Internal Audit 1

It is not permissible for an officer to serve on the board of directors of a public company.

False, as long as they are not on the audit committee

Right sizing is synonymous with outsourcing.

False, co-sourcing

Conversion often takes more time and effort than the fraud is worth.

False, concealment

The CFO is responsible for implementing ERM.

False, control environment

The audit committee is part of the monitoring element of the COSO model.

False, control environment

The audit committee would be part of the monitor element of the COSO model.

False, control environment

Another word for management fraud is fraudulent employee theft.

False, cooking the books or fraudulent financial reporting

As acceptable audit risk increases, audit fees will normally increase.

False, decrease

The Sarbanes Oxley Act increased the regulation of internal auditors.

False, doesn't directly increase

The internal auditing activity reports functionally to management and administratively to the audit committee.

False, functionally to audit committee, administratively to management

If the debt ratio is declining, this is a deteriorating situation.

False, good

Totaling up hours worked would be an example of a record count control total.

False, hash

In a disaster plan, a call tree should be set up simultaneously with the consortium agreement.

False, have no relationship

One of the inherent limitations of internal control is cost.

False, human judgment, collusion, management override

Working papers retention policies should be prepared by the CEO and the CAE.

False, improved by the legal counsel

If sampling risk decreases, sample size decreases.

False, increases

Better internal controls would decrease acceptable audit risk.

False, independent of each other

The charter of the corporation defines the authority and responsibility of the internal auditing activity.

False, internal audit committee

The primary purpose of a compliance audit is to evaluate the efficiency and effectiveness of an organization's operation procedures and methods.

False, laws and regulations

The Quick Ratio is considered a profitability ratio.

False, liquidity

Internal auditors often perform accounting for companies.

False, not allowed

The audit program is normally contained in the permanent file of the auditor's working papers.

False, not contained

All internal auditors should be proficient in statistical methods.

False, not required

External auditors are required to use the work of an internal auditor's if it is beneficial.

False, not required

If an internal auditor finds that the company has violated a tax law, it must notify the IRS.

False, not required

Inherent risk is ____ related to detection risk and ___ related to the amount of audit evidence

inversely; directly

An operational audit has one of its objectives to

make recommendations for improving performance

The senior management of a corporation "cooked the books" and overstated corporate profits substantially. A term for this is

management fraud

Subcomponents of the control environment include

management's philosophy and operating style, organization structure, commitment to competence

In applying the Rules of Conduct set forth in the IIA Code of ethics, internal auditors are expected to

not be unduly influenced by their own interests in forming judgments.

Sarbanes-Oxley requires auditors of public companies to maintain audit documentation for what period of time

not less than 7 years

Audit committee should be composed of

only external board members

Kiting involves taking advantage of the lag time that it takes a check to clear.

True

The SEC requires internal audits every year.

False, SEC has nothing to do with internal audits

The PCAOB must be composed of at least two CPAs.

False, Three Non-CPAs

When an auditor decides on a higher acceptable audit risk, one potential effect is that more audit evidence will be required.

False

The internal auditing staff of a large corporation usually reports to a committee of the board of directors.

False, CAE

A code of ethics is a subcomponent of the commitment section of COSO.

False, COCO

Control environment is one of the components of the COCO model.

False, COSO

Mandatory elements of the IPPF are the Code Attributes, the Definition of Internal Auditing, and the Standards.

False, Code of Ethics

Governance is one of the recommended guidance items in the IPPF.

False, Definition of Internal Auditing, Code of Ethics, and the Standards

White papers provide guidance on issues that specifically apply to how internal auditors should conduct their work.

False, are research papers

The first law to require public companies to have an internal audit function

Foreign Corrupt Practices Act

Inherent risk is the risk that the auditors' procedures will fail to detect a material misstatement of the financial statements.

False, Detection risk

Sarbanes Oxley established a requirement that a company must have an internal control function.

False, Foreign Corrupt Practices Act

Internal auditors are responsible for establishing the internal controls in a company.

False, Managers

Sampling risk can be controlled by being careful in conducting the audit.

False, Non-sampling

Lapping is a scheme involving accounts payable that involves subsequent payments being misapplied to cover theft of prior payments.

False, accounts receivable

Internal auditors should be brought into the process of installing a computer system since their knowledge and expertise can make a significant contribution to the process.

False, Not allowed

All corporations must have an audit committee

False, Public

The CFO of a corporation cannot serve on the board of directors

False, Public corporation only

SAS 65 forms the basis for understanding fraud in an auditing context.

False, SAS 99

Which section of the SOX Act requires management to issue an internal control report

404

IIA Code of Ethics can be divided into four major sections

Confidentiality, Objectivity, Competence, Integrity

Report distribution is decided upon just prior to writing the audit report.

False

The rules concerning independence are the same for both external and internal auditors.

False

A preliminary survey is basically a questionnaire to become familiar with the auditee.

False

A primary purpose of an internal auditor's working papers is to serve as a means with which to prepare financial statements.

False

Analytical procedures are usually more costly than confirmation.

False

If an internal auditor accepts a part-time job that conflicts with his or her position as an internal auditor, this violates the competency section of the code.

False, objectivity

Assertions follow objectives.

False, other way around

When an internal auditor physically inspects an asset, he or she has vouched the asset.

False, physical examination

Two common ways of documenting businesses processes are process maps and flowcharts.

False, process maps and narratives

If tests of controls results do not support the preliminary assessment of control risk, the auditor must lower the preliminary assessment of control risk.

False, raise

A company should develop internal controls that provide considerable, but not absolute, assurance that the financial statements are fairly stated.

False, reasonable

Monitoring is the process of periodically assessing potential risks that the company faces.

False, risk assessment

In the definition of internal auditing, it states that the activity should bring a disciplined approach to improve the effectiveness of governance, control, and operations.

False, risk management

The critical functions in an IT system are authorization, record keeping, and custody.

False, segregation of duties

The internal auditor is never allowed to share working papers with the external auditor because of confidentiality reasons.

False, sometimes it's allowed

Custom working papers are often used, chiefly because they allow working papers to be prepared more efficiently.

False, standardized

The best way to achieve independence is through organizational knowledge and skills.

False, stats

The most important benefit of an internal auditing activity to management is assurance that the organization is complying with legal requirements.

False, strengthen internal controls

The primary work of internal auditors is the detection or prevention of fraud.

False, strengthen internal controls

If the CUER is more than the expected deviation rate, the auditor would modify the CR assessment.

False, tolerable

Assessing control risk too high causes auditors to rely on control too much and consequently to perform too much substantive testing.

False, too little substantive testing

Entering a non-existent account number would probably be detected by a field check.

False, validity

In CSA, the line employees serve as facilitators.

False, validity check

A CAE learned that a staff internal auditor used confidential information for personal gain. Both the CAE and staff internal auditor are CIAs. The most appropriate way for the CAE to deal with this problem is to

Inform the Institute's Board of Directors and take the personnel action required by organizational policy.

What party provides an assessment of the effectiveness of internal control over financial reporting for public companies

Management and financial statement auditors

What is the most accurate term for the attitudes and actions of the board and management regarding the significance of control within the organization

Management's philosophy and operating style

Which pronoun cements represent mandatory guidance for implementing the Standards

Performance Standards

Information such as organization charts, flowcharts, and questionnaires related to the auditor's understanding of internal is typically included in the permanent file of the auditor's working papers.

True

The organization that is responsible for providing oversight for auditors of public companies is called the

Public Company Accounting Oversight Board

What are the 8 basic components of internal control

Risk assessment, internal environment, monitoring, objective setting, event identification, risk response, control activities, information & communication

According to the ERM, high level goals that are aligned with and support the company's mission are

Strategic objectives

Internal auditors are not allowed to perform certified audits.

True

Internal auditors do not certify financial statements.

True

A flat structure of the Internal Auditing department would be more costly than a hierarchical structure.

True

A password is an example of a preventive control.

True

A typical responsibility of the internal audit function is to prepare the bank reconciliation.

True

Bill has worked in the payroll department for the past 2 years. He has just moved to the Internal Audit department. It would be permissible for bill to provide consulting activities to the payroll department.

True

CPA firms are never allowed to provide bookkeeping services for public audit clients.

True

Governance is the ultimate responsibility of the board of directors.

True

It would be typical for the CAE to prepare the budget for the Internal Audit activity.

True

Of the three common types of confirmations used by auditors, the most reliable type is the positive confirmation with the information to be confirmed not included on the form.

True

One audit objective is allocation.

True

One of the three types of business processes discussed in the text is projects.

True

Passive voice is not preferred in audit reports.

True

Purchasing insurance is a part of risk sharing in the ERM model.

True

Section 302 requires the CFO and CEO to certify the financial statements.

True

The IIA Code is divided into four sections.

True

The SEC requires independent audits every year.

True

The responsibility to coordinate with the external auditors rests with the CAE as opposed to the chair of the audit committee.

True

The sufficiency of audit evidence is determined quantity.

True

To become a Certified Internal Auditor, one must pass an exam that consists of four parts.

True

Tolerable exception rate is indirectly related to sample size.

True

Two approaches to understanding business processes are the top-down and bottom up approaches.

True

When analytical procedures reveal no unusual fluctuations in an item, the internal auditor will probably perform fewer additional tests.

True

When using statistical sampling, the sample must be a probabilistic one.

True

Zero percent acceptable audit risk means that the auditor wants complete certainty that the financial statements are not materially misstated.

True

The existence assertion relates primarily to possible overstatements.

True, Completeness, Rights and obligations, valuation and allocation, presentation and disclosure

There are four types of objectives in the ERM model.

True, Compliance, Operations, Reporting, Strategic

The Code of Ethics states that the internal auditor should perform his or her work with honesty, diligence, and responsibility.

True, Confidentiality, Objectivity, Competency, Integrity

If inherent risk is decreased, detection risk is increased.

True, DR equals AR/(CR x IR)

Vertical analysis is also known as component percentage analysis.

True, common size

There are five audit findings.

True, condition, criteria, cause, effect and recommendation

The three types of functions that normally should be segregated to promote internal control are

authorizing transactions, recording transactions, and custody of assets

What is the definition of "control deficiency"

control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis

Most auditors set a high inherent risk in the _____ of an audit and reduce it in subsequent years as they gain experience, even when there is inherent risk

first year

If planned detection risk is reduced, the amount of evidence the auditor accumulates will

increase

A measure of the auditor's assessment of the likelihood that there are material misstatements in an account before considering the effectiveness of the client's internal control is called

inherent risk

What is the most important component of the ERM

internal environment

When the auditor attempts to understand the operation of the accounting system by tracing a few transactions through the accounting system, the auditor is said to be

performing a walk-through

The chief audit executive is best defined as the

person responsible for the internal audit function

What are the three primary objectives of effective internal control

reliability of financial reporting, efficiency and effectiveness of operations, compliance with laws and regulations

The risk that remains after management implements internal controls is

residual risk

What corporate objective is based on a company's mission statement

strategic objectives

If an internal auditor becomes aware of illegal acts by high level corporate officers, this should be addressed to

the audit committee

Internal auditors cannot be completely independent as long as

the employer-employee relationship exists