but disclose the relationship in the engagement final communication. C. Notify the vendor of the potential conflict of interest. D. Notify the chief audit executive of the potential conflict of interest.

2.3.57 The internal audit activity should be free to audit and report on any activity that also reports to its administrative head if it considers such coverage to be appropriate for its audit plan. Any limitation in scope or reporting of results of these activities needs to be brought to the attention of the A. Chief executive officer. B. Chief financial officer. C. External auditor. D. Board.

2.4.66 Your organization has selected you to develop an internal audit activity. Your approach will most likely be to hire A. Internal auditors, each of whom possesses all the skills required to handle all engagements. B. Inexperienced personnel and train them the way the organization wants them trained. C. Degreed accountants because most internal audit work is accounting related. D. Internal auditors who collectively have the knowledge and skills needed to perform the responsibilities of the internal audit activity.

2.4.71 The internal audit activity collectively must possess or obtain certain competencies, excluding A. Proficiency in applying internal audit standards. B. An understanding of management principles. C. The ability to maintain good interpersonal relations. D. The ability to conduct training sessions in quantitative methods.

2.5.77 As part of the process to improve internal auditor-engagement client relations, it is very important to deal with how the internal audit activity is perceived. Certain types of attitudes in the work performed will help create these perceptions. From a management perspective, which attitude is likely to be the most conducive to a positive perception? A. Objective. B. Investigative. C. Interrogatory. D. Consultative.

2.5.82 A chief audit executive has reviewed credentials, checked references, and interviewed a candidate for a staff position. The CAE concludes that the candidate has a thorough understanding of internal audit techniques, accounting, and finance. However, the candidate has limited knowledge of economics and information technology. Which action is most appropriate? A. Reject the candidate because of the lack of knowledge required by the Standards. B. Offer the candidate a position despite lack of knowledge in certain essential areas. C. Encourage the candidate to obtain additional training in economics and information technology and then reapply. D. Offer the candidate a position if other staff members possess sufficient knowledge in economics and information technology.

2.5.84 If the internal audit activity of a nonpublic company does not have the skills to perform a particular task, an external service provider (ESP) could be brought in from I. The organization's external audit firm II. An external consulting firm III. The engagement client IV. A college or university A. I and II only. B. II and IV only. C. I, II, and III only. D. I, II, and IV only.

3.1.4 Which of the following statements best describes the relationship between planning and controlling? A. Planning looks to the future; controlling is concerned with the past. B. Planning and controlling are completely independent of each other. C. Planning prevents problems; controlling is initiated by problems that have occurred. D. Controlling cannot operate effectively without the tools provided by planning.

2.5.85 A chief audit executive for a large manufacturer is considering revising the internal audit activity's charter with respect to the minimum educational and experience qualifications required. The CAE wants to require all staff auditors to possess specialized training in accounting and a professional auditing certification such as the Certified Internal Auditor or the Chartered Accountant. One of the disadvantages of imposing this requirement is that the policy A. Might negatively affect the internal audit activity's ability to perform quality engagements relating to the organization's financial and accounting systems. B. Does not promote the professionalism of the internal audit activity. C. Would prevent the internal audit activity from using external service providers when it did not have the knowledge, skills, and other competencies required in certain engagements. D. Could limit the range of services that could be performed due to the internal audit activity's narrow expertise and backgrounds.

2.5.89 When the engagement was assigned, management asked the internal auditor to evaluate the appropriateness of using self-insurance to minimize risk to the organization. Given the scope of the engagement requested by management, should the internal auditor engage an actuarial consultant to assist in the engagement if these skills do not exist on staff? A. No. The internal audit activity is skilled in assessing controls, and the insurance control concepts are not distinctly different from other control concepts. B. No. It is a normal internal auditor function to assess risk; this engagement is therefore not unique. C. Yes. An actuary is essential to determine whether the healthcare costs are reasonable. D. Yes. The actuary has skills not usually found among internal auditors to identify and quantify self-insurance risks.

2.5.92 An internal auditor's objectivity could be compromised in all of the following situations except A. A conflict of interest. B. An engagement client's familiarity with the internal auditor due to lack of rotation in assignments. C. The internal auditor's assumption of operational duties on a temporary basis. D. Reliance on an outside service provider when appropriate.

2.5.94 In some organizations, internal audit functions are outsourced. Management in a large organization should recognize that the external auditor may have an advantage, compared with the internal auditor, because of the external auditor's A. Familiarity with the organization. Its annual audits provide an in-depth knowledge of the organization. B. Size. It can hire experienced, knowledgeable, and certified staff. C. Size. It is able to offer continuous availability of staff unaffected by other priorities. D. Structure. It may more easily accommodate engagement requirements in distant locations.

2.6.105 A certified internal auditor performed an assurance engagement to review a department store's cash function. Which of the following actions will be deemed lacking in due professional care? A. Organizational records were reviewed to determine whether all employees who handle cash receipts and disbursements were bonded. B. A flowchart of the entire cash function was developed, but only a sample of transactions was tested. C. The final engagement communication included a well-supported recommendation for the reduction in staff, although it was known that such a reduction would adversely affect morale. D. Because of a highly developed system of internal control over the cash function, the final engagement communication assured senior management that no irregularities existed.

2.8.120 When is initial use of the conformance phrase by internal auditors appropriate? A. After an internal review completed within the past 5 years. B. After an external review completed within the past 10 years. C. After an internal review completed within the past 10 years. D. After an external review completed within the past 5 years.

2.9.123 Which of the following is part of an internal audit activity's quality assurance program, rather than being included as part of other responsibilities of the chief audit executive (CAE)? A. The CAE provides information about and access to internal audit working papers to the external auditors to enable them to understand and determine the degree to which they may rely on the internal auditors' work. B. Management approves a formal charter establishing the purpose, authority, and responsibility of the internal audit activity. C. Each individual internal auditor's performance is appraised at least annually. D. Supervision of an internal auditor's work is performed throughout each audit engagement.

2.9.127 Quality program assessments may be performed internally or externally. A distinguishing feature of an external assessment is its objective to A. Identify tasks that can be performed better. B. Determine whether internal audit services meet professional standards. C. Set forth the recommendations for improvement. D. Provide independent assurance.

2.9.129 An external assessment of an internal audit activity contains an expressed opinion. The opinion applies A. Only to the internal audit activity's conformance with the Standards. B. Only to the effectiveness of the internal auditing coverage. C. Only to the adequacy of internal control. D. To the entire spectrum of assurance and consulting work.

3.2.13 Controls may be classified according to the function they are intended to perform, for example, as detective, preventive, or directive. Which of the following is a directive control? A. Monthly bank statement reconciliations. B. Dual signatures on all disbursements over a specific amount. C. Recording every transaction on the day it occurs. D. Requiring all members of the internal audit activity to be CIAs.

3.2.15 Managerial control can be divided into feedforward, concurrent, and feedback controls. Which of the following is an example of a feedback control? A. Quality control training. B. Budgeting. C. Forecasting inventory needs. D. Variance analysis.

3.2.16 The operations manager of a company notified the treasurer of that organization 60 days in advance that a new, expensive piece of machinery was going to be purchased. This notification allowed the treasurer to make an orderly liquidation of some of the company's investment portfolio on favorable terms. What type of control was involved? A. Feedback. B. Strategic. C. Concurrent. D. Feedforward.

3.2.19 The internal audit activity of an organization is an integral part of the organization's risk management, control, and governance processes because it evaluates and contributes to the improvement of those processes. Select the type of control provided when the internal audit activity conducts a systems development analysis. A. Feedback control. B. Strategic plans. C. Policies and procedures. D. Feedforward control.

3.2.20 Of the following, the controls that are often difficult for internal auditors to evaluate because of the lack of criteria or standards are A. Preventive controls. B. Financial controls. C. Corrective controls. D. Operating controls.

3.3.35 One characteristic of an effective internal control structure is the proper segregation of duties. The combination of responsibilities that would not be considered a violation of segregation of functional responsibilities is A. Signing of paychecks and custody of blank payroll checks. B. Preparation of paychecks and check distribution. C. Approval of time cards and preparation of paychecks. D. Timekeeping and preparation of payroll journal entries.

3.3.42 One payroll engagement objective is to determine whether segregation of duties is proper. Which of the following activities is incompatible? A. Hiring employees and authorizing changes in pay rates. B. Preparing the payroll and filing payroll tax forms. C. Signing and distributing payroll checks. D. Preparing attendance data and preparing the payroll.

3.3.48 If internal control is well designed, two tasks that should be performed by different persons are A. Approval of bad debt write-offs, and reconciliation of the accounts payable subsidiary ledger and controlling account. B. Distribution of payroll checks and approval of sales returns for credit. C. Posting of amounts from both the cash receipts journal and cash payments journal to the general ledger. D. Recording of cash receipts and preparation of bank reconciliations.

3.3.54 Management is concerned with the potential for unauthorized changes in the payroll. Which of the following is the proper organizational structure to prevent such unauthorized changes? A. The payroll department maintains and authorizes all changes in the personnel records. B. The payroll department is supervised by the management of the human resources division. C. The payroll department's functions are limited to maintaining the payroll records, distributing paychecks, and posting the payroll entries to the general ledger. D. The personnel department authorizes the hiring and pay levels of all employees.

3.3.55 In a well-designed internal control structure in which the cashier receives remittances from the mail room, the cashier should not A. Endorse the checks. B. Prepare the bank deposit slip. C. Deposit remittances daily at a local bank. D. Post the receipts to the accounts receivable subsidiary ledger cards.

3.3.57 Which one of the following situations represents a strength of internal control for purchasing and accounts payable? A. Prenumbered receiving reports are issued randomly. B. Invoices are approved for payment by the purchasing department. C. Unmatched receiving reports are reviewed on an annual basis. D. Vendors' invoices are matched against purchase orders and receiving reports before a liability is recorded.

3.3.62 Organizational independence in the processing of payroll is achieved by segregation of functions that are built into the system. Which one of the following functional segregations is not required for internal control purposes? A. Segregation of timekeeping from payroll preparation. B. Segregation of personnel function from payroll preparation. C. Segregation of payroll preparation and paycheck distribution. D. Segregation of payroll preparation and maintenance of year-to-date records.

3.3.63 If employee paychecks are distributed by hand to employees, which one of the following departments should be responsible for the safekeeping of unclaimed paychecks? A. Payroll department. B. Timekeeping department. C. Production department in which the employee works or worked. D. Cashier department.

3.3.64 Organizational independence is required in the processing of customers' orders in order to maintain an internal control structure. Which one of the following situations is not a proper segregation of duties in the processing of orders from customers? A. Approval by credit department of a sales order prepared by the sales department. B. Shipping of goods by the shipping department that have been retrieved from stock by the finished goods storeroom department. C. Invoice preparation by the billing department and posting to customers' accounts by the accounts receivable department. D. Approval of a sales credit memo because of a product return by the sales department with subsequent posting to the customer's account by the accounts receivable department.

3.4.66 The marketing department for a major retailer assigns separate product managers for each product line. Product managers are responsible for ordering products and determining retail pricing. Each product manager's purchasing budget is set by the marketing manager. Products are delivered to a central distribution center where goods are segregated for distribution to the company's 52 department stores. Because receipts are recorded at the distribution center, the company does not maintain a receiving function at each store. Product managers are evaluated on a combination of sales and gross profit generated from their product lines. Many products are seasonal and individual store managers can require that seasonal products be removed to make space for the next season's products. Which of the following is a control deficiency in this situation? A. The store manager can require items to be removed, thus affecting the potential performance evaluation of individual product managers. B. The product manager negotiates the purchase price and sets the selling price. C. Evaluating product managers by total gross profit generated by product line will lead to dysfunctional behavior. D. There is no receiving function located at individual stores.

3.4.71 Which of the following is an operating control for a research and development department? A. Research and development personnel are hired by the payroll department. B. Research and development expenditures are reviewed by an independent person. C. All research and development costs are charged to expense in accordance with the applicable accounting principles. D. The research and development budget is properly allocated between new products, product maintenance, and cost reduction programs.

3.4.73 While performing analytical procedures related to an engagement involving a social services agency of a government entity, the internal auditor noted an unusually large increase in payments to individual recipients who are under the direction of a particular social worker in the agency. The internal auditor is considering making a recommendation about appropriate controls to address a potential problem of fictitious recipients. The internal auditor has identified the following control procedures as potential items to include in the recommendation. I. Require that all additions to the recipient file be independently investigated and approved by a supervisor of the social workers. II. Require the use of self-checking digits on the account numbers of all recipients so that any duplicates will be immediately noted by the system. III. Incorporate a code into the computer program to search for duplicate names and addresses. Develop an exception report that will go to the section supervisor whenever duplicates are noted. IV. Require that social workers be rotated among recipients. Which of the following control combinations would effectively address the internal auditor's concerns and improve control over valid recipients? A. I, II, III, and IV. B. I, II, and III. C. I and IV. D. I, III, and IV.

3.4.75 A utility with a large investment in repair vehicles would most likely implement which internal control to reduce the risk of vehicle theft or loss? A. Review insurance coverage for adequacy. B. Systematically account for all repair work orders. C. Physically inventory vehicles and reconcile the results with the accounting records. D. Maintain vehicles in a secured location with release and return subject to approval by a custodian.

3.4.76 Which of the following controls could be used to detect bank deposits that are recorded but never made? A. Establishing accountability for receipts at the earliest possible time. B. Linking receipts to other internal accountabilities, for example, collections to either accounts receivable or sales. C. Consolidating cash receiving points. D. Having bank reconciliations performed by a third party.

3.4.80 Which of the following observations by an auditor is most likely to indicate the existence of control weaknesses over safeguarding of assets? I. A service department's location is not well suited to allow adequate service to other units. II. Employees hired for sensitive positions are not subjected to background checks. III. Managers do not have access to reports that profile overall performance in relation to other benchmarked organizations. Management has not taken corrective action to resolve past engagement observations related to inventory controls. I and II only. I and IV only. II and III only. II and IV only.

3.4.84 An internal auditor is reviewing the organization's policy regarding investing in financial derivatives. The internal auditor normally expects to find all of the following in the policy except A. A statement indicating whether derivatives are to be used for hedging or speculative purposes. B. A specific authorization limit for the amount and types of derivatives that can be used by the organization. C. A specific limit on the amount authorized for any single trader. D. A statement requiring board review of each transaction because of the risk involved in such transactions.

3.4.86 A rental car agency's fleet maintenance division uses a different code for each type of inventory transaction. A daily summary report lists activity by part number and transaction code. The report is reconciled by the parts room supervisor to the day's material request forms and is then forwarded to the fleet manager for approval. The reconciliation of the summary report to the day's material request forms by the parts room supervisor A. Verifies that all material request forms were approved. B. Provides documentation as to what material was available for a specific transaction. C. Confirms that all material request forms are entered for all parts issued. D. Ensures the accuracy and completeness of data input.

3.4.90 A recent inventory shortage at XYZ Corp., an unaffiliated supplier, contributed to production failures at OPS Corp. in the current period. To avoid future production failures because of supplier inventory shortages, the most appropriate method is for OPS to A. Establish an inventory control framework at XYZ. B. Increase the size of orders. C. Produce the inventory items instead of purchasing from suppliers. D. Inform XYZ about its risk appetite regarding supply failures.

4.1.1 The COSO framework treats internal control as a process designed to provide reasonable assurance regarding the achievement of objectives related to A. Reliability of financial reporting. B. Effectiveness and efficiency of operations. C. Compliance with applicable laws and regulations. D. All of the answers are correct.

4.1.10 Which of the following statements is not accurate with regard to soft controls? A. The COSO and CoCo models emphasize soft controls. B. The communication of ethical values and the fostering of mutual trust are soft controls in the CoCo model. C. Soft controls have become more necessary as technology advances have empowered employees. D. Control self-assessment is not an approach to audit soft controls.

4.1.11 Which of the following broad control objectives listed in The IIA's Electronic Systems Assurance and Control differs from the objectives found in the COSO internal control framework? A. Effectiveness and efficiency. B. Financial reporting. C. Compliance. D. Safeguarding of assets.

4.2.16 The function of the chief risk officer (CRO) is most effective when the CRO A. Manages risk as a member of senior management. B. Shares the management of risk with line management. C. Shares the management of risk with the chief audit executive. D. Monitors risk as part of the enterprise risk management team.

4.2.18 Many organizations use electronic funds transfer to pay their suppliers instead of issuing checks. Regarding the risks associated with issuing checks, which of the following risk management techniques does this represent? A. Controlling. B. Accepting. C. Transferring. D. Avoiding.

4.2.19 Which of the following is a factor affecting risk? A. New personnel. B. New or revamped information systems. C. Rapid growth. D. All of the answers are correct.

4.2.23 Limitations of enterprise risk management (ERM) may arise from A. Faulty human judgment. B. Cost-benefit considerations. C. Collusion. D. All of the answers are correct.

4.2.25 Inherent risk is A. A potential event that will adversely affect the organization. B. Risk response risk. C. The risk after management takes action to reduce the impact or likelihood of an adverse event. D. The risk when management has not taken action to reduce the impact or likelihood of an adverse event.

4.3.33 Which of the following goals sets risk management strategies at the optimum level? A. Minimize costs. B. Maximize market share. C. Minimize losses. D. Maximize shareholder value.

4.3.36 When the executive management of an organization decided to form a team to investigate the adoption of an activity-based costing (ABC system, an internal auditor was assigned to the team. The best reason for including an internal auditor is the internal auditor's knowledge of A. Activities and cost drivers. B. Information processing procedures. C. Current product cost structures. D. Risk management processes.

4.3.44 Risk management is the responsibility of management. The role of the internal audit activity in the risk management process may include which of the following? I. Monitoring activities. II. Evaluating the risk management process as part of the engagement plan. III. Participating on oversight committees, monitoring of activities, and status reporting. IV. Managing and coordinating the process. A. I only. B. II only. C. I, II, and III only. D. I, II, III, and IV.

4.3.46 If an organization has no formal risk management processes, the chief audit executive should A. Establish risk management processes based on industry norms. B. Formulate hypothetical results of possible consequences resulting from risks not being managed. C. Inform regulators that the organization is guilty of an infraction. D. Formally discuss with the directors their obligations for risk management processes.

4.4.52 A key feature that distinguishes fraud from other types of crime or impropriety is that fraud always involves the A. Violent or forceful taking of property. B. Deceitful wrongdoing of management-level personnel. C. Unlawful conversion of property that is lawfully in the custody of the perpetrator. D. False representation or concealment of a material fact.

4.4.55 Which of the following statements is(are) true regarding the prevention of fraud? I. The primary means of preventing fraud is through internal control established and maintained by management. II. Internal auditors are responsible for assisting in the prevention of fraud by examining and evaluating the adequacy of the internal control system. . Internal auditors should assess the operating effectiveness of fraud-related communication systems. . I only. . I and II only. . II only. . I, II, and III.

4.4.57 Internal auditors have a responsibility for helping to deter fraud. Which of the following best describes how this responsibility is usually met? A. By coordinating with security personnel and law enforcement agencies in the investigation of possible frauds. B. By testing for fraud in every engagement and following up as appropriate. C. By assisting in the design of control systems to prevent fraud. D. By evaluating the adequacy and effectiveness of controls in light of the potential exposure or risk.

4.4.58 Which of the following describes one of the responsibilities of the internal auditor for the deterrence of fraud in an organization? A. Implementation of systems to discourage fraud. B. Prosecuting perpetrators of fraud. C. Reporting suspected fraud to law enforcement personnel. D. Evaluating the adequacy of controls to prevent fraud.

4.4.62 An internal auditor who suspects fraud should A. Determine that a loss has been incurred. B. Interview those who have been involved in the control of assets. C. Identify the employees who could be implicated in the case. D. Recommend an investigation if appropriate.

4.5.73 Internal auditors have been advised to consider red flags to determine whether management is involved in a fraud. Which of the following does not represent a difficulty in using the red flags as fraud indicators? A. Many common red flags are also associated with situations in which no fraud exists. B. Some red flags are difficult to quantify or to evaluate. C. Red flag information is not gathered as a normal part of an engagement. D. The red flags literature is not well enough established to have a positive impact on internal auditing.

4.5.74 The following are facts about a subsidiary: 1 The subsidiary has been in business for several years and enjoyed good profit margins although the general economy was in a recession, which affected competitors. 2 The working capital ratio has declined from a healthy 3:1 to 0.9:1. 3 Turnover for the last several years has included three controllers, two supervisors of accounts receivable, four payables supervisors, and numerous staff in other financial positions. 4 Purchasing policy requires three bids. However, the supervisor of purchasing at the subsidiary has instituted a policy of sole-source procurement to reduce the number of suppliers. When conducting a financial audit of the subsidiary, the internal auditor should A. Most likely not detect 1., 2., or 3. B. Ignore 2. since the economy had a downturn during this period. C. Consider 3. to be normal turnover, but be concerned about 2. and 4. as warning signals of fraud. D. Consider 1., 2., 3., and 4. as warning signals of fraud.

4.5.86 Which of the following would indicate that fraud may be taking place in a marketing department? A. There is no documentation for some fairly large expenditures made to a new vendor. B. A manager appears to be living a lifestyle that is in excess of what could be provided by a marketing manager's salary. C. The control environment can best be described as "very loose." However, this attitude is justified by management on the grounds that it is needed for creativity. D. All of the answers are correct.

4.5.87 When an internal auditor followed up on a significant increase in maintenance supplies during the past year, a purchasing agent explained to the internal auditor that the primary reason for the increase was painting services and supplies. The internal auditor found a blanket purchase order without the normal bid or quote documentation. The blanket purchase order had been signed by the general manager and named the general manager's father as the sole contractor for painting services on the organization's projects. The auditor also found a number of large invoices, authorized for payment by the general manager, that showed the general manager's father as the person who signed for the receipt of the material at the supplier. Which is not a symptom of fraud as described in this situation? A. Purchased material is not received by authorized organizational personnel. B. Routine controls are suspended for certain transactions. C. Purchased material is not delivered to a central location on the organization's premises. D. The use of blanket purchase orders.

4.5.89 Bank management suspects that a bank loan officer frequently made loans to fictitious entities, disbursed loan proceeds to personally established accounts, and then let the loans go into default. Some pertinent facts about the loan officer include A high standard of living, explained as the result of sound investments and not taking vacations; An expensive personal car obtained through business contacts; Gasoline and repair bills submitted for a car assigned by the bank that are higher than the organization's average (mileage logs were submitted on a quarterly basis); and Marked annoyance with questions from internal auditors. In this situation, typical indicators of the suspected fraud include all of the following except A. Not taking an annual vacation. B. Becoming easily annoyed with auditor inquiries about questionable loans. C. Explaining a high standard of living as the result of investments. D. Submitting gasoline and repair bills that are higher than company average.

4.5.92 Which of the following is an indicator of increased risk of fraud? The treasurer A. Takes all vacations and has just accepted a promotion to vice president of finance. B. Takes no vacations and has just accepted a promotion to vice president of finance. C. Takes all vacations and has refused promotion to vice president of finance. D. Takes no vacations and has refused promotion to vice president of finance.

4.5.95 An internal auditor is investigating the performance of a division with an unusually large increase in sales, gross margin, and profit. Which of the following indicators is least likely to indicate the possibility of sales-related fraud in the division? A. A significant portion of divisional management's compensation is based on reported divisional profits. B. There is an unusually large amount of sales returns recorded after year end. C. The internal auditor has taken a random sample of sales invoices but cannot locate a shipping document for a number of the sales transactions selected for November and December. D. One of the division's major competitors went out of business during the year.

5.1.7 A 90% confidence interval for the mean of a population based on the information in a sample always implies that there is a 90% chance that the A. Estimate is equal to the true population mean. B. True population mean is no larger than the largest endpoint of the interval. C. Standard deviation will not be any greater than 10% of the population mean. D. True population mean lies within the specified confidence interval.

5.2.12 An important difference between a statistical and a judgmental sample is that with a statistical sample, A. No judgment is required because everything is computed according to a formula. B. A smaller sample can be used. C. More accurate results are obtained. D. Population estimates with measurable reliability can be made.

5.2.19 A company is simulating the actions of a government agency in which 50% of the time a recall of a product is required, 40% of the time only notification of the buyer about a potential defect is required, and 10% of the time no action on its part is required. Random numbers of 1 to 100 are being used. An appropriate assignment of random numbers for the recall category would be A. 1-40 B. 40-90 C. 61-100 D. 11-60

5.5.74 An internal auditor is performing a test to determine whether a gas and electric appliance manufacturer should move its service center from one location to another. The service center houses the service trucks that are used to drive to the customers' locations to service their appliances. The internal auditor wants to determine the reduction in average miles driven as a result of moving to the other location. Which of the following statistical sampling methods would be most appropriate for this test? A. Attribute sampling. B. Discovery sampling. C. Probability-proportional-to-size (monetary-unit) sampling. D. Mean-per-unit sampling.

5.2.20 As part of an internal audit, a benchmark must be established for the defect rate for an innovative new production process. The auditor can either use a large sample that is already available from other production processes in the same plant or draw a fresh sample from the new process. However, a fresh sample would be expensive, time consuming, and much smaller in size. Which one of the following is the best course of action for the auditor? A. The auditor should accept this large historical sample because analyses based on it will have high statistical power. B. The auditor should draw a fresh sample and combine it with the old sample. C. The auditor should accept the historical sample but use nonparametric statistics to analyze it. D. The auditor should first determine how similar the new process is to the old process before deciding what to do.

5.3.32 An internal auditor, testing to determine if a division is shipping goods to customers without making the prescribed credit check, decides to use attribute sampling. Each sales order in the sample is examined for credit approval. Using an initial estimate of the occurrence rate of 4%, desired precision of 2.5%, and a confidence level of 95%, the required sample size is 214. The total population size is 2,305. Sample items are selected, and seven sales without the required credit approval are noted. Reducing the desired confidence level from 95% to 90% will result in A. Less achieved precision (i.e., higher than 2.5%) if the sample size remains at 214. B. An unchanged sample size if the desired precision remains at 2.5%. C. A larger sample size if the desired precision remains at 2.5%. D. A smaller sample size if the desired precision remains at 2.5%.

5.4.42 When relatively few items of high monetary value constitute a large proportion of an account balance, stratified sampling techniques and complete testing of the high monetary-value items will generally result in a A. Simplified evaluation of sample results. B. Smaller nonsampling error. C. Larger estimate of population variability. D. Reduction in sample size.

5.4.46 Ratio estimation sampling would be inappropriate to use to project the monetary error in a population if A. The recorded carrying amounts and audited amounts are approximately proportional. B. A number of observed differences exist between carrying amounts and audited amounts. C. Observed differences between carrying amounts and audited amounts are proportional to carrying amounts. D. Subsidiary ledger book balances for some inventory items are unknown.

5.4.48 When an internal auditor uses monetary-unit statistical sampling to examine the total value of invoices, each invoice A. Has an equal probability of being selected. B. Can be represented by no more than one monetary unit. C. Has an unknown probability of being selected. D. Has a probability proportional to its monetary value of being selected.

5.4.49 Monetary-unit sampling (MUS) is most useful when the internal auditor A. Is testing the accounts payable balance. B. Cannot cumulatively arrange the population items. C. Expects to find several material misstatements in the sample. D. Is concerned with overstatements.

5.4.52 An internal auditor is planning to use monetary-unit sampling for testing the monetary value of a large accounts receivable population. The advantages of using monetary-unit sampling (MUS) include all of the following except that it A. Is an efficient model for establishing that a low error rate population is not materially misstated. B. Does not require the normal distribution approximation required by variables sampling. C. Can be applied to a group of accounts because the sampling units are homogenous. D. Results in a smaller sample size than classical variables sampling for larger numbers of misstatements.

5.5.60 An auditor is testing on a company's large, normally distributed accounts receivable file. The objectives of the audit are to test end-of-period monetary balances and accounts receivable posting exception (error) rates. The expected population exception rate is 3% for the accounts receivable posting processes. If the auditor has established a 5% tolerable rate, the auditor would use which sampling plan for testing the actual exception rate? A. Difference or mean-per-unit estimation. B. Discovery. C. Stratified. D. Attribute.

5.5.61 An auditor is testing on a company's large, normally distributed accounts receivable file. The objectives of the audit are to test end-of-period monetary balances and accounts receivable posting exception (error) rates. To test the accounts receivable file to compute an estimated monetary total, the auditor could use any one of the following sampling techniques except A. Difference or ratio estimation. B. Unstratified mean-per-unit estimation. C. Probability-proportional-to-size sampling. D. Attribute sampling.

5.5.67 Which sampling plan requires no additional sampling once the first error is found? A. Stratified sampling. B. Attribute sampling. C. Stop-or-go sampling. D. Discovery sampling.

5.5.68 The supervisor of claims processing for a health insurance firm selects all claims processed in the past 2 days by a particular employee for audit. From this sample, the supervisor can develop A. An overall representative view of employee work for the year. B. A quantification of sampling error. C. Conclusions about the correctness of processing for the department. D. An understanding of the details contained in the processing task.

5.5.70 Assume the internal auditor becomes concerned that significant fraud may be taking place by dentists who are billing the health care processor for services that were not provided. For example, employees may have their teeth cleaned, but the dentist charges the processor for pulling teeth and developing dentures. The most effective procedure to determine whether such a fraud exists is to A. Develop a schedule of payments made to individual dentists. Verify that payments were made to the dentists by confirming the payments with the health care processor. B. Take a random sample of payments made to dentists and confirm the amounts paid with the dentists' offices to determine that the amounts agree with the amounts billed by the dentists. C. Take a random sample of claims submitted by dentists and trace through the system to determine whether the claims were paid at the amounts billed. D. Take a discovery sample of employee claims that were submitted through dentist offices, and confirm the type of service performed by the dentist through direct correspondence with the employee who had the service performed.

6.8.77 Researching and identifying best-in-class performance is often the most difficult phase. Which of the following is not a critical step? A. Setting up databases. B. Choosing information-gathering methods. C. Formatting questionnaires. D. Employee training and empowerment.

5.5.76 An auditor is checking the accuracy of a computer-printed inventory listing to determine whether the total monetary value of inventory is significantly overstated. Because there is not adequate time or resources to check all items in the warehouse, a sample of inventory items must be used. If the sample size is fixed, which one of the following would be the most accurate sampling approach in this case? A. Select those items that are most easily inspected. B. Employ simple random sampling. C. Sample so that the probability of a given inventory item being selected is proportional to the number of units sold for that item. D. Sample so that the probability of a given inventory item being selected is proportional to its book value.

5.6.78 An organization has collected data on the complaints made by personal computer users and has categorized the complaints. (Refer to Figure FIGURE18_12.) The chart displays the A. Arithmetic mean of each computer complaint. B. Relative frequency of each computer complaint. C. Median of each computer complaint. D. Absolute frequency of each computer complaint.

5.6.84 A manufacturer mass produces nuts and bolts on its assembly line. The line supervisors sample every nth unit for conformance with specifications. Once a nonconforming part is detected, the machinery is shut down and adjusted. The most appropriate tool for this process is a A. Fishbone (Ishikawa diagram. B. Cost of quality report. C. ISO 9000 audit. D. Statistical quality control chart.

5.6.85 The director of sales asks for a count of customers grouped in descending numerical rank by (1) the number of orders they place during a single year and (2) the dollar amounts of the average order. The visual format of these two pieces of information is most likely to be a A. Fishbone (Ishikawa diagram. B. Cost of quality report. C. Kaizen diagram. D. Pareto diagram.

6.1.10 During an operational engagement, an internal auditor compares the inventory turnover rate of a subsidiary with established industry standards to A. Evaluate the accuracy of the subsidiary's internal financial reports. B. Test the subsidiary's controls designed to safeguard assets. C. Determine if the subsidiary is complying with organizational procedures regarding inventory levels. D. Assess the performance of the subsidiary and indicate where additional engagement work may be needed.

6.1.5 Which of the following best describes a preliminary survey? A. A standardized questionnaire used to obtain an understanding of management objectives. B. A statistical sample of key employee attitudes, skills, and knowledge. C. A "walk-through" of the financial control system to identify risks and the controls that can address those risks. D. A process used to become familiar with activities and risks to identify areas for engagement emphasis.

6.1.6 The internal auditors of a financial institution are performing an engagement to evaluate the institution's investing and lending activities. During the last year, the institution has adopted new policies and procedures for monitoring investments and the loan portfolio. The internal auditors know that the organization has invested in new types of financial instruments during the year and is heavily involved in the use of financial derivatives to appropriately hedge risks. If the internal auditors were to conduct a preliminary review, which of the following procedures should be performed? A. Review reports of engagements performed by regulatory and external auditors since the last internal audit engagement. B. Interview management to identify changes made in policies regarding investments or loans. C. Review minutes of board meetings to identify changes in policies affecting investments and loans. D. All of the answers are correct.

6.10.99 The single most important factor in drawing a useful conclusion or stating a useful opinion in an engagement report is A. Use of statistical sampling techniques. B. Senior management interest in the engagement outcome. C. Auditee management assurances. D. Auditor judgment.

6.2.18 An auditor is considering developing a questionnaire to research employee attitudes toward control procedures. Which of the following is a criterion that should not be considered in designing the questionnaire? A. Questions must be worded to ensure a valid interpretation by the respondents. B. Questions must be reliably worded so that they measure what was intended to be measured. C. The questionnaire should be short to increase the response rate. D. Questions should be worded such that a "No" answer indicates a problem.

6.2.20 Which of the following is not an advantage of sending an internal control questionnaire prior to an audit engagement? A. The engagement client can use the questionnaire for self-evaluation prior to the auditor's visit. B. The questionnaire will help the engagement client understand the scope of the engagement. C. Preparing the questionnaire will help the auditor plan the scope of the engagement and organize the information to be gathered. D. The engagement client will respond only to the questions asked, without volunteering additional information.

6.2.22 Which of the following statements describes an internal control questionnaire? It A. Provides detailed evidence regarding the substance of the control system. B. Takes less of the engagement client's time to complete than other control evaluation devices. C. Requires that the internal auditor be in attendance to properly administer it. D. Provides indirect evidence that might need corroboration.

6.3.25 When an internal auditor is interviewing to gain information, (s)he will not be able to remember everything that was said in the interview. The most effective way to record interview information for later use is to A. Write notes quickly, trying to write down everything in detail as it is said; then highlight important points after the meeting. B. Electronically record the interview to capture everything that everyone says; then type everything said into a computer for documentation. C. Hire a professional secretary to take notes, allowing complete concentration on the interview; then delete unimportant points after the meeting. D. Organize notes around topics on the interview plan and note responses in the appropriate area, reviewing the notes after the meeting to make additions.

6.3.26 As part of an engagement to evaluate safety management programs, an internal auditor interviews the individual responsible for writing, issuing, and maintaining safety procedures. While the internal auditor's primary interest is to identify the controls ensuring that procedures are kept current, the individual has a tremendous amount of information and seems intent on telling the internal auditor most of it. What might the internal auditor do to guard against missing what is important? A. Write down everything the individual says. If the internal auditor gets behind, ask for a pause and catch up. After the interview, the internal auditor can sift through the notes and be confident of finding the key information. B. Tape record the interview and later extract the relevant information. C. Do not sort through extraneous information. Revisit the topic with the individual's supervisor and obtain any needed information at that time. D. During the conversation, make an effort to anticipate the approach of a point of critical interest.

6.3.31 An internal auditor is interviewing an employee. While listening to the interviewee, the internal auditor should A. Prepare a response to the interviewee. B. Take mental notes on the speaker's nonverbal communication because it is more important than what is being said. C. Make sure all details, as well as the main ideas of the interviewee, are remembered. D. Integrate the incoming information from the interviewee with information that is already known.

6.4.37 An internal auditing team has been assigned to review "the customer satisfaction measurement system" that the Industrial Products Division implemented 2 years ago. This system consists of an annual mail survey conducted by the division's customer service office. A survey is sent to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. The survey is three pages long, and its 30 questions use a mixture of response modes (e.g., some questions are open-ended, some are multiple-choice, and others use a response scale). The customer service office mails the survey in September and tabulates the results for questionnaires returned by October 15. Only one mailing is sent. If the customer does not return the questionnaire, no follow-up is conducted. When the survey was last conducted, 45 of the questionnaires were not returned. Which of the following is not an advantage of face-to-face interviews over mail surveys? A. The response rate is typically higher. B. Interviewers can increase a respondent's comprehension of questions. C. Survey designers can use a wider variety of types of questions. D. They are less expensive because mailing costs are avoided.

6.4.40 An internal auditing team developed a preliminary questionnaire with the following response choices: I. Probably not a problem II. Possibly a problem III. Probably a problem The questionnaire illustrates the use of A. Trend analysis. B. Ratio analysis. C. Unobtrusive measures or observations. D. Rating scales.

6.5.44 During a preliminary survey of the accounts receivable function, an internal auditor discovered a potentially major control deficiency while preparing a flowchart. What immediate action should the internal auditor take regarding the weakness? A. Perform sufficient testing to determine its cause and effect. B. Report it to the level of management responsible for corrective action. C. Schedule a separate engagement to evaluate that segment of the accounts receivable function. D. Highlight the weakness to ensure that procedures to test it are included in the engagement work program.

6.6.50 An auditor is least likely to use computer software to A. Construct parallel simulations. B. Access client data files. C. Prepare spreadsheets. D. Assess computer control risk.

6.6.56 Which of the following is the primary reason that many auditors hesitate to use embedded audit modules? A. Embedded audit modules cannot be protected from computer viruses. B. Auditors are required to monitor embedded audit modules continuously to obtain valid results. C. Embedded audit modules can easily be modified through management tampering. D. Auditors are required to be involved in the system design of the application to be monitored.

6.7.64 During an engagement, the internal auditor should consider the following factor(s) in determining the extent to which analytical procedures should be used during the engagement: A. Adequacy of the system of internal control. B. Significance of the area being examined. C. Precision with which the results of analytical audit procedures can be predicted. D. All of the answers are correct.

6.7.68 A rental car organization's fleet maintenance division uses a different code for each type of inventory transaction. A daily summary report lists activity by part number and transaction code. The report is reconciled by the parts room supervisor to the day's material request forms and is then forwarded to the fleet manager for approval. The use of transaction codes provides the fleet manager with information concerning the types of inventory activities. The internal auditor is considering an analytical review of transaction codes and materials used. The objective of this review is to A. Provide information about overstocked inventory items. B. Reveal shortages in perpetual inventory records. C. Determine whether inventory items are properly valued. D. Identify possible material lost due to employee theft.

6.7.69 During an operational audit engagement, an auditor compared the inventory turnover rate of a subsidiary with established industry standards in order to A. Evaluate the accuracy of internal financial reports. B. Test controls designed to safeguard assets. C. Determine compliance with corporate procedures regarding inventory levels. D. Assess performance and indicate where additional audit work may be needed.

6.8.73 An example of an internal nonfinancial benchmark is A. The labor rate of comparably skilled employees at a major competitor's plant. B. The average actual cost per pound of a specific product at the company's most efficient plant. C. A US $50,000 limit on the cost of employee training programs at each of the company's plants. D. The percentage of customer orders delivered on time at the company's most efficient plant.

6.8.75 Which of the following statements regarding benchmarking is false? A. Benchmarking involves continuously evaluating the practices of best-in-class organizations and adapting company processes to incorporate the best of these practices. B. Benchmarking, in practice, usually involves a company's formation of benchmarking teams. C. Benchmarking is an ongoing process that entails quantitative and qualitative measurement of the difference between the company's performance of an activity and the performance by the best in the world or the best in the industry. D. The benchmarking organization against which a firm is comparing itself must be a direct competitor.

6.8.78 Which of the following is true of benchmarking? A. Benchmarking is typically accomplished by comparing an organization's performance with the performance of its closest competitors. B. Benchmarking can be performed using either qualitative or quantitative comparisons. C. Benchmarking is normally limited to manufacturing operations and production processes. D. Benchmarking is accomplished by comparing an organization's performance to that of the best-performing organizations.

6.9.80 An inexperienced internal auditor notified the senior auditor of a significant variance from the engagement client's budget. The senior told the new internal auditor not to worry because the senior had heard that there had been an unauthorized work stoppage that probably accounted for the difference. Which of the following statements is most appropriate? A. The new internal auditor should have investigated the matter fully and not bothered the senior. B. The senior used proper judgment in curtailing what could have been a wasteful investigation. C. The senior should have halted the engagement until the variance was fully explained. D. The senior should have aided the new internal auditor in formulating a plan for accumulating appropriate information.

6.9.86 An internal auditor decides to perform an inventory turnover analysis for both raw materials inventory and finished goods inventory. The analysis would be potentially useful in A. Identifying products for which management has not been attuned to changes in market demand. B. Identifying potential problems in purchasing activities. C. Identifying obsolete inventory. D. All of the answers are correct.

6.9.89 Two major retail organizations, both publicly traded and operating in the same geographic area, have recently merged. Both are approximately the same size and have internal audit activities. Organization A has little EDI experience. Organization B has invested heavily in information technology and has EDI connections with its major vendors. The board has asked the internal auditors from both organizations to analyze risk areas that should be addressed after the merger. The chief audit executive of Organization B has suggested that the two internal audit activities have a planning meeting to share work programs, scope of engagement coverage, and copies of engagement communications that were delivered to their boards. Management has also suggested that the internal auditors review the compatibility of the organizations' two computer systems and control philosophy for individual store operations. The two organizations agree to share data on store operations. The data reveal that three stores in Organization A are characterized by significantly lower gross margins, higher-than-average sales volume, and higher levels of employee bonuses. The three stores are part of a set of six that are managed by a relatively new section manager. In addition, the store managers of the three stores are also relatively new. The most likely cause of the observed data is A. The relative inexperience of the store managers. B. Problems with employee training and employee ability to meet customer needs. C. Fraudulent activity whereby goods are taken from the stores, thus resulting in the lower gross margins. D. Promotional activities that offer large discounts coupled with the payment of bonuses to employees who reach targeted sales goals.

6.9.93 Assume an internal auditor computes an inventory turnover rate by product line and identifies a number of product lines with a rate of less than 3.5. Which of the following conclusions can be justified by these engagement results? I. The identified product lines contain obsolete inventory. II. Inventory is valued at more than net realizable value. Inventory costs are too high because the organization is carrying obsolete inventory. I and III only. II only. I, II, and III. None of the answers are correct.

6.9.94 The following represents accounts receivable information for a corporation for a 3 All of the following are plausible explanations for these changes except A. Fictitious sales may have been recorded. B. Credit and collection procedures have become ineffective. C. Allowance for bad debts is understated. D. Sales returns for credit have been overstated.

7.10.91 An internal auditor's objective is to determine the cause of inventory shortages shown by the physical inventories taken by an independent service organization that used some engagement client personnel. The internal auditor addresses this objective by reviewing the count sheets, inventory printouts, and memos from the last inventory. The source of information and the sufficiency of this information are A. Internal and not sufficient. B. External and sufficient. C. Both external and internal and sufficient. D. Both external and internal and not sufficient.

7.11.100 The most persuasive information regarding the asset value of newly acquired computers is A. Inquiry of management. B. Observation of engagement client's procedures. C. Physical examination. D. Documentation prepared externally.

7.11.107 One objective of an internal auditing engagement involving the receiving function is to determine whether receiving clerks independently count incoming supplies before completing the quantity received section of the receiving report. Which of the following is the most persuasive information supporting the assertion that the counts are made? A. The receiving section supervisor's assurance, based on personal observation, that the counts are made. B. A receiving clerk's initials on all receiving reports attesting that the count was made. C. Assurance, from the warehouse supervisor, that the accuracy of the perpetual inventory is the result of the reliability of the entries in the quantity received section. D. Periodic observations by the internal auditor over the course of the engagement.

7.2.5 A working paper is complete when it A. Complies with the internal audit activity's format requirements. B. Contains all of the attributes of an observation. C. Is clear, concise, and accurate. D. Satisfies the engagement objective for which it is developed.

7.3.19 Which of the following is an unnecessary feature of a working paper prepared in connection with maintenance costs? A. The internal auditor has initialed and dated the working paper as of the date completed even though the working paper was prepared over the preceding 4 working days. B. Total repair expense for the month preceding the engagement is shown. C. The chief audit executive has initialed the working paper as reviewer although the working paper was prepared by another person. D. Total acquisition cost of property, plant, and equipment for the preceding month is shown.

7.3.20 When performing an engagement to evaluate the computerized purchasing activities of a manufacturing organization, which of the following should be included in the permanent file portion of the engagement working papers? A. Copies of the computer program documentation. B. Printouts using internal auditor-prepared programs and test data. C. Prior year's working papers revised to reflect changes during the current year. D. Information concerning administrative controls over the computer operations at each location.

7.3.21 Each individual working paper should, at a minimum, contain a(n) A. Expression of the internal auditor's overall opinion. B. Tick mark legend. C. Complete flowchart of the system of internal controls for the area being reviewed. D. Descriptive heading.

7.3.29 During the working-paper review, an internal auditing supervisor finds that the internal auditor's observations are not adequately cross-referenced to supporting documentation. The supervisor will most likely instruct the internal auditor to A. Prepare a working paper to indicate that the full scope of the engagement was carried out. B. Familiarize him/herself with the sequence of working papers so that (s)he will be able to answer questions about the conclusions stated in the final engagement communication. C. Eliminate any cross-references to other working papers because the system is unclear. D. Provide a cross-referencing system that shows the relationship among observations, conclusions, recommendations, and the related facts.

7.4.31 Which of the following actions constitutes a violation of the confidentiality concept regarding working papers? An internal auditor A. Takes working papers to his/her hotel room overnight. B. Shows working papers on occasion to engagement clients. C. Allows the external auditor to copy working papers. D. Misplaces working papers occasionally.

7.4.35 The internal auditor is most likely to make working papers available to the engagement client when A. Fraud is suspected. B. The internal auditors have recorded specific damaging comments. C. The internal auditor considers the content noncontroversial. D. Engagement client comments are needed to evaluate significance and accuracy.

7.6.43 Internal auditors often flowchart a control system and reference the flowchart to narrative descriptions of certain activities. This is an appropriate procedure to A. Determine whether the system meets established management objectives. B. Document that the system meets international auditing requirements. C. Determine whether the system can be relied upon to produce accurate information. D. Gain the understanding necessary to test the effectiveness of the system.

7.6.45 An auditor frequently uses flowcharts to determine whether there is A. Satisfactory performance of an operation. B. Sufficient but not excessive personnel assigned to an operation. C. Authority to meet the performance criteria. D. Inefficiency and lack of controls.

7.6.53 Graphical notations that show the flow and transformation of data within a system or business area are called A. Action diagrams. B. Program structure charts. C. Conceptual data models. D. Data flow diagrams.

7.7.56 Engagement information is usually considered relevant when it is A. Derived through valid statistical sampling. B. Objective and unbiased. C. Factual, adequate, and convincing. D. Consistent with the engagement objectives.

7.7.58 Reliable information is A. Supportive of the engagement observations and consistent with the engagement objectives. B. Helpful in assisting the organization in meeting prescribed goals. C. Factual, adequate, and convincing so that a prudent person would reach the same conclusion as the internal auditor. D. Competent and the best attainable through the use of appropriate engagement techniques.

7.7.60 Which of the following is an essential factor in evaluating the sufficiency of information? The information must A. Be well documented and cross-referenced in the working papers. B. Be based on references that are considered competent. C. Bear a direct relationship to the observation and include all of the elements of an observation. D. Be convincing enough for a prudent person to reach the same decision.

7.8.66 An internal auditor is evaluating the advertising function. The organization has engaged a medium-sized local advertising agency to place advertising in magazine publications. As part of the review of the engagement working papers, the internal auditing supervisor is evaluating the information collected. The internal auditor reviewed the language in the advertising for its legality and compliance with fair trade regulations by interviewing the organization's advertising manager, the product marketing director (who may not have been objective), and five of the organization's largest customers (who may not have been knowledgeable). The supervisor can justifiably conclude that the information is A. Reliable. B. Irrelevant. C. Conclusive. D. Insufficient.

7.8.67 An internal auditor has set an engagement objective of determining whether all cash receipts are deposited intact daily. To satisfy this objective, the internal auditor interviewed the controller who gave assurances that all cash receipts are deposited as soon as is reasonably possible. As information that can be used to satisfy the stated engagement objective, the controller's assurances are A. Sufficient but not reliable or relevant. B. Sufficient, reliable, and relevant. C. Not sufficient, reliable, or relevant. D. Relevant but not sufficient or reliable.

7.8.68 In deciding whether recorded sales are valid, which of the following items of information is most reliable? A. A copy of the customer's purchase order. B. A memorandum from the director of the shipping department stating that another employee verified the personal delivery of the merchandise to the customer. C. Accounts receivable records showing cash collections from the customer. D. The shipping document, independent bill of lading, and the invoice for the merchandise.

7.8.69 The chief audit executive is reviewing some of the basic concepts inherent in the performance of an engagement with three internal auditors who are on a rotation assignment. After 6 months in the internal audit activity, they will move back to line positions. Each of them has fairly extensive organizational experience and is on a fast track to a high-level management line position. To develop their analytical decision-making abilities, the CAE pulls some old engagement working papers, holding back the review notes and clearing comments. The CAE asks the team to indicate the informational criteria that are violated. During the planning stage of an engagement, the internal auditor made an on-site observation of the vehicle maintenance department and included the following statement in a memorandum summary of the results: "We noted that several maintenance garages were deteriorating badly. Fencing around the property was in need of repair." Which of the following informational criteria, if any, is violated? A. Sufficiency. B. Reliability. C. Relevance. D. No criteria are violated.

7.8.70 The chief audit executive is reviewing some of the basic concepts inherent in the performance of an engagement with three internal auditors who are on a rotation assignment. After 6 months in the internal audit activity, they will move back to line positions. Each of them has fairly extensive organizational experience and is on a fast track to a high-level management line position. To develop their analytical decision-making abilities, the CAE pulls some old engagement working papers, holding back the review notes and clearing comments. The CAE asks the team to indicate the informational criteria that are violated. The organization's inventories are under the administration of three production managers. The internal auditors perform a standard limited test of finished goods inventory balances every year. During this year's engagement concerning inventories, the internal auditors noted finished goods inventories were abnormally high, sales were consistent with prior years, and returns and allowances appeared normal. The internal auditors performed the usual random sample recount of several finished goods inventory cards without discrepancy and then extended the testing to include 10 raw materials and 10 work-in-process cards, noting no exceptions. The following statement was included in the engagement working papers: "Our standard test of finished goods inventories revealed no exceptions to the inventory count. We extended our tests this year to include both raw materials and work-in-process without exception. At the time of our engagement, the supervising inventory managers were not available; however, the division secretary indicated that performance standards were on file. It appears that there is adequate awareness and understanding of the performance standards." Which of the following informational criteria is not violated? A. Sufficiency. B. Reliability. C. Relevance. D. All criteria are violated.

7.8.72 The chief audit executive is reviewing some of the basic concepts inherent in the performance of an engagement with three internal auditors who are on a rotation assignment. After 6 months in the internal audit activity, they will move back to line positions. Each of them has fairly extensive organizational experience and is on a fast track to a high-level management line position. To develop their analytical decision-making abilities, the CAE pulls some old engagement working papers, holding back the review notes and clearing comments. The CAE asks the team to indicate the informational criteria that are violated. In an engagement to evaluate the effectiveness and validity of a subsidiary's marketing expenditures, the internal auditors identified the following information: 1 Analytical comparisons of advertising expenditures and changes in shopping patterns and item sales 2 Direct observation of various advertising media used 3 Review of a marketing survey of general public reaction to the marketing plan Which of the following informational criteria, if any, is violated? A. Sufficiency. B. Reliability. C. Relevance. D. No criteria are violated.

7.9.87 The most reliable forms of documentary evidence are those documents that are A. Prenumbered. B. Internally generated. C. Easily duplicated. D. Authorized by a responsible official.

2.5.81 Use of external service providers with expertise in healthcare benefits is appropriate when the internal audit activity is A. Evaluating the organization's estimate of its liability for postretirement benefits, which include healthcare benefits. B. Comparing the cost of the organization's healthcare program with other programs offered in the industry. C. Training its staff to conduct an audit of healthcare costs in a major division of the organization. D. All of the answers are correct.

D (2) developing a comparative analysis of healthcare costs, and (3) training the staff to audit healthcare costs.

6.1.1 In planning an assurance engagement, a survey could assist with all of the following except A. Obtaining engagement client comments and suggestions on control problems. B. Obtaining preliminary information on controls. C. Identifying areas for engagement emphasis. D. Evaluating the adequacy and effectiveness of controls.

D (2) invite comments and suggestions from engagement clients (PA 2210.A1-1, para. 3). A survey is not sufficient for evaluating the adequacy and effectiveness of controls. Evaluation requires testing.

1.5.61 During the course of an engagement, an internal auditor discovered that a research and development employee has been patenting new developments that are unrelated to the basic business of the organization. The organization does not have a specific policy addressing patents on developments that are not related to its basic business, but it has a general policy that all important new discoveries by employees are the property of the organization. The employee is considered one of the most prestigious in the field. The employee's actions have been condoned by local management as an extra incentive to keep the employee at the lab. A decision not to report the employee's action is A. A violation of The IIA's Code of Ethics. B. A violation of the reporting requirements in the Standards. C. Justified because divisional management is aware of the practice, and it is not in violation of organizational policies. D. Both a violation of The IIA's Code of Ethics AND a violation of the reporting requirements in the Standards.

D 2.3 under the objectivity principle states, "Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review." Hence, the failure to report violates The IIA's Code of Ethics and the Standards.

2.1.16 The board is most likely to participate in approving A. Staff promotions and salary increases. B. Engagement communication observations, conclusions, and recommendations. C. Engagement work programs. D. Appointment of the chief audit executive.

D Approving the internal audit charter Approving the risk-based internal audit plan Receiving communications from the CAE on the internal audit activity's performance Approving decisions regarding the appointment and removal of the CAE Making appropriate inquiries of management and the CAE to determine whether there are inappropriate scope or resource limitations (Inter. Attr. Std. 1110)

2.6.109 During a consulting engagement, an internal auditor should exercise due professional care by considering which of the following? I. Needs and expectations of engagement clients II. Relative complexity and extent of work needed III. Cost of the consulting engagement A. I and II. B. II and III. C. I and III. D. I, II, and III.

D during a consulting engagement by considering the Needs and expectations of engagement clients, including the nature, timing, and communication of engagement results. Relative complexity and extent of work needed to achieve the engagement's objectives. Cost of the consulting engagement in relation to potential benefits (Impl. Std. 1220.C1).

2.4.73 The Standards require that internal auditors possess which of the following skills? I. Internal auditors should understand human relations and be skilled in dealing with people. II. Internal auditors should be able to recognize and evaluate the materiality and significance of deviations from good business practices. III. Internal auditors should be experts on subjects such as economics, commercial law, taxation, finance, and information technology. IV. Internal auditors should be skilled in oral and written communication. A. II only. B. I and III only. C. III and IV only. D. I, II, and IV only.

D include Skills in dealing with people, understanding human relations, and maintaining satisfactory relationships with engagement clients. Skills in oral and written communications to clearly and effectively convey such matters as engagement objectives, evaluations, conclusions, and recommendations. An understanding of management principles to recognize and evaluate the materiality and significance of deviations from good business practices. An appreciation of (not expertise in) of the fundamentals of business subjects such as accounting, economics, commercial law, taxation, finance, quantitative methods, information technology, risk management, and fraud (PA 1210-1, para. 1).

4.1.2 Which of the following are elements of the control environment? A. Integrity and ethical values. B. Organizational structure. C. Assignment of authority and responsibility. D. All of the answers are correct.

D seven elements of the control environment: Integrity and ethical values Commitment to competence Board of directors or audit committee Management's philosophy and operating style Organizational structure Assignment of authority and responsibility Human resource policies and practices

7.2.3 Which of the following does not describe one of the functions of engagement working papers? A. Facilitates third-party reviews. B. Aids in the planning, performance, and review of engagements. C. Provides the principal support for engagement communications. D. Aids in the professional development of the operating staff.

D (4) support the accuracy and completeness of the work performed; (5) provide a basis for the internal audit activity's quality assurance and improvement program; and (6) facilitate third-party review (PA 2330-1, para. 2).

4.2.24 Management considers risk appetite for all of the following reasons except A. Evaluating strategic options. B. Setting objectives. C. Developing risk management techniques. D. Increasing the net present value of investments.

D d. Evaluating strategies, d. Setting related objectives, and d. Developing risk management methods. Increasing the net present value of investments is an operational objective. It would be determined after consideration of the entity's risk appetite and other strategic factors.

सभी स्टडी सेट्स देखें

GEO 135 week 4

HESI Admission Assessment Exam Review, Hesi A2 Vocabulary, HESI A2 Grammar, HESI - Math, Anatomy and Physiology Hesi A2 Admission Assessment 4th edition, HESI CHEMISTRY, HESI Vocab, HESI Entrance Exam Vocabulary, Hesi, HESI Biology

cia

संबंधित स्टडी सेट्स

GEO 135 week 4

HESI Admission Assessment Exam Review, Hesi A2 Vocabulary, HESI A2 Grammar, HESI - Math, Anatomy and Physiology Hesi A2 Admission Assessment 4th edition, HESI CHEMISTRY, HESI Vocab, HESI Entrance Exam Vocabulary, Hesi, HESI Biology

Conceptual Physics Ch 13

Exam 2

Finc Exam 1: 1,2, 3, 5

Pädagogische Handlungskonzepte

Immune and Hematologic Disorders PrepU

Advanced Career and Employment Development

Ec 70 - Midterm 2 Key Terms

EC1008: Chapter 5 questions and answers

Psychology Test Ch. 9, 10, 11

Hematologic System 39 nclex questions

Chapter 32

Unit 10 multiple choice questions

Ethical and Professional Standards and Quantitative Methods (Book 1)

Science Chapter 10 Caputo

Principles of Chiropractic Midterm

Anthropology test 2 chapter 6

Income Statement Preparation and Analysis

Mod 14 EAQs