Exam 3 - Quizzes

1 and 4 only This answer is correct. Determining whether all goods paid for have been received addresses safeguarding of assets. Determining whether the correct accounts have been charged addresses the reliability and integrity of financial information.

A specific objective of an audit of a company's expenditure cycle is to determine whether all goods paid for have been received and charged to the correct account. This objective addresses which of the following primary objectives identified in the Standards? Reliability and integrity of financial and operational information. Compliance with laws, regulations, policies, procedures, and contracts. Effectiveness and efficiency of operations and programs. Safeguarding of assets. 1 and 2 only. 1 and 4 only. 1, 2, and 4 only. 2, 3, and 4 only.

1,2,3, and 4 This answer is correct. According to The IIA Research Foundation, "An environmental management system is an organization's structure of responsibilities and policies, practices, procedures, processes, and resources for protecting the environment and managing environmental issues. Environmental auditing is an integral part of an environmental management system whereby management determines whether the organization's environmental control systems are adequate to ensure compliance with regulatory requirements and internal policies."

A manufacturer uses hazardous materials in production. An audit of these materials may include Evaluating whether the organization complies with new environmental regulations. Recommending an environmental management system as a part of policies and procedures. Verifying the existence of tracking records for these materials from their creation to destruction. Examining the likelihood and magnitude of any contingent liabilities related to compliance with environmental law. 2, 3, and 4 only. 1, 2, 3, and 4. 3 and 4 only. 2 and 3 only.

D Determine that the budget was reviewed and approved by supervisory personnel within the granting agency. The activities of the granting agency are not relevant to a compliance engagement relating to the city's use of the grant funds. The internal auditors are responsible only for determining whether the city is in compliance with the requirements of the gran

A certified internal auditor is the chief audit executive for a large city and is planning the engagement work schedule for the next year. The city has a number of different funds, some that are restricted in use by government grants and some that require compliance reports to the government. One of the programs for which the city has received a grant is job retraining and placement. The grant specifies certain conditions a participant in the program must meet to be eligible for the funding. The chief audit executive plans an engagement to verify that the job retraining program complies with applicable grant provisions. One of the provisions is that the city adopt a budget for the program and subsequently follow procedures to ensure that the budget is adhered to and that only allowable costs are charged to the program. In performing an engagement concerning compliance with this provision, the internal auditors should perform all of the following procedures except A Determine that the budget was reviewed and approved by supervisory personnel within the city. B Select a sample of expenditures to determine that the expenditures are (1) properly classified as to type, (2) appropriate to the program, and (3) designed to meet the program's objectives. C Compare actual results with budgeted results and determine the reason for deviations. Determine if such deviations have been approved by appropriate officials. D Determine that the budget was reviewed and approved by supervisory personnel within the granting agency.

High amount of bad debt write-offs. This answer is correct. The level of bad debts written off as uncollectible is a benchmark stated in financial terms. A level exceeding the benchmark could indicate fraud, which compromises the accuracy and reliability of financial reports. Bad debt write-offs may result from recording fictitious sales.

A company with many branch stores has decided to benchmark one of its stores for the purpose of analyzing the accuracy and reliability of branch store financial reporting. Which one of the following is the most likely measure to be included in a financial benchmark? High level of employee participation in setting budgets. High amount of bad debt write-offs. High turnover of employees. High number of suppliers.

D Review of the internal controls in place at an organization targeted for acquisition by a larger entity A due diligence engagement is a service to determine the business justification for a major transaction, such as a business combination, and whether that justification is valid. Thus, the internal auditors and others may be part of a team that reviews the acquiree's operations, controls, financing, or disclosures of financial information.

A due diligence review may be a(n) A Review of interim financial statements as directed by an underwriting firm. B Review of operations as requested by the audit committee to determine whether the operations comply with audit committee and organizational policies. C Operational audit of a division of an organization to determine whether divisional management is complying with laws and regulations. D Review of the internal controls in place at an organization targeted for acquisition by a larger entity.

Testimonial This answer is correct. Information may consist of authoritative documentation, calculations by the internal auditor, internal control, interrelationships among the data, physical existence, subsequent events, subsidiary records, and testimony by stakeholders. Oral or written statements (e.g., letters to the internal auditor) derived from inquiries or interviews are testimonial information.

A letter to the internal auditor in response to an inquiry is an example of which type of information? Physical. Documentary. Analytical. Testimonial.

Generic benchmarking. This answer is correct. Generic benchmarking observes a process in one operation and compares it with a similar process but in a different industry.

A manufacturer compares its accounts payable practices with those of an investment bank. This comparison is an example of Strategic benchmarking. Internal benchmarking. Generic benchmarking. Competitive benchmarking.

C Appraisal of the business and control environment and comparison against established criteria. Performance audit engagements involve review of the business and control environment and key performance indicators against set criteria using balanced scorecards, SWOT analysis, and management control evaluation. A balanced scorecard is an evaluation of performance against established criteria. SWOT analysis appraises the business and potentially the control environment.

A performance audit engagement typically involves A Review of financial statement information, including the appropriateness of various accounting treatments. B Evaluation of organizational and departmental structures, including assessments of process flows. C Appraisal of the business and control environment and comparison against established criteria. D Tests of compliance with policies, procedures, laws, and regulations.

Expenditures for fixed assets have been recorded in the proper period. This answer is correct. Determining that capitalizable fixed assets expenditures were recorded in the proper accounting period involves sampling from the fixed assets file, including the fixed assets file from the following period.

A population of entries in the fixed assets file from the current period and the next period is an appropriate population to sample if the audit objective is to determine whether Noncapital repair expenditures have been recorded in the proper period. Expenditures for fixed assets have been recorded in the proper period. Capital expenditures were properly authorized. Expenditures for fixed assets have been improperly expensed.

D All of the answers are correct. A program-results engagement is intended to obtain information about the costs, outputs, benefits, and effects of the program. It attempts to measure the accomplishment and relative success of the undertaking. Because benefits often cannot be quantified in financial terms, a special concern is the ability to measure effectiveness.

A program-results engagement A Attempts to measure the accomplishment and success of the program. B Concerns the ability to measure the effectiveness of the program. C Obtains information about the costs of the program. D All of the answers are correct.

C Comparing the unit cost of the products sold before and during the promotion period. The facts do not indicate that the cost of the products sold has changed. Moreover, this procedure does not consider the revenue effects of the promotion. The challenge is to address the overall effectiveness of the promotion.

A sales department has been giving away expensive items in conjunction with new product sales to stimulate demand. The promotion seems successful, but management believes the cost may be too high and has asked for a review by the internal audit activity. Which of the following procedures would be the least useful to determine the effectiveness of the promotion? A Performing an analysis of marginal revenue and marginal cost for the promotion period, compared to the period before the promotion. B Performing a review of the sales department's benchmarks used to determine the success of a promotion. C Comparing the unit cost of the products sold before and during the promotion period. D Comparing product sales during the promotion period with sales during a similar non-promotion period.

The internal audit charter should be amended. This answer is correct. The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter (Attr. Std. 1000). The nature of consulting services must be defined in the internal audit charter (Impl. Std. 1000.C1).

After the chief audit executive receives approval from the board to offer consulting services, what should be done? The CAE should begin performing consulting services. The board should develop appropriate policies and procedures for conducting such engagements. The internal audit charter should be amended. The CAE should get approval from the internal auditors.

An analysis of quality control documents. This answer is correct. Internal auditors may perform a survey to (1) become familiar with activities, risks, and controls to identify areas for engagement emphasis and (2) invite comments and suggestions from stakeholders. An analysis of quality control documents is a part of field work, which follows the survey.

An assurance engagement in the quality control department is being planned. Which of the following is least likely to be used in the preparation of a preliminary survey questionnaire? The permanent engagement file. Management's charter for the quality control department. The prior engagement communications. An analysis of quality control documents.

Questions should be worded such that a "No" answer indicates a problem. This answer is correct. Many types of questions can be used. Questions can be multiple-choice, checklists, fill-in-the-blank, essay, Likert scales, items (options indicating degrees of agreement or disagreement), etc.

An auditor is considering developing a questionnaire to research employee attitudes toward control procedures. Which of the following is a criterion that should not be considered in designing the questionnaire? Questions must be worded to ensure a valid interpretation by the respondents. Questions should be worded such that a "No" answer indicates a problem. The questionnaire should be short to increase the response rate. Questions must be reliably worded so that they measure what was intended to be measured.

Purchasing department. This answer is correct. The primary function of a purchasing department is to ensure the authorized acquisition of goods and services of a specified quality and quantity on a timely basis at an economical price. User departments should authorize purchases based upon need and within budget. The purchasing department executes the purchase transaction upon appropriate authorization.

An engagement objective is to verify that the correct goods or services are received on time, at the right price, and in the right quantity. Based on this objective, the function to be reviewed is the Purchasing department. Receiving department. Manufacturing department. Payroll department.

The labor rate of comparably skilled employees at a major competitor's plant. This answer is correct. The labor rate at a major competitor's plant is an example of a competitive benchmark in the form of a financial measure. A competitive benchmarking studies a competitor organization.

An example of a competitive financial benchmark is The customer satisfaction rating of a comparable process from an organization in a different industry. A data cap on the information technology department at each plant. The average actual cost per pound of a specific product at the organization's most efficient plant. The labor rate of comparably skilled employees at a major competitor's plant.

The percentage of customer orders delivered on time at the company's most efficient plant. This answer is correct. Benchmarking is a continuous evaluation of the practices of the best organizations in their class and the adaptation of processes to reflect the best of these practices. It entails analysis and measurement of key outputs against those of the best organizations. This procedure also involves identifying the underlying key actions and causes that contribute to the performance difference. The percentage of orders delivered on time at the company's most efficient plant is an example of an internal nonfinancial benchmark.

An example of an internal nonfinancial benchmark is The percentage of customer orders delivered on time at the company's most efficient plant. A US $50,000 limit on the cost of employee training programs at each of the company's plants. The average actual cost per pound of a specific product at the company's most efficient plant. The labor rate of comparably skilled employees at a major competitor's plant.

C The performance of full background checks on employees and new hires. The audit plan should include a review of the compliance program and its procedures. The review should determine whether (1) written materials are effective, (2) communications have been received by employees, (3) detected violations have been appropriately handled, (4) discipline has been even-handed, (5) whistleblowers have been protected, and (6) the compliance unit has fulfilled its responsibilities. The auditors should review the compliance program to determine whether it can be improved and should solicit employee input. Moreover, organizations should screen applicants for employment at all levels and inquire as to past criminal convictions, taking care not to infringe upon employees' and applicants' privacy rights. However, a review of the performance of full background checks is not included in an audit plan as part of the review of an organization's compliance program.

An internal audit plan should include a review of the organization's compliance program and its procedures, including reviews to determine all but which of the following? A The effectiveness of written materials. B The appropriate handling of detected violations. C The performance of full background checks on employees and new hires. D The receipt of communications by employees.

The SOP questionnaires should improve control adequacy, but the internal auditors need to verify that controls are working as documented in the SOP. This answer is correct. A specific advantage of an SOP questionnaire is that it may be used by local management to periodically ensure that employee practices remain current with relevant, valid, and up-to-date standard operating procedures. The overall level of control and the control environment improve when follow-up activities are performed to determine that controls are being implemented as intended.

An internal auditing manager is conducting the annual meeting with manufacturing division management to discuss proposed engagement plans and activities for the next year. After some discussion about the past year's activity at 12 plants in the division, the divisional vice president agrees that all significant recommendations made by the internal auditing staff refer to key controls and related operating activities that are correctly described for local management within the volume of standard operating procedures for the division. The vice president proposes to transcribe key control activities from the division's extensive written procedures to a self-assessment standard operating procedure (SOP) questionnaire. What significance should the internal auditing manager attach to such SOP questionnaires in relation to the proposed engagement schedule for the next year? Engagement activity can be reduced if the vice president agrees to require the internal audit activity's approval of all divisional standard operating procedures. Adding this control should eliminate significant engagement recommendations in the coming year, so the scope of engagement activities can be reduced accordingly. The SOP questionnaires should improve control adequacy, but the internal auditors need to verify that controls are working as documented in the SOP. SOP questionnaires must be mailed and controlled by the internal audit activity to be considered in relation to the proposed engagement schedule.

3,1,2 This answer is correct. When expanding the reporting to other parties, the auditor takes the following steps until satisfied with the resolution of the matter: Determine what direction is provided in the agreement concerning the consulting engagement and related communications. Attempt to persuade those receiving or requesting the service to expand voluntarily the communication to the appropriate parties. Determine what guidance is provided in the internal audit charter or audit activity's policies and procedures concerning consulting communications. Determine what guidance is provided in the organization's code of conduct, code of ethics, and other relative policies, administrative directives, or procedures. Determine what guidance is provided by The IIA's Standards and Code of Ethics, other standards or codes applicable to the auditor, and any legal or regulatory requirements that relate to the matter under consideration.

An internal auditor concludes that the results of a consulting engagement should be communicated beyond those who received or requested the services. The auditor follows a series of steps until satisfied with the resolution. In what order will the auditor perform the following steps? Attempt to convince those receiving or requesting the service to expand voluntarily the communication to the appropriate parties. Determine what guidance is provided in the organization's code of conduct, code of ethics, and other relative policies, administrative directives, or procedures. Determine what direction is provided in the agreement concerning the consulting engagement and related communications. 2, 1, 3. 1, 3, 2. 3, 1, 2. 1, 2, 3.

Both external and internal and not sufficient. This answer is correct. The organization employs an external inventory service and internal personnel for data entry and balancing, so the sources of information are both external and internal. However, the information is not sufficient to determine the cause of the shortages. Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the internal auditor (Inter. Std. 2310). The documents reviewed will not reveal the cause of the shortages.

An internal auditor's objective is to determine the cause of inventory shortages shown by the physical inventories taken by an independent service organization that used some engagement client personnel. The internal auditor addresses this objective by reviewing the count sheets, inventory printouts, and memos from the last inventory. The source of information and the sufficiency of this information are Both external and internal and sufficient. Both external and internal and not sufficient. External and sufficient. Internal and not sufficient.

Consider the engagement to be terminated with no communication of results needed because the engagement client has already agreed to take constructive action. This answer is correct. The apparently constructive action by the auditee may be a delaying tactic intended to conceal more serious problems after the internal auditor has identified significant engagement issues. Moreover, no basis is given for not pursuing the engagement. The internal auditor always considers the risk associated with the potential observations as a basis for determining the need for more immediate attention.

An internal auditor conducts a preliminary survey and identifies a number of significant engagement issues and reasons for pursuing them in more depth. The engagement client informally communicates concurrence with the preliminary survey results and asks that the internal auditor not report on the areas of significant concern until the client has an opportunity to respond to the problem areas. Which of the following engagement responses is not appropriate? Work with the engagement client to keep the engagement on schedule and address the significant issues in more depth, as well as the client's responses, during the course of the engagement. Consider the engagement to be terminated with no communication of results needed because the engagement client has already agreed to take constructive action. Consider the risk involved in the areas involved, and, if the risk is high, proceed with the engagement. Keep the engagement on schedule and discuss with management the need for completing the engagement on a timely basis.

Examine bank reconciliations, confirm bank balances, and verify cutoff of receipts and disbursements; foot totals of reconciliations and compare to cash account balances. This answer is correct. Testing the bank reconciliation determines whether the bank balance per books is the same as the cash in the bank except for such reconciling items as outstanding checks, deposits in transit, and bank charges. The direct receipt of a bank confirmation verifies the amount for cash in the bank stated on the reconciliation. A cutoff bank statement provides independent information regarding the reconciling items. For example, a deposit in transit should appear in the cutoff bank statement. Footing items in the reconciliation tests for mechanical accuracy. The bank balance in the general ledger should be the same as that in the reconciliation.

An internal auditor for a large service organization is performing an engagement to review the organization's cash balance. The internal auditor is considering the most appropriate engagement procedure to use to ensure that the amount of cash is accurately recorded on the financial statements. The most appropriate engagement procedures for the objective are Review the organizational structure and functional responsibilities; verify the existence of, and describe protection procedures for, unused checks, including security measures. Examine bank reconciliations, confirm bank balances, and verify cutoff of receipts and disbursements; foot totals of reconciliations and compare to cash account balances. Compare cash receipt lists to the receipts journal and bank deposit slips; review the segregation of duties, and observe and test cash receipts. Review collection procedures and perform an analytical review of accounts receivable; confirm balances of accounts receivable; and verify the existence of appropriate procedures and facilities.

Relevant but not sufficient or reliable. This answer is correct. Internal auditors must identify sufficient, reliable, relevant, and useful information to achieve engagement objectives (Perf. Std. 2310). Relevant information supports engagement observations and recommendations and is consistent with the objectives for the engagement. Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor. Reliable information is the best information attainable through the use of appropriate techniques (Inter. Std. 2310). The controller's assurance is relevant because it pertains to the cash receipts. However, it lacks reliability because it was not obtained from an independent source. Furthermore, the information is not sufficient because, by itself, it does not provide a reasonable basis for a conclusion.

An internal auditor has set an engagement objective of determining whether all cash receipts are deposited intact daily. To satisfy this objective, the internal auditor interviewed the controller who gave assurances that all cash receipts are deposited as soon as is reasonably possible. As information that can be used to satisfy the stated engagement objective, the controller's assurances are Relevant but not sufficient or reliable. Not sufficient, reliable, or relevant. Sufficient, reliable, and relevant. Sufficient but not reliable or relevant.

B 1 and 3 only. The purpose of a contract audit is to determine whether the contractor is performing as specified in the contract. Whether the contractor has a fraud hotline is of no concern to the entity and is beyond the scope of a contract audit.

An internal auditor is conducting an audit of a contract to build a new branch office. The auditor should consider whether the 1. Materials used in construction meet specified contractual standards. 2. Contractor has established a fraud hotline. 3. Construction is on schedule. A 2 and 3 only. B 1 and 3 only. C 1, 2, and 3. D 1 and 2 only.

1 and 3 only This answer is correct. Observation consists of watching the physical activities of the employees in the organization to see how they perform their duties. The internal auditor can determine whether written policies have been put into practice. Observation is limited because employees who know they are being observed may behave differently while being observed. Moreover, observation is more persuasive for the existence or occurrence assertion (whether assets or liabilities exist and whether transactions have occurred) than for the completeness assertion (whether all transactions that should be reported are reported).

An internal auditor must weigh the cost of an engagement procedure against the persuasiveness of the evidence to be gathered. Observation is one engagement procedure that involves cost-benefit trade-offs. Which of the following statements regarding observation as an engagement technique is (are) true? Observation is limited because individuals may react differently when being observed. When testing financial statement balances, observation is more persuasive for the completeness assertion than it is for the existence assertion. Observation is effective in providing information about how the organization's processes differ from those specified by written policies. 1, 2, and 3. 2 only. 1 and 3 only. 1 only.

A Assist management in its evaluation of effectiveness and efficiency. An operational engagement (audit) assesses the efficiency and effectiveness of an organization's operations. A comparison of actual and standard costs addresses efficiency and effectiveness.

An operational engagement relating to the production function includes a procedure to compare actual costs with standard costs. The purpose of this engagement procedure is to A Assist management in its evaluation of effectiveness and efficiency. B Determine the accuracy of the system used to record actual costs. C Assess the reasonableness of standard costs. D Measure the effectiveness of the standard cost system.

Comparison of cost data with current market quotations. If market quotations are based on sufficient market activity, they usually provide sufficient competent evidence regarding valuation.

An organization makes a practice of investing excess short-term cash in marketable equity securities. A reliable test of the valuation of those securities is a Calculation of premium or discount amortization. Confirmation of securities held by the broker. Recalculation of investment carrying amount using the equity method. Comparison of cost data with current market quotations.

A 1 and 2 only. As part of the exercise of due care, an organization can take a number of steps to protect itself against individuals who have a tendency to engage in illegal activities. For instance, an organization can screen applicants for employment at all levels for evidence of past wrongdoing, especially wrongdoing within the organization's industry. Furthermore, it may inquire as to past criminal convictions, and professionals may be asked about any history of discipline in front of licensing boards. Care should be taken, however, to ensure that the organization does not infringe upon employees' and applicants' privacy rights under applicable laws. Many jurisdictions have laws limiting the amount of information an organization may obtain in performing background checks on employees.

An organization should use due care not to delegate substantial discretionary authority to individuals the organization knows have a propensity to engage in illegal activities. Which of the following are steps an organization can take to ensure that such individuals are detected? Screening of applicants for employment at all levels for evidence of past wrongdoing, especially past criminal convictions within the company's industry. Asking professionals about any history of discipline in front of licensing boards. Performing background checks without permission on employees' or applicants' credit reports to ensure that they are financially sound and are unlikely to commit theft or fraud. A 1 and 2 only. B 1 only. C 3 only. D 1, 2, and 3.

Functional This answer is correct. Benchmarking is one of the primary tools used in the implementation of a TQM approach. It is a means of helping organizations with productivity management and business process review. It is therefore a source of consulting engagements for the internal auditors. Benchmarking is a continuous evaluation of the practices of the best organizations in their class and the adaptation of processes to reflect the best of these practices. It entails analysis and measurement of key outputs against those of the best organizations. This procedure also involves identifying the underlying key actions and causes that contribute to the performance difference. The type of benchmarking most likely to help improve performance measures for a new business line is functional benchmarking. Comparison with organizations that perform related functions within the same technological area provides information about what is being achieved elsewhere in the new business line.

An organization wants to improve on its performance measures for a new business line. Which type of benchmarking is most likely to provide information useful for this purpose? Internal. Functional. Generic. Competitive.

After closure is entered into the system, review by the EHS staff member of the original inspection team should be required in order to verify closure. This answer is correct. Someone independent of the operational area that was inspected should evaluate the adequacy and completeness of corrective action. This independent verification minimizes the potential for closure fraud by the operational manager.

As part of a manufacturing company's environmental, health, and safety (EHS) self-inspection program, inspections are conducted by a member of the EHS staff and the operational manager for a given work area or building. If a deficiency cannot be immediately corrected, the EHS staff member enters it into a tracking database that is accessible to all departments via a local area network. The EHS manager uses the database to provide senior management with quarterly activity reports regarding corrective action. During review of the self-inspection program, an auditor notes that the operational manager enters the closure information and affirms that corrective action is complete. What change in the control system would compensate for this potential conflict of interest? The EHS department secretary should be responsible for entering all information into the tracking system based on memos from the operational manager. No additional control is needed because those implementing a corrective action are in the best position to evaluate the adequacy and completion of that action. After closure is entered into the system, review by the EHS staff member of the original inspection team should be required in order to verify closure. No additional control is needed because the quarterly report is reviewed by senior management, providing adequate oversight in this situation.

Perform a test of controls. This answer is correct. The audit committee and management typically request that the internal audit activity perform sufficient work to form an opinion on the adequacy and effectiveness of internal control over financial reporting. Thus, audit procedures should provide assurance that controls over financial reporting are adequately designed and effectively executed. Controls should ensure the prevention and detection of significant errors, irregularities, incorrect assumptions and estimates, and other events that could misstate financial statements, notes, or disclosures. Tests of controls help an auditor determine whether controls are being followed and are effective. For instance, a policy may require that all large transactions be approved by a manager. As a test of controls, the auditor may sample large transactions and review whether manager approval was obtained and whether the proposed transaction meets all the criteria that the manager was supposed to verify.

As part of a preliminary survey of the purchasing function, an auditor read the department's policies and procedures manual. The auditor concluded that the manual described the processing steps well and contained an appropriate internal control design. The next engagement objective was to determine the operating effectiveness of internal controls. Which procedure would be most appropriate in meeting this objective? Prepare a flowchart. Prepare a system narrative. Perform a test of controls. Perform a substantive test.

During the conversation, make an effort to anticipate the approach of a point of critical interest. This answer is correct. Anticipation is one approach the internal auditor can use to maintain focus during a far-ranging discussion. It assumes that the internal auditor has done some homework and is prepared to listen intelligently. Active listening permits anticipation because the mind can process information more rapidly than most people speak. Thus, the listener has time to analyze the information and determine what is most important.

As part of an engagement to evaluate safety management programs, an internal auditor interviews the individual responsible for writing, issuing, and maintaining safety procedures. While the internal auditor's primary interest is to identify the controls ensuring that procedures are kept current, the individual has a tremendous amount of information and seems intent on telling the internal auditor most of it. What might the internal auditor do to guard against missing what is important? Do not sort through extraneous information. Revisit the topic with the individual's supervisor and obtain any needed information at that time. During the conversation, make an effort to anticipate the approach of a point of critical interest. Write down everything the individual says. If the internal auditor gets behind, ask for a pause and catch up. After the interview, the internal auditor can sift through the notes and be confident of finding the key information. Tape record the interview and later extract the relevant information.

avoid all questions until the speaker has concluded This answer is correct. Questions asked at appropriate times during the interview can indicate that the interviewer is listening attentively. When done correctly, this also allows the interviewer to probe deeper when additional clarification is needed.

Auditors must be effective listeners, especially when asking complex questions. To improve their listening, auditors should take care to do all the following except Be patient. Allow the speaker ample time to respond. Stop talking. It is very difficult to listen and talk at the same time. Avoid all questions until the speaker has concluded. Put the speaker at ease. A nervous speaker will be difficult to understand.

2,1,3 This answer is correct. Prior to offering consulting services, the chief audit executive confirms that the board understands and approves the concept of providing consulting services. Once approved, the internal audit charter is amended to include authority and responsibilities for consulting activities. The internal audit activity then develops appropriate policies and procedures for conducting such engagements.

Before internal auditors begin to offer consulting services to an organization, a number of things need to happen within the organization. What is the order in which the following items should be performed? The internal audit charter is amended to include authority and responsibilities for consulting activities. The CAE confirms that the board understands and approves the concept of providing consulting services. The internal audit activity develops appropriate policies and procedures for conducting such engagements. 1, 2, 3. 2, 1, 3. 2, 3, 1. 3, 2, 1.

D 1 and 4. Participation by employees has a positive effect on motivation because it tends to increase commitment to the job and results in greater personal satisfaction. Moreover, full employee participation requires two-way communication and therefore encourages feedback from employees.

Control self-assessment is a process that involves employees in assessing the adequacy of controls and identifying opportunities for improvement within an organization. Which of the following are reasons to involve employees in this process? Employees become more motivated to do their jobs right. Employees are objective about their jobs. Employees can provide an independent assessment of internal controls. Managers want feedback from their employees. A 3 and 4. B 2 and 4. C 1 and 2. D 1 and 4.

Highlight the weakness to ensure that procedures to test it are included in the engagement work program. This answer is correct. One purpose of the risk assessment is to highlight areas that should be addressed during the engagement. A potentially major control deficiency is a significant area warranting special emphasis and should be noted to ensure the needed coverage in the engagement work program.

During a preliminary survey of the accounts receivable function, an internal auditor discovered a potentially major control deficiency while preparing a flowchart. What immediate action should the internal auditor take regarding the weakness? Schedule a separate engagement to evaluate that segment of the accounts receivable function. Highlight the weakness to ensure that procedures to test it are included in the engagement work program. Perform sufficient testing to determine its cause and effect. Report it to the level of management responsible for corrective action.

A canceled check, made out to the vendor and referenced to the invoice, included in a cutoff bank statement that the internal auditor received directly from the bank. This answer is correct. A canceled check included in a cutoff bank statement received directly from the bank provides external as well as internal documentary information. The information was generated internally but passed through outsiders who confirmed it (honored the check) before sending it directly to the internal auditor. Such information is very persuasive.

Documents provide information with differing degrees of persuasiveness. If the engagement objective is to obtain information that payment has actually been made for a specific invoice from a vendor, which of the following documents ordinarily is the most persuasive? An entry in the engagement client's cash disbursements journal supported by a voucher package containing the vendor's invoice. A vendor's original invoice stamped "PAID" and referenced to a check number. A canceled check, made out to the vendor and referenced to the invoice, included in a cutoff bank statement that the internal auditor received directly from the bank. An accounts payable subsidiary ledger that shows payment of the invoice.

Vendor's invoices This answer is correct. The vendors' invoice confirms that the proper amount due has been recorded. A vendor's invoices provide the best source of information about additions to inventory. Vendors' invoices provide an external source of information regarding shipments to the engagement client. These amounts should be equal to quantities added to inventory (after possible adjustment for items returned to the vendor because of damage, etc.).

During an investigation of unexplained inventory shrinkage, an internal auditor is testing inventory additions as recorded in the perpetual inventory records. Because of internal control weaknesses, the information recorded on receiving reports may not be reliable. Under these circumstances, which of the following documents provides the best information about additions to inventory? Purchase requisitions. Vendors' statements. Vendors' invoices. Purchase orders.

Assess the performance of the subsidiary and indicate where additional engagement work may be needed. This answer is correct. Analytical procedures often are used during the preliminary survey to identify potential areas for additional engagement work.

During an operational engagement, an internal auditor compares the inventory turnover rate of a subsidiary with established industry standards to Test the subsidiary's controls designed to safeguard assets. Determine if the subsidiary is complying with organizational procedures regarding inventory levels. Assess the performance of the subsidiary and indicate where additional engagement work may be needed. Evaluate the accuracy of the subsidiary's internal financial reports.

preliminary survey This answer is correct. Internal auditors may perform a survey to (1) become familiar with activities, risks, and controls to identify areas for engagement emphasis and (2) invite comments and suggestions from stakeholders.

During which phase of the engagement does the internal auditor identify the objectives and related controls of the activity being examined? Work program preparation. Staff selection. Final communication of results. Preliminary survey.

Those who did not respond may be systematically different from those who did. This answer is correct. The sample will not be truly random if respondents as a group differ from nonrespondents. Thus, people may choose not to respond for reasons related to the purpose of the questionnaire.

Fact Pattern: An internal auditing team has been assigned to review "the customer satisfaction measurement system" that the Industrial Products Division implemented 2 years ago. This system consists of an annual mail survey conducted by the division's customer service office. A survey is sent to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. The survey is three pages long, and its 30 questions use a mixture of response modes (e.g., some questions are open-ended, some are multiple-choice, and others use a response scale). The customer service office mails the survey in September and tabulates the results for questionnaires returned by October 15. Only one mailing is sent. If the customer does not return the questionnaire, no follow-up is conducted. When the survey was last conducted, 45 of the questionnaires were not returned. Nonresponse bias is often a concern in conducting mail surveys. The main reason that nonresponse bias can cause difficulties in a sample such as the one taken by the customer service office is that Those who did not respond may be systematically different from those who did. The sample means and standard errors are harder to compute. Confidence intervals are narrower. The questionnaire is too short.

It is easier to make precise measurements of the variables under study. This answer is correct. Lack of experimental control and measurement precision are weaknesses of observational research. Another is that some things, such as private behavior, attitudes, feelings, and motives, cannot be observed.

Fact Pattern: An internal auditing team has been assigned to review "the customer satisfaction measurement system" that the Industrial Products Division implemented 2 years ago. This system consists of an annual mail survey conducted by the division's customer service office. A survey is sent to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. The survey is three pages long, and its 30 questions use a mixture of response modes (e.g., some questions are open-ended, some are multiple-choice, and others use a response scale). The customer service office mails the survey in September and tabulates the results for questionnaires returned by October 15. Only one mailing is sent. If the customer does not return the questionnaire, no follow-up is conducted. When the survey was last conducted, 45 of the questionnaires were not returned. Several of the internal auditing team members are concerned about the low response rate, the poor quality of the questionnaire design, and the potentially biased wording of some of the questions. They suggest that the customer service office might want to supplement the survey with some unobtrusive data collection such as observing customer interactions in the office or collecting audiotapes of phone conversations with customers. Which of the following is not a potential advantage of unobtrusive data collection compared to surveys or interviews? Unexpected or unusual events are more likely to be observed. It is easier to make precise measurements of the variables under study. People are less likely to alter their behavior because they are being studied. Interactions with customers can be observed as they occur in their natural setting.

Engagement information must be corroborated in some way This answer is correct. Self-assessment questionnaires provide indirect information. Because this information is provided by engagement client personnel and not by independent sources, it must be confirmed.

Fact Pattern: Management answered "yes" to every question when filling out an internal control questionnaire and stated that all listed requirements and control activities were part of their procedures. An internal auditor retrieved this questionnaire from management during the preliminary survey visit but did not review the responses with management while on site. The internal auditor's supervisor should be critical of the above procedure because The internal auditors were not present while the questionnaire was being filled out. The questionnaire was not designed to address accounting operations and controls. Internal control questionnaires cannot be relied upon. Engagement information must be corroborated in some way.

No. Internal auditors are not required to fill out internal control questionnaires on every engagement. The internal audit activity must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement (Perf. Std. 2130). However, internal auditors are not required to fill out standard internal control questionnaires. The information documented in questionnaires may be found in other working papers, such as flowcharts, checklists, and narratives.

Fact Pattern: The chief audit executive (CAE) of a mid-sized internal audit activity was concerned that management might outsource the internal auditing function. Thus, the CAE adopted a very aggressive program to promote the internal audit activity within the organization. The CAE planned to present the results to senior management and the board and recommend modification of the internal audit activity's charter after using the new program. The following lists six actions the CAE took to promote a positive image within the organization: Engagement assignments concentrated on efficiency. The engagements focused solely on cost savings, and each engagement communication highlighted potential costs to be saved. Negative observations were omitted. The focus on efficiency was new, but the engagement clients seemed very happy. Drafts of all engagement communications were carefully reviewed with the engagement clients to get their input. Their comments were carefully considered when developing the final engagement communication. The information technology internal auditor participated as part of a development team to review the control procedures to be incorporated into a major computer application under development. Given limited resources, the engagement manager performed a risk assessment to establish engagement work schedule priorities. This was a marked departure from the previous approach of ensuring that all operations are evaluated on at least a 3-year interval. To save time, the CAE no longer required that a standard internal control questionnaire be completed for each engagement. When the internal auditors found that the engagement client had not developed specific criteria or data to evaluate operations, the internal auditors were instructed to perform research, develop specific criteria, review the criteria with the engagement client, and, if acceptable, use them to evaluate the engagement client's operations. If the engagement client disagreed with the criteria, a negotiation took place until acceptable criteria could be agreed upon. The engagement communication commented on the engagement client's operations in conjunction with the agreed-upon criteria. Is Action 5 inappropriate? Yes. Internal control should be evaluated on every engagement, and the internal control questionnaire is the most efficient method to do so. No. Internal auditors are not required to fill out internal control questionnaires on every engagement. No. Internal auditors may omit necessary procedures if there is a time constraint. It is a matter of professional judgment. Yes. Internal control should be evaluated on every engagement, but the internal control questionnaire is not the mandated approach to evaluate the controls.

sufficiency and relevance This answer is correct. The conclusion violates the criteria of sufficiency and relevance. The sufficiency criterion is violated because information about cost allocation is missing. The relevance criterion is violated because the information identified does not pertain to the objective.

Fact Pattern: The chief audit executive is reviewing some of the basic concepts inherent in the performance of an engagement with three internal auditors who are on a rotation assignment. After 6 months in the internal audit activity, they will move back to line positions. Each of them has fairly extensive organizational experience and is on a fast track to a high-level management line position. To develop their analytical decision-making abilities, the CAE pulls some old engagement working papers, holding back the review notes and clearing comments. The CAE asks the team to indicate the informational criteria that are violated. In an engagement performed at the organization's real estate development subsidiary, the engagement objective was to determine that capitalized land improvements had been assigned equally to all developed lots. The internal auditors identified the following information: Independent appraisals of all lot values Sales records for similar subdivision lots An analysis of market values of each lot Which of the following informational criteria, if any, are violated? No criteria are violated. Sufficiency and relevance. Relevance and reliability. Reliability and sufficiency.

preliminary survey This answer is correct. Planning includes performing, if appropriate, a survey to (1) become familiar with the activities, risks, and controls to identify areas for engagement emphasis and (2) invite comments and suggestions from stakeholders. Interviews with stakeholders may be performed as part of the survey to obtain an overall understanding of operations.

Fact Pattern: You are an internal auditing supervisor who is reviewing the working papers of a staff internal auditor's overall examination of the firm's sales function. The pages are not numbered or cross-referenced. Furthermore, the working papers were dropped and reassembled at random before they were brought to you. You decide to put the working papers in the proper order according to the Standards. The first stage of this activity is to identify each page as a part of (1) the preliminary survey, (2) the review of the adequacy of control processes, (3) the review for effectiveness of control processes, or (4) the review of results. The second page the supervisor selects documents an interview with a salesperson discussing the overall sales cycle. This page belongs with which activity? Review for effectiveness of control processes. Review for adequacy of control processes. Review of results. Preliminary survey.

Review for effectiveness of control processes. This answer is correct. Internal auditors are charged with evaluating the adequacy and effectiveness of controls in responding to risks within the organization's governance, operations, and information systems (Impl. Std. 2130.A1). Effectiveness is present if management directs processes so as to provide reasonable assurance that objectives and goals will be achieved.

Fact Pattern: You are an internal auditing supervisor who is reviewing the working papers of a staff internal auditor's overall examination of the firm's sales function. The pages are not numbered or cross-referenced. Furthermore, the working papers were dropped and reassembled at random before they were brought to you. You decide to put the working papers in the proper order according to the Standards. The first stage of this activity is to identify each page as a part of the preliminary survey, the review of the adequacy of control processes, the review for effectiveness of control processes, or the review of results. The first page the supervisor selects documents a test of controls performed during the course of the engagement. This page belongs with which activity? Review of results. Preliminary survey. Review for effectiveness of control processes. Review for adequacy of control processes.

Review for adequacy of control processes. This answer is correct. Internal auditors are charged with evaluating risk exposures relating to, and the adequacy and effectiveness of controls encompassing, the organization's governance, operations, and information systems (Impl. Stds. 2120.A1 and 2130.A1). Adequacy is present if management has planned and designed in a manner that provides reasonable assurance that objectives and goals will be achieved efficiently and economically. The sales contract form is apparently a "key control" that has been planned and designed into the system.

Fact Pattern: You are an internal auditing supervisor who is reviewing the working papers of a staff internal auditor's overall examination of the firm's sales function. The pages are not numbered or cross-referenced. Furthermore, the working papers were dropped and reassembled at random before they were brought to you. You decide to put the working papers in the proper order according to the Standards. The first stage of this activity is to identify each page as a part of the preliminary survey, the review of the adequacy of control processes, the review for effectiveness of control processes, or the review of results. The third page the supervisor selects is a blank copy of the sales contract form now in use by the organization. Annotated on the form in several places are the words "key control" followed by a brief explanation. The supervisor recognizes the writing as that of the staff internal auditor who performed the engagement. This document belongs with which activity? Review of results. Review for adequacy of control processes. Preliminary survey. Review for effectiveness of control processes.

Advertising agency billings This answer is correct. An advertising agency customarily charges for its costs plus a commission based on those costs. To avoid being overcharged, the organization requires assurance that the agency can justify (document) the costs incurred and that these costs are reasonable. A field review of the agency's books and procedures is the best means of achieving the stated objective.

For an upcoming engagement, an internal auditor's objective is to determine whether costs are both documented and reasonable. This is most likely an engagement involving Allowance for doubtful accounts. Asset disposals. Accounts payable. Advertising agency billings.

Create information to help prepare the financial statements and related notes. This answer is correct. The financial reporting process encompasses the steps to create the information and prepare financial statements, related notes, and other accompanying disclosures in the organization's financial reports.

For the chief audit executive (CAE), the financial reporting process encompasses the steps to Provide all staff with information regarding raises and promotions. Make sure the internal control matches up the specifications from the AICPA. Create information to help prepare the financial statements and related notes. Detect all fraud that is occurring throughout the organization.

Assurance services This answer is correct. Objectivity is presumed to be impaired if an internal auditor provides assurance services for an activity for which the internal auditor had responsibility within the previous year. Thus, if George provides assurance services for payroll, his objectivity is presumed to be impaired. However, internal auditors may provide consulting services relating to operations for which they had previous responsibilities (Impl. Std. 1130.C1).

George is the new internal auditor for XYZ Corporation. George was in charge of payroll for XYZ just 10 months ago. Performing what services in regard to payroll is considered an impairment of independence or objectivity if performed by George? Assurance or consulting services. Consulting services. Assurance services. Neither assurance nor consulting services.

Ensure that the board of directors and senior management are aware of the limitation. The internal audit activity evaluates and contributes to the improvement of risk management, control, and governance processes by using a systematic and defined approach (Perf. Std. 2100). Thus, they should assess compliance in specific areas as part of their role in organizational governance. If the annual audit plan does not allow for adequate review of compliance, senior management and the board of directors should be informed of the implications of gaps in audit coverage, including the review of compliance with applicable laws and regulations.

If the annual audit plan does not allow for adequate review of compliance with all material regulations affecting the company, the internal audit activity should: Ensure that the board of directors and senior management are aware of the limitation. Document that regulations not included will be reviewed in the subsequent year. Include a memo with the audit planning file listing the reasons for the lack of coverage. Decrease the scope of operational and financial audits to make additional audit time available

Testing to ensure that only authorized persons are able to change parameters in the program that generates purchase orders. This answer is correct. The internal auditor can determine whether computer-generated purchase orders are authorized by testing the system to ensure that only authorized individuals are allowed to change the reorder point and EOQ parameters. In a properly controlled information systems environment, access to equipment, custody of programs, programming, and the authorization of program changes should be clearly segregated functions.

In an engagement to evaluate an automated inventory control system, which approach provides the best information that purchase orders are authorized? Testing to ensure that only authorized persons are able to change parameters in the program that generates purchase orders. Comparing receiving reports with purchase order details. Tracing purchase orders to the computer listing. Reviewing system documentation to determine proper functioning of the program.

Review of correspondence the entity has conducted with governmental agencies This answer is correct. Correspondence from regulators is likely to be a valid and relevant source of information about environmental violations. This externally generated documentation and the engagement client's responses thereto may indicate a significant loss exposure for the engagement client.

In engagement planning, internal auditors should review all relevant information. Which of the following sources of information would most likely help identify suspected violations of environmental regulations? Review of trade publications. Discussions with operating executives. Review of correspondence the entity has conducted with governmental agencies. Discussions conducted with the external auditors in coordinating engagement efforts

Uncertainty of the occurrence of an event that could affect the achievement of objectives. This answer is correct. Risk is the possibility that an event will occur having an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood (The IIA Glossary).

In planning an engagement, the internal auditor establishes objectives to address the risk associated with the activity. Risk is the Failure to accomplish established objectives and goals for operations or programs. Uncertainty of the occurrence of an event that could affect the achievement of objectives. Failure to adhere to organizational policies, plans, and procedures or to comply with relevant laws and regulations. Possibility that the balance or class of transactions and related assertions contains misstatements that could be material to the financial statements.

D Compliance engagement relating to an organization's overtime policy. A compliance engagement relating to overtime policy is likely to be the most objective. It determines whether actual operations conform to specific management policies and procedures, which are likely to be well defined and documented. For example, determining whether overtime was properly paid requires less judgment than whether a control is properly designed.

Internal audit engagements vary in their degree of objectivity. Of the following, which is likely to be the most objective? A Financial control engagement relating to payroll procedures. B Performance engagement relating to the marketing department. C Operational engagement relating to the personnel function's hiring and firing procedures. D Compliance engagement relating to an organization's overtime policy.

The organization's recognized losses on derivatives. This answer is correct. In planning the engagement, internal auditors must consider the significant risks and the means by which the potential impact of risk is kept to an acceptable level (Perf. Std. 2201). Risk factors have differing degrees of objectivity. The most objective (least subjective) factors are facts. The organization's losses on derivatives are facts and therefore objective to the extent measurable. Objective information is such that it can be supported by facts or numbers. Subjective information is a judgment and may be interpreted differently by different people.

Internal auditors must make a preliminary assessment of risks when conducting an assurance engagement. This assessment may involve quantitative (objective) and subjective factors. The least subjective factor is Changes in the auditee's business forecast. The auditor's assessment of management responses. The organization's recognized losses on derivatives. The evaluation of internal control.

Listens with acceptance, empathy, and intensity. This answer is correct. Active listening involves acceptance of the speaker's ideas, that is, deferring judgment until the speaker has finished. Empathy is a sensitive awareness of the speaker's feelings, thoughts, and experience. An empathic listener understands what the speaker wants to communicate rather than what the listener wants to understand. Listening with intensity involves concentrating on the speaker's message and disregarding distractions. An active listener also is responsible for completeness. (S)he considers nonverbal and emotional content and asks questions to clarify the communication.

Internal auditors should be active listeners to gain the most information in an internal audit interview. Which of the following best describes how an active listener behaves in an interview? The listener Avoids looking directly at the speaker and interrupting his or her train of thought. Listens with acceptance, empathy, and intensity. Formulates arguments and conclusions as pieces of the speaker's information fit together. Judges and evaluates the information as it is presented.

Yes, the examined areas are relevant to the malfunctions. This answer is correct. Internal auditors must conduct a preliminary assessment of the risks relevant to the activity under review. Engagement objectives must reflect the results of this assessment (Impl. Std. 2210.A1). Internal auditors also may perform a survey to (1) become familiar with the activities, risks, and controls to identify areas for engagement emphasis and (2) invite comments and suggestions from engagement clients. The survey is appropriate as a means to conduct a preliminary assessment because the examined areas are relevant. The auditors also need to corroborate the information before any final assessment.

Levels of production stoppages over the past year at a large laminating business were abnormally high due to machine malfunctions. Would it be appropriate for the internal auditing function to develop a survey examining attitudes toward line operations, rotation of work zones, training, maintenance schedule, etc., for the machine operators to complete? No, the examined areas are irrelevant to the malfunctions. No, the survey is inappropriate without corroboration. Yes, the survey is reliable without corroboration. Yes, the examined areas are relevant to the malfunctions.

Resisting both internal and external distractions. This answer is correct. Concentrating on what the speaker is saying is critical to effective listening. This result is best achieved by resisting internal and external distractions. Physical distractions such as noise, a tendency to be overly aware of the speaker's physical and other differences from the listener, focusing on interesting details at the expense of major points, or emotional reactions to a statement with which the listener disagrees should be avoided.

Listening effectiveness is best increased by Tuning out messages that do not seem to fit the meeting purpose. Factoring in biases to evaluate the information being given. Resisting both internal and external distractions. Waiting to review key concepts until the speaker is through talking.

Annual inventory purchases This answer is correct. Materiality is a function of both quantitative and qualitative factors and has an effect on engagement risk. To determine the materiality of the deficiency, annual inventory purchases should be reviewed because the weakness affected all such purchases during the period.

One operating department of an organization does not have adequate procedures for inspecting and verifying the quantities of goods received. To evaluate the materiality of this control deficiency, the internal auditor should review the department's Annual inventory purchases. Year-end inventory balance. Annual operating expenses. Year-end total assets.

External This answer is correct. External information is ordinarily more reliable than the other types of information listed because it is generated from sources independent of the engagement client. The internal auditor should select the strongest information available to support engagement observations, conclusions, and recommendations.

Ordinarily, what source of information should most affect the internal auditor's conclusions? Informal. Oral. Inquiry. External.

is the best attainable This answer is correct. Reliable information is the best information attainable through the use of appropriate engagement techniques (Inter. Std. 2310). Information is reliable when the auditor's results can be verified by others. Reliable information is also valid. It accurately represents the observed phenomena. Information must be collected using reasonable efforts subject to such inherent limitations as the cost-benefit constraint. Accordingly, internal auditors employ efficient methods, e.g., statistical sampling and analytical auditing procedures.

Reliable evidence is best defined as evidence that Is supplementary to other evidence already gathered and tends to strengthen or confirm it. Is the best attainable. Is obtained by observing people, property, and events. Proves an intermediate fact, or group of facts, from which still other facts can be inferred.

Employee training and empowerment. This answer is correct. The critical steps in the researching and identifying phase are setting up databases, choosing information-gathering methods, formatting questionnaires, and selecting benchmarking partners. Employee training and empowerment is part of total quality management (TQM).

Researching and identifying best-in-class performance is often the most difficult phase. Which of the following is not a critical step? Choosing information-gathering methods. Setting up databases. Formatting questionnaires. Employee training and empowerment.

Individual programs are operating in accordance with contractual requirements and government regulations. The internal audit activity evaluates risk exposures related to governance, operations, and information systems regarding, among other things, compliance with laws, regulations, and contracts. Based on the risk assessment, the internal audit activity evaluates the adequacy and effectiveness of controls encompassing governance, operations, and information systems. This evaluation should include, among other things, compliance with laws, regulations, and contracts (Impl. Stds. 2110.A2 and 2120.A1). Operation in accordance with contracts and regulations takes precedence over all other objectives because it relates to the most basic aspects of the programs.

Senior management has requested a compliance audit of the organization's employee benefits package. Which of the following is considered the primary engagement objective by both the chief audit executive and senior management? Individual programs are operating in accordance with contractual requirements and government regulations. Participation levels support continuation of individual programs. The level of organizational contributions is adequate to meet the program's demands. Benefit payments, when appropriate, are accurate and timely.

Formal consulting engagement agreement. This answer is correct. Consulting services are advisory and related client service activities, the nature and scope of which are agreed upon with the client and intended to add value and improve an organization's governance, risk management, and control processes without the internal auditor assuming management responsibility. Examples include counsel, advice, facilitation, process design, and training. Thus, internal control training is a consulting service. Such training should be planned and is continuous. It should be subject to a consulting agreement that is formal and written even though it is with the internal audit activity. Formality ensures that the needs and expectations of those who will be trained are recognized and satisfied.

Senior management of an entity has requested that the internal audit activity provide ongoing internal control training for all managerial personnel. This is best addressed by a(n) Formal consulting engagement agreement. Special consulting engagement agreement. Informal consulting engagement agreement. Emergency consulting engagement agreement.

Contingency estimates This answer is correct. Subsequent to the acquisition of a new subsidiary, the internal auditor should contact the external organizational counsel regarding contingency estimates, including any threatened or pending litigation, claims, and assessments.

Subsequent to the acquisition of a new subsidiary, the internal audit activity is validating reports from subsidiary management. Which of the following areas will the internal auditor corroborate with the external organizational counsel? Collateral arrangements. Contingency estimates. Accounts receivable balances. Credit lines.

Try to persuade management to include the additional objectives in the consulting engagement. In planning formal consulting engagements, internal auditors design objectives to meet the appropriate needs of management officials receiving these services. In the case of special requests by management, internal auditors may consider the following actions if they believe that the objectives that should be pursued go beyond those requested by management: (1) persuade management to include the additional objectives in the consulting engagement; or (2) document that the objectives were not pursued, disclose that observation in the final communication of consulting engagement results, and include the objectives in a separate and subsequent assurance engagement.

The internal auditor for ABC Corporation has received a special request from management. The internal auditor believes that the objectives that should be pursued go beyond those requested by management. What should the internal auditor do? Refuse to accept the engagement unless he can persuade management to include the additional objectives in the consulting engagement. Include the objectives that he feels are necessary in the current consulting engagement and inform management in the final communication of the engagement results. Try to persuade management to include the additional objectives in the consulting engagement. Document the fact that the objectives were not pursued and disclose that observation to the audit committee in a formal report.

documentary This answer is correct. Documentary information exists in some permanent form, such as checks, invoices, shipping records, receiving reports, and purchase orders. It includes both external information, e.g., shipping documents provided by carriers, and documents originating within the engagement client's organization. By matching invoices received from vendors with receiving documents prepared by organizational personnel, the nonreceipt of items billed to the organization can be detected. Also, the invoices received may well indicate that delivery was made to an address other than the organization's storage area or a construction site.

The internal auditor for a construction contractor finds materials costs increasing as a percentage of billings and suspects that materials billed to the organization are being delivered to another contractor. What type of information will best enable the internal auditor to determine whether erroneous billings occurred? Physical examination. Confirmation. Documentary. Analytical.

4,1,3,2 This answer is correct. Sampling inventory and examining purchase documents are procedures that provide the most persuasive information in establishing cost, which is the basis of determining the valuation of inventory. They rely on the internal auditor's own observations and on inspection of documents from external sources. The next most persuasive information is derived from the internal auditor's analytical procedures. A change in inventory turnover or a very low level of inventory turnover indicates potential obsolescence of inventory and the need for the internal auditor to perform additional procedures, e.g., examining subsequent sales to determine whether inventory should be written down. Calculation of net realizable value may indicate a valuation problem. The difficulty with this procedure is that the last sales price may not be appropriate. The marketing manager's opinion about marketability is the least persuasive information. It is a form of testimonial information from an individual who may have a vested interest in persuading the internal auditor that the goods will be sold at their normal prices in the normal course of business. In addition, the arbitrary cutoff value of 2.0 may not be justified. The cutoff should be based on the nature of the client's inventory.

The internal auditor is concerned with the overall valuation of inventory. Rank the following sources of engagement information from most persuasive to least persuasive in addressing the assertion as to the valuation of inventory. Calculate inventory turnover by individual product. Assess the net realizability of all inventory items with a turnover ratio of 2.0 or less by interviewing the marketing manager as to the marketability of the product. Calculate the net realizable value (NRV) of all inventory products (using software to calculate NRV based on the last selling price) and compare NRV with cost. Take a statistical sample of inventory and examine the latest purchase documents (invoices and receiving slips) to calculate inventory cost. 1, 2, 3, 4. 1, 4, 2, 3. 2, 3, 4, 1. 4, 1, 3, 2.

Engagements in which the internal audit staff lacks the knowledge needed to perform part of the engagement. This answer is correct. The internal auditor should decline to perform consulting engagements that are prohibited by the terms of the internal audit charter, conflict with the policies and procedures of the internal audit activity, or do not add value and promote the best interests of the organization. "The chief audit executive must decline the consulting engagement or obtain competent advice and assistance if the internal audit staff lacks the knowledge, skills, or other competencies needed to perform all or part of the engagement" (Impl. Std. 1210.C1).

The internal auditor should decline to perform which of the following types of consulting engagements? Engagements that are allowed by the terms of the internal audit charter. Engagements that have no conflict with the policies and procedures of the internal audit activity. Engagements that add value and promote the best interests of the organization. Engagements in which the internal audit staff lacks the knowledge needed to perform part of the engagement.

Performing a walk-through of the processing and obtaining copies of all documents used. This answer is correct. The physical inspection of an engagement client's facilities, records, and processing steps is the most persuasive information. The internal auditor reviews actual documents and determines what personnel actually do with them.

The internal auditor wants to understand the actual flow of data regarding cash processing. The most convincing information is obtained by Interviewing the chief financial officer. Performing a walk-through of the processing and obtaining copies of all documents used. Reviewing the programming flowchart for information about control procedures placed into the computer programs. Reviewing the systems flowchart.

Paid claims from the claims (cash) disbursement file and trace to documentary information about authorization and other supporting documentation. This answer is correct. The internal auditor is interested in whether the actual claims paid are properly supported. The most appropriate population from which to sample is the claims paid file. The sample would then be vouched to the supporting documents to test for proper authorization.

The internal auditor wishes to test the assertion that all claims paid by a medical insurer contain proper authorization and documentation, including but not limited to the validity of the claim from an approved physician and an indication that the claim complies with the claimant's policy. The most appropriate engagement procedure is to select a sample of Claims filed and trace to documentary information about authorization and other supporting documentation. Paid claims from the claims (cash) disbursement file and trace to documentary information about authorization and other supporting documentation. Claims denied and determine that all claims denied were appropriate. The claims denied file is much smaller and the internal auditor can obtain greater coverage with the sample size. All policyholders and examine all claims for the sampled items during the year to determine whether the claims were handled properly.

B An appraisal of the value of investments owned by the acquiree. An appraisal service regarding valuation is outside the scope of a due diligence review.

The internal auditors are part of the team performing a due diligence review for the purchase of a waste disposal business. The scope of their work will most likely not include A A review of the acquiree's procedures for acceptance of waste material and comparison with legal requirements. B An appraisal of the value of investments owned by the acquiree. C Analysis of the acquiree's compliance with employment laws. D An assessment of the benefit of integrating the acquiree with the acquirer's business.

B Periodically assessing information security practices. Internal auditors should periodically assess the organization's information security practices and recommend, as appropriate, enhancements to, or implementation of, new controls and safeguards. Following an assessment, an assurance report should be provided to the board. Such assessments can either be conducted as separate stand-alone engagements or as multiple engagements integrated into other audits or engagements conducted as part of the approved audit plan.

The internal auditors' ultimate responsibility for information security includes A Identifying technical aspects, risks, processes, and transactions to be examined. B Periodically assessing information security practices. C Documenting engagement procedures. D Determining the scope and degree of testing to achieve engagement objectives.

Documentation prepared externally This answer is correct. Information is considered more or less persuasive depending on how much control the engagement client has over it. The most persuasive information relevant to the valuation assertion is documentation that is prepared externally.

The most persuasive information regarding the asset value of newly acquired computers is Documentation prepared externally. Physical examination. Observation of engagement client's procedures. Inquiry of management.

Undetected errors in payroll rates for new employees. The personnel department is responsible for authorization and execution of payroll transactions, e.g., hiring of new employees and determining their pay rates. Hence, this department's verification of the payroll changes listing used in data processing is an important control over payroll processing.

The personnel department receives an edit listing of payroll changes processed at every payroll cycle. If it does not verify the changes processed, the result could be Employees not being asked if they want to contribute to the company pension plan. Undetected errors in payroll rates for new employees. Inaccurate payroll deductions. Labor hours charged to the wrong account in the cost reporting system.

Implementation phase This answer is correct. Leadership is most important in the implementation phase of the benchmarking process because the team must be able to justify its recommendations. Also, the process improvement teams must manage the implementation of approved changes.

The phase of the benchmarking process in which the team must be able to justify its recommendations is the Implementation phase. Prioritize benchmarking projects phase. Researching and identifying best in class performance phase. Data analysis phase.

Discuss these observations with management of the internal audit activity to determine whether further work would be an efficient use of internal auditing resources at this time. This answer is correct. A preliminary survey allows the internal auditor to (1) become familiar with activities, risks, and controls to identify areas for engagement emphasis and (2) invite comments and suggestions from stakeholders. In this case, additional planning is necessary to modify the engagement for the difficult circumstances discovered during the preliminary survey and to address the responsibilities of the internal audit activity.

The preliminary survey indicates that severe staff reductions at the engagement location have resulted in extensive amounts of overtime among accounting staff. Department members are visibly stressed and very vocal about the effects of the cutbacks. Accounting payrolls are nearly equal to prior years, and many key controls, such as segregation of duties, are no longer in place. The accounting supervisor now performs all operations within the cash receipts and posting process and has no time to review and approve transactions generated by the remaining members of the department. Journal entries for the last 6 months since the staff reductions show increasing numbers of prior-month adjustments and corrections, including revenues, cost of sales, and accruals that had been misstated or forgotten during month-end closing activity. The internal auditor should Proceed with the scheduled engagement but add personnel based on the expected number of observations and anticipated lack of assistance from local accounting management. Discuss these observations with management of the internal audit activity to determine whether further work would be an efficient use of internal auditing resources at this time. Suspend further engagement work and issue the final communication of results because the conclusions are obvious. Research temporary help agencies and evaluate the cost and benefit of outsourcing needed services.

Organize notes around topics on the interview plan and note responses in the appropriate area, reviewing the notes after the meeting to make additions. This answer is correct. Preparing for the interview is crucial. The internal auditor should have learned as much as possible about the engagement client, determined the engagement objectives, and prepared questions. During the interview, the internal auditor should record notes on a split page, which lists the questions on one side and contains space for responses on the other. After the interview, the internal auditor should expand on the notes while the material is still fresh.

When an internal auditor is interviewing to gain information, (s)he will not be able to remember everything that was said in the interview. The most effective way to record interview information for later use is to Electronically record the interview to capture everything that everyone says; then type everything said into a computer for documentation. Hire a professional secretary to take notes, allowing complete concentration on the interview; then delete unimportant points after the meeting. Organize notes around topics on the interview plan and note responses in the appropriate area, reviewing the notes after the meeting to make additions. Write notes quickly, trying to write down everything in detail as it is said; then highlight important points after the meeting.

is often imprecise This answer is correct. Nonverbal communication (body language) consists of facial expressions, vocal intonations, posture, gestures, appearance, and physical distance. Thus, by its nature, nonverbal communication is much less precise than verbal communication.

When evaluating communication, the internal auditor should be aware that nonverbal communication Always conveys less information than verbal communication. Always conveys a more truthful response than verbal communication. Is independent of a person's cultural background. Is often imprecise.

Address risk consistent with engagement objectives and be alert to certain other risks This answer is correct. During consulting engagements, internal auditors must address risk consistent with the engagement's objectives and be alert to the existence of other significant risks (Impl. Std. 2120.C1). Moreover, internal auditors must incorporate knowledge of risks gained from consulting engagements into their evaluation of the organization's risk management processes (Impl. Std. 2120.C2).

When internal auditors perform a consulting engagement, what is the best statement of their responsibility regarding risk? Be alert to the existence of significant risks. Address risk consistent with engagement objectives and be alert to certain other risks. Assume responsibility for managing risks. Consider only the risk consistent with engagement objectives.

Combining purchasing functions. This answer is correct. The financial exposure in the purchasing function is ordinarily greater than in, for example, the legal and marketing functions. Also, purchasing functions ordinarily represent the greatest exposure to loss of the items listed and are therefore most likely to be evaluated. After a merger, risk is heightened because of the difficulty of combining the systems of the two organizations. Thus, the likelihood of an engagement is increased.

Which of the following activities represents the greatest risk to a post-merger manufacturing organization and is therefore most likely to be the subject of an internal audit engagement? Combining legal functions. Combining marketing functions. Combining imprest funds. Combining purchasing functions.

D All customer inquiries should be answered within 7 days of receipt. A criterion that requires all customer inquiries to be answered within 7 days of receipt permits accurate measurement of performance. The quantitative and specific nature of the appraisal using this standard avoids the vagueness, subjectivity, and personal bias that may afflict other forms of personnel evaluations.

Which of the following criteria would be most useful to a sales department manager in evaluating the performance of the manager's customer-service group? A The customer is always right. B Customer complaints should be processed promptly. C Employees should maintain a positive attitude when dealing with customers. D All customer inquiries should be answered within 7 days of receipt.

A page of the general ledger containing irregularities placed there by the perpetrator of a fraud. This answer is correct. Documentary information exists in some permanent form, such as checks, invoices, shipping records, receiving reports, and purchase orders. It includes both external information, e.g., shipping documents provided by carriers, and documents originating within the engagement client's organization.

Which of the following is an example of documentary information? A letter from a former employee alleging a fraud. A page of the general ledger containing irregularities placed there by the perpetrator of a fraud. A photograph of an engagement client's workplace. A page of the internal auditor's working papers containing the computations that demonstrate the existence of an error or irregularity.

A 1, 2, 3, and 4. An organization should respond appropriately to each offense detected by the compliance program. Appropriate responses include disciplinary action taken with regard to those who engaged in misconduct. In some circumstances, an appropriate response could require self-reporting the violation to the government, cooperation with governmental investigations, and the acceptance of responsibility for the violation. Making these responses could result in a court's reduction of the amount of the organization's fine. A similar result may follow when the compliance program is effective.

Which of the following is true regarding appropriate responses to an offense detected by an organization's compliance program? Disciplinary action taken against those engaged in misconduct is an appropriate response. Self-reporting the violation to the government is an appropriate response. Acceptance of responsibility for the violation is an appropriate response. An appropriate response can lower the amount of an organization's court fines. A 1, 2, 3, and 4. B 1, 2, and 3 only. C 1 and 2 only. D 1 and 3 only.

B Review procedures for selection of routes and carriers. An operational engagement examines the premises and policies for day-to-day activities, as well as the transaction flow that is the concern of the evaluation of controls. Selection of routes and carriers is the chief function of the department, and poor practice may lead to materially excessive shipping costs or serious delays. Hence, an internal auditor conducting an operational engagement should review the procedures for selection of routes and carriers.

Which of the following procedures is the most valuable in an engagement involving the traffic department operations of a large manufacturer? A Verify that all bills of lading are prenumbered. B Review procedures for selection of routes and carriers. C Obtain written confirmation from the regulatory agencies that all carriers used are properly licensed and bonded. D Trace selected items from the weekly demurrage (car detention charge) report to supporting documentation.

3,2,4,1 This answer is correct. An auditor's physical examination provides the most persuasive form of evidence. First-hand observation by the auditor of client personnel performing procedures is the next most persuasive. Information originating from a third party is less persuasive than information personally gathered by the auditor but more persuasive than information originating with the client. Oral information from the client is the least convincing.

Which of the following represents the general order of persuasiveness, from most to least, for the types of information listed below? Inquiry of management Observation of engagement client's procedures Physical examination Documentation prepared externally 4, 1, 2, 3. 4, 3, 1, 2. 2, 4, 1, 3. 3, 2, 4, 1.

C Self-certification approach. The form of self-assessment is based on management-produced analyses to produce information about selected business processes, risk management activities, and control procedures. The internal auditor may synthesize this analysis with other information to enhance the understanding about controls and to share the knowledge with managers in business or functional units as part of the organization's CSA program.

Which one of the three primary types of CSA programs allows for the chief audit executive (CAE) to synthesize information provided by management with other information to enhance the understanding about controls and to share the knowledge? A Facilitated approach. B Auditor-produced analysis. C Self-certification approach. D Questionnaire approach.

B An organization that rewards employees for charging travel hours to take advantage of the tax benefits. An organization using reward systems that attach financial incentives to apparently unethical or illegal behavior can expect a poor compliance environment. For instance, an organization rewarding employees for charging travel hours makes itself vulnerable to fraud. Employees may charge false travel hours to receive additional rewards. Thus, the tax benefit of such an incentive may be negated by fraudulent employee practices. A good compliance environment is created when an organization Develops a written, straightforward business code of conduct that clearly identifies prohibited activities, provides guidance to employees on relevant issues, and decreases the risk that employees will engage in unethical or illegal behavior. Creates an organizational chart identifying board members, senior officers, a senior compliance officer, and department personnel who are responsible for implementing compliance programs. Creates a compliance program on a global basis, not just for selective geographic locations, to reflect appropriate local conditions, laws, and regulations.

Which organization is least likely to have a good compliance environment? A An organization whose code of conduct provides guidance to employees on relevant issues. B An organization that rewards employees for charging travel hours to take advantage of the tax benefits. C An organization that creates an organizational chart, identifying personnel who are responsible for implementing compliance programs. D An international organization that creates a global compliance program that reflects local conditions, laws, and regulations.

Vouching bills of lading to computer-generated sales invoices and purchase orders. This answer is correct. The internal auditor can determine whether inventory is being misappropriated or being sent to unauthorized customers by vouching bills of lading to supporting documentation. An approved customer list should be used to identify unauthorized shipments. In an automated environment, special attention should be given to any manual entries in the inventory control system. Also, management should control access to the automated system.

Which procedure should be performed to determine whether shipments were properly authorized? Reviewing the approved customer list for manual entries. Tracing purchase orders to the computer listing. Comparing receiving reports with purchase order details. Vouching bills of lading to computer-generated sales invoices and purchase orders.

Internal auditors keep senior management and the board informed about how audit resources are being deployed. This answer is correct. Internal auditors disclose to management, the board, or other governing body of the organization the nature, extent, and overall results of formal consulting engagements along with other reports of internal audit activities. Internal auditors keep senior management and the board informed about how audit resources are being deployed. Neither detail reports of these consulting engagements nor the specific results and recommendations are required to be communicated

Which statement about consulting engagements is true? Documentation requirements applicable to assurance engagements apply to consulting engagements. Work programs for formal consulting engagements address policies and issues related to ownership of consulting engagement records to protect the organization and avoid any potential misunderstandings. The internal audit activity may assume management responsibility to the extent agreed upon with the client. Internal auditors keep senior management and the board informed about how audit resources are being deployed.

B Risk-based format. A risk-based format focuses on listing the risks to achieving an objective. The workshop begins by listing all possible barriers, obstacles, threats, and exposures that might prevent achieving an objective and, then, examining the control procedures to determine if they are sufficient to manage the key risks. The aim of the workshop is to determine significant residual risks. This format takes the work team through the entire objective-risks-controls formula.

Which type of facilitated approach format begins by listing all possible barriers, obstacles, threats, and exposures that might prevent achieving an objective? A Objective-based format. B Risk-based format. C Process-based format. D Control-based format.

C Objective-based format. An objective-based format focuses on the best way to accomplish a business objective. The workshop begins by identifying the controls presently in place to support the objective and then determines the residual risk remaining.

Which type of format of control self-assessment (CSA) facilitated approaches focuses on the best way to accomplish the goals of the organization? A Control-based format. B Risk-based format. C Objective-based format. D Process-based format.

Sufficient, reliable, and relevant. This answer is correct. The bank deposits can be verified by examining bank statements obtained directly from the bank. Information obtained from an independent source is usually more reliable than information secured solely within the entity. Moreover, it is obviously relevant to the issue of whether cash receipts are deposited intact. A reasonable internal auditor should judge that the comparison of the organization's records with independently obtained bank statements is persuasive of the proposition that cash receipts are not deposited intact. Thus, the information is also sufficient.

While performing an engagement relating to an organization's cash controls, the internal auditor observed that cash deposits are not deposited intact daily. A comparison of a sample of cash receipts lists revealed that each cash receipt list equaled cash journal entry amounts but not daily bank deposits amounts, and cash receipts list totals equaled bank deposit totals in the long run. This information as support for the internal auditor's observations is Relevant but not sufficient or reliable. Not sufficient, reliable, or relevant. Sufficient but not reliable or relevant. Sufficient, reliable, and relevant.

Insufficient evidence exists of compliance with affirmative-action policies. This answer is correct. Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor (Inter. Std. 2310). Without knowledge of guidelines for compliance, the auditor cannot draw a reasonable conclusion given the insufficiency of the facts. Thus, the auditor must determine whether management has established adequate criteria or should work with management to develop such criteria

While testing a division's compliance with company affirmative-action policies, an auditor found that 5% of the employees are from minority groups. No one from a minority group has been hired in the past year. The most appropriate conclusion for the auditor to reach is that The division is violating the company's policies. Insufficient evidence exists of compliance with affirmative-action policies. With 5% of its employees from minority groups, the division is effectively complying. The company's policies cannot be audited and hence cannot be enforced.