Audit 2

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

During an operational audit engagement, an auditor compared the inventory turnover ratio of a subsidiary with the industry standard to

Assess performance and indicate where additional audit work may be needed.

A basic principle of governance is

Assessment of the governance process by an independent internal audit activity.

Which of the following represents the best risk assessment technique?

Assessment of the risk levels of current and future events, their effect on achievement of the organization's objectives, and their underlying causes.

Which of the following statements is false?

Assurance and consulting are mutually exclusive and do preclude other auditing services such as investigations and nonauditing roles.

Shipping documents should be traced to and compared with sales records or invoices to

Assure that shipments are billed to customers.

Which of the following suggestions for the CAE related to EHS auditing is false?

At least once every three years, the CAE should schedule a quality assurance review of the environmental audit function if it is organizationally independent of the internal audit function.

Audit committees have been identified as a major factor in promoting the independence of both internal and external auditors. Which of the following is the most important limitation on the effectiveness of audit committees?

Audit committees may be composed of independent directors. However, those directors may have close personal and professional friendships with management.

When comparing perpetrators who have embezzled an organization's funds with perpetrators of financial statement fraud (falsified financial statements), those who have falsified financial statements are less likely to

Be living beyond their obvious means of support.

Internal auditors have a responsibility for helping to deter fraud. Which of the following best describes how this responsibility is usually met?

By evaluating the adequacy and effectiveness of controls in light of the potential exposure or risk.

One engagement procedure for an engagement to evaluate facilities and equipment is to test the accuracy of recorded depreciation. Which of the following is the best source of information that the equipment in question is in service?

A comparison of depreciation schedules with the maintenance and repair logs for the same equipment.

A standard engagement work program is not appropriate for which situation?

A complex or changing operating environment.

An internal auditor has been requested to perform a review of an organization's process for developing accruals for its liability to clean up toxic waste sites. The audit should determine whether

A Clean-up costs are reasonably estimated. B The organization monitors governmental investigations to identify locations where it may be potentially responsible for a waste site clean-up. C The organization has identified the situations in which it is potentially responsible for cleaning up a waste site. ***All of the answers are correct.

A United States organization plans to expand operations to Gambia. Which of the following are plausible assurance engagement objectives for an internal audit of the human resources department? 1) Evaluate the clarity and transparency of the design of global compensation and benefit systems. 2.) Identify methods of improving communications with assignees, line management, and leadership. 3) Assess compliance with applicable requirements for visas and work permits. 4.) Provide consultation to potential assignees and line management on terms and conditions of the internal assignment.

1 & 3

Which of the following are forms of punishment for those who violate an organization's code of conduct? 1 A warning 2 Loss of pay 3 Suspension 4 Termination

1 2 3 4

The chief audit executive (CAE) is trying to explain the range of responsibilities a senior internal auditor will be assuming as supervisor of an upcoming engagement that will employ a team of internal auditors. Which of the following are examples that the CAE might mention? 1 Assigning team members to specific roles and procedures. 2 Establishing a process to ensure regular, thorough, and timely communication of necessary information among team members. 3 Assuming responsibility for adequate supervision during the engagement. 4 Training less experienced team members in appropriate audit procedures.

1 2 4

An organization should use due care not to delegate substantial discretionary authority to individuals the organization knows have a propensity to engage in illegal activities. Which of the following are steps an organization can take to ensure that such individuals are detected? Screening of applicants for employment at all levels for evidence of past wrongdoing, especially past criminal convictions within the company's industry. Asking professionals about any history of discipline in front of licensing boards. Performing background checks without permission on employees' or applicants' credit reports to ensure that they are financially sound and are unlikely to commit theft or fraud.

1 and 2 only.

Risk modeling in a consulting service can be accomplished by 1. Ranking the engagement's potential to improve management of risks 2. Ranking the engagement's potential to add value 3. Ranking the engagement's potential to improve the organization's operations

1,2,3

Which of the following describes best practices in the benchmarking process? 1. Those practices encouraged by senior management. 2. Those practices recognized by authorities in the field and by customers for generating outstanding results. 3. Practices that generally are technically innovative.

2 & 3

Assuming independence is met, who likely can serve on a team conducting a periodic external review of the internal audit activity in an organization's regional office? 1 A tax consultant who has no audit experience but will review only technical matters related to tax audits. 2 An internal audit manager from another organization's internal audit activity. 3 An outside certified public accountant with internal audit managerial experience who has been an external auditor of the organization's financial reports. 4 An independent and objective audit manager from headquarters who is not a member of the regional audit activity.

2 3 4

When developing the internal audit plan, the chief audit executive must consider the following expectations of 1 Department managers 2 Stakeholders 3 Human resource managers

2 only

The advantage attributed to the establishment of internal auditing field offices for work at foreign locations is best described as

A reduction of travel time and related travel expense.

A chief audit executive most likely uses risk assessment for audit planning because it provides

A systematic process for assessing and integrating professional judgment about probable adverse conditions.

Which of the following is an indicator of possible financial reporting fraud being perpetrated by management of a manufacturer?

A trend analysis discloses (1) sales increases of 50% and (2) cost of goods sold increases of 25%.

When internal auditors perform a consulting engagement, what is the best statement of their responsibility regarding risk?

Address risk consistent with engagement objectives and be alert to certain other risks.

When is initial use of the conformance phrase by internal auditors appropriate?

After an external review completed within the past 5 years.

As part of a manufacturing company's environmental, health, and safety (EHS) self-inspection program, inspections are conducted by a member of the EHS staff and the operational manager for a given work area or building. If a deficiency cannot be immediately corrected, the EHS staff member enters it into a tracking database that is accessible to all departments via a local area network. The EHS manager uses the database to provide senior management with quarterly activity reports regarding corrective action. During review of the self-inspection program, an auditor notes that the operational manager enters the closure information and affirms that corrective action is complete. What change in the control system would compensate for this potential conflict of interest?

After closure is entered into the system, review by the EHS staff member of the original inspection team should be required in order to verify closure.

Organizational development (OD) is one of the major approaches to proactive management of change in organizations. One of the major objectives of OD is to

Align the organization's and the employees' goals.

All of these departments, except two, are on the potential list of engagement clients because of a risk analysis performed by the chief audit executive. Production department A is on the list because the president thinks too many bottlenecks occur in that department. The marketing department is on the list because the chief of security received an anonymous phone call accusing a marketing manager of accepting substantial financial kickbacks from a media outlet. Internal controls seem adequate in all departments, with the possible exception of marketing. What is the chief audit executive's most logical definition of risk of loss to be used in selecting engagement clients?

Amount of risk exposure times the probability of loss.

During an assessment of the risk associated with sales contracts and related commissions, which of the following factors would most likely result in an expansion of the engagement scope?

An increase in sales returns, along with an increase in commissions.

An internal auditor has set an engagement objective of ascertaining the reasonableness of the increases in rental revenue resulting from operating costs passed on to the lessee by the landlord. The internal auditor has already inspected the lease contract to determine that such costs are allowed. Which of the following engagement procedures will best meet this objective?

Analytical review.

At what minimal required frequency does the chief audit executive report the results of internal assessments in the form of ongoing monitoring to senior management and the board?

Annually.

Determining that engagement objectives have been met is part of the overall supervision of an engagement and is the ultimate responsibility of the

Chief audit executive.

During a post-completion engagement related to a warehouse expansion, the internal auditor noted several invoices for redecorating services from a local merchant that were account-coded and signed for payment only by the cost engineer. The internal auditor should

Compare the cost and description of the services with the account code used in the construction project and with related estimates in the construction-project budget.

An organization makes a practice of investing excess short-term cash in marketable equity securities. A reliable test of the valuation of those securities is a

Comparison of cost data with current market quotations.

A purchasing agent received expensive gifts from a vendor in return for directing a significant amount of business to that vendor. Which of the following organizational policies most effectively prevents such an occurrence?

Competitive bids should be solicited on purchases to the maximum extent that is practicable.

If a department outside of the internal audit activity is responsible for reviewing a function or process, the internal auditors should

Consider the work of the other department when assessing the function or process.

When monitoring the progress of management's disposition of recommendations, the internal auditors should do all of the following, except

Create an open-ended time frame for completion of responses to observations and recommendations

The most important reason for the chief audit executive to ensure that the internal audit department has adequate and sufficient resources is to

Demonstrate sufficient capability to meet the audit plan requirements.

An annual summary report of completed engagement work submitted to senior management and the board by the chief audit executive should

Describe the extent to which the internal audit activity has completed its approved audit plan.

The internal auditors have completed an engagement in the purchasing department and are preparing their final report. Throughout the engagement, the auditors have shared results with the purchasing manager. Which of the following is not a goal of the final audit report?

Describe the technical aspects of the methods used during the engagement.

An engagement to evaluate a transportation department is being conducted. Review procedures include an analysis of "rush shipment" requests. The engagement objective in this case is the

Determination of the need for rush shipment services.

As part of planning an engagement, the internal auditor in charge does all of the following except

Determine to whom engagement results will be communicated.

Which of the following best describes due diligence auditing?

Determining whether the business justification for a major transaction is valid.

During an operational engagement, an internal auditor observes a large number of above-ground storage containers and a large amount of black emissions from a smokestack. The organization has an environmental safety department. The engagement is not designed to consider environmental concerns. The best course of action is to

Document the observations and report them to the environmental safety department. Determine if their response will be timely, and follow-up to determine if they have taken timely action

Which of the following is not included in the statement of scope in an engagement final communication?

Engagement objectives.

An internal auditing supervisor reviewed the system of controls and the organizational objective of the purchasing department. What facet of engagement planning was the supervisor developing?

Engagement work program.

Which of the following is not a role of the internal audit activity in best practice governance activities?

Ensure the timely implementation of audit recommendations.

Fact Pattern: A purchasing agent acquired items for personal use with the organization's funds. The organization allowed designated employees to purchase a specified amount per day in merchandise under open-ended contracts. Supervisory approval of the purchases was required, but that information was not communicated to the vendor. Instead of reviewing and authorizing each purchase order, supervisors routinely signed the authorization sheet at the end of the month without reviewing any of the supporting documentation. Because purchases of this nature were not subject to normal receiving policies, the dishonest employee picked up the supplies at the vendor's warehouse. All purchases were for items routinely ordered by the organization. During the past year, the employee amassed enough merchandise to start a printing and photography business. Which of the following controls would have been most effective in preventing this fraud?

Establishing separation of duties between the ordering and receiving of merchandise.

The internal audit activity's responsibility for preventing fraud is to

Evaluate the system of internal control.

For review of an accounting department's bank reconciliation unit, which of the following is an appropriate engagement work program step for the review of canceled checks for authorized signatures?

Examining a representative sample of signed checks and determining that the signatures are authorized in the organizational signature book.

The best reason for establishing a code of conduct within an organization is that such codes

Express standards of individual behavior for members of the organization.

The acceptable level of detection risk is inversely related to the

Extent of engagement procedures performed.

Auditors must always be alert for the possibility of fraud. Assume the controls over each risk listed below are marginal. Which of the following possible frauds or misuses of organization assets should be considered the area of greatest risk?

Grants are made to organizations that might be associated with the president or are not for purposes dictated in the organization's charter.

Fact Pattern: During an early phase of an extensive engagement to evaluate a manufacturer's inventory management system, an internal auditor reviewed inventory levels. During this review, the internal auditor discovered that there had been recurring stockouts for some high demand items and that this had led to expensive expediting and work stoppages. Further investigation revealed that the purchasing department had regularly ordered these items based upon purchase orders produced automatically by the computerized inventory system. The quantity orders had been based on an economic order quantity (EOQ) model included in the computerized inventory system. The internal auditor determined that the EOQ model was properly designed and that the problem had resulted from failure to update data in the model concerning the time required for delivery.

Important problem that should be included in an engagement communication.

Which of the following statements is false with respect to information security?

Internal auditors should determine that senior management and the board, audit committee, or other governing body have a clear understanding that information reliability and integrity is the responsibility of the internal audit activity.

As an internal auditor for a multinational chemical producer, you have been assigned to an engagement at a local plant. This plant is similar in age, siting, and construction to two other plants owned by the same organization that have been recently cited for discharge of hazardous wastes. In addition, you are aware that chemicals manufactured at the plant release toxic by-products. Assume that you have evidence that the plant is discharging hazardous wastes. As a certified internal auditor, what is the appropriate communication requirement in this situation?

Issue an interim engagement communication to the appropriate levels of management.

How does fraud awareness training support fraud prevention?

Limits rationalization.

A charitable organization solicits donations by phone and e-mail. The generation of calling and mailing lists, the level of success of each solicitation, and the tracking of amounts pledged are performed electronically. Which of the following is the least satisfactory procedure for obtaining assurance about the completeness of recorded amounts pledged?

Mailed confirmations of amounts owed to suppliers.

The reliability and integrity of all critical information of an organization, regardless of the media in which the information is stored, is the responsibility of

Management.

Word selection can have an impact on the recipient when presenting an engagement communication in either oral or written form. In a oral or written presentation in which the internal auditor's objective is to persuade an individual to accept the recommendations, using words with strong or emotional connotation rather than words with low connotation

May misfire quickly, moving the recipient away from the internal auditor's recommendation.

An engagement objective is to determine if a company's accounts payable contain all outstanding liabilities. Which of the following audit procedures would not be relevant for this objective?

Select a sample of accounts payable from the accounts payable listing and verify the supporting receiving reports, purchase orders, and invoices.

An internal auditor is investigating the performance of a division with an unusually large increase in sales, gross margin, and profit. Which of the following indicators is least likely to indicate the possibility of sales-related fraud in the division?

One of the division's major competitors went out of business during the year.

An internal auditor traces individual time tickets to the payroll cost distribution and also traces totals from the payroll cost distribution to the various work-in-process accounts. If no exceptions are found, this procedure constitutes information indicating that

Payroll costs have been accurately distributed to work-in-process accounts.

The audit committee has expressed concern that the financial institution has been taking on higher-risk loans in pursuit of short-term profit goals. Which of the following engagement procedures provides the least amount of information to address this concern?

Perform an analytical review that involves developing a chart to compare interest income plotted over the past 10 years.

An approved audit plan for the internal audit activity is an essential part of

Planning for the internal audit activity.

Internal auditors communicate results to

Promote continuous improvement through elimination of outdated controls.

Recommendations should be included in audit reports to

Provide management with options for addressing audit findings.

Final engagement communications should, at a minimum, contain the purpose, scope, and results of the engagement. Engagement observations and recommendations should be based on four attributes: criteria, condition, cause, and effect. The cause can best be described as

Reason for the difference between the expected and actual conditions.

Which of the following is an example of business process reengineering?

Redesigning the production line to speed up production.

To avoid creating conflict between the chief executive officer (CEO) and the audit committee, the chief audit executive (CAE) should

Request board establishment of policies covering the internal audit activity's relationships with the audit committee.

Of the following reasons for employees to resist a major change in organizational processes, which is least likely?

Required attendance at training classes.

The chief audit executive should disseminate results to the appropriate individuals. Disseminating information outside the organization

Requires that an engagement performed to generate such information be conducted in accordance with the standards.

Lack of skills, threats to job status or security, and fear of failure all have been identified as reasons that employees often

Resist organizational change.

One purpose of the exit meeting is for the internal auditor to

Review and verify the appropriateness of the engagement communication based upon client input.

Feedback allows the chief audit executive to monitor the internal audit activity's efficiency and effectiveness. Actions resulting from feedback include all of the following except

Revising the actual engagement hours to reflect only budgeted hours.

Which type of facilitated approach format begins by listing all possible barriers, obstacles, threats, and exposures that might prevent achieving an objective?

Risk-based format.

While planning an engagement, an internal auditor establishes engagement objectives to describe what is to be accomplished. Which of the following is a key issue to consider in developing engagement objectives?

Risks associated with the activities to be reviewed.

Two merging retail enterprises agree to share data on store operations. The data reveal that three stores in Organization A are characterized by:

Schedule a surprise physical inventory. Investigate areas of inventory shrinkage.

The chief audit executive for a large decentralized organization has developed a manual containing comprehensive detailed written procedures as a guide for the decentralized engagement work groups, each of which has 20 to 30 internal auditors. The organization recently acquired a small organization that has an internal audit activity consisting of a supervisor and two staff personnel. Which of the following actions is the most practical in providing administrative guidance for this new internal audit activity?

Select key procedures from the manual and use informal supervisory direction for other engagement management issues.

Recommendations in engagement communications may or may not actually be implemented. Which of the following best describes internal auditing's role in follow-up on engagement recommendations? Internal auditing

Should follow up to ascertain that appropriate action is taken on engagement recommendations.

Number 3, "Difficulties with personal financial problems," is an example of a(n)

Situational pressure.

A chief audit executive may use risk analysis in preparing work schedules. Which of the following is not considered in performing a risk analysis?

Skills available on the internal audit staff.

An engagement communication relating to an engagement performed at a bank categorizes observations as "deficiencies" for major problems and "other areas for improvement" for less serious problems. Which of the following excerpts is properly included under "other areas for improvement?"

The bank is incurring unnecessary postage cost by not combining certain special mailings to checking account customers with the monthly mailing of their statements.

Which of the following individuals should normally not receive a final engagement communication related to a review of the purchasing cycle?

The chair of the board.

Who determines whether the internal audit activity has access to resources sufficient to evaluate the reliability and integrity of information?

The chief audit executive

An internal audit activity's evaluation of sales contracts revealed that a bribe had been paid to secure a major contract. The strong possibility existed that a senior executive had authorized the bribe. Which of the following best describes the proper distribution of the completed final engagement communication?

The chief audit executive should provide the board a copy of the report and decide whether further distribution is appropriate.

Coordination of internal and external auditing can reduce the overall costs. Who is responsible for actual coordination of internal and external auditing efforts?

The chief audit executive.

Which of the following is an effective tool for uncovering unethical or illegal activity in an organization?

The ethics questionnaire.

Which of the following best defines an internal auditor's opinion expressed following an assurance engagement?

The internal auditor's professional judgment about the situation that was reviewed.

An organization's management perceives the need to make significant changes. Which of the following factors is management least likely to be able to change?

The organization's environment.

Why should an organization use the survey form of control self-assessment (CSA)?

The organizational culture does not encourage openness.

An internal audit plan should include a review of the organization's compliance program and its procedures, including reviews to determine all but which of the following?

The performance of full background checks on employees and new hires.

An organization manufactures mirror frames. Scrap is adequately accounted for at the point of generation. The scrap is sorted and sold frequently to the organization's regular buyer at a price negotiated between the scrap manager and the buyer. A risk exposure caused by these procedures is that

The price received for scrap may be inadequate.

Quantitative risk management methods are most appropriate for

The use of derivatives by the organization.

Which of the following is not a requirement of the audit work plan of the internal audit activity?

To include the basics of the engagement work program.

Bobby Fitz, CAE, believes that the internal controls over cash disbursements need major revisions. Mr. Fitz discussed this matter with senior management and was very alarmed at their acceptance of this serious risk. What action should Mr. Fitz take next?

Understand management's basis for accepting the risk.

Management has asked the internal auditor to recommend monitoring controls that management could establish to provide timely oversight of the information systems contract. Which of the following is the least effective monitoring control?

Use internal auditors to investigate the appropriateness of costs, as part of a yearly engagement to evaluate the outsourcer.

The CAE used a group meeting of internal audit managers to reach a consensus on the competence of divisional personnel. Other factors were assessed as high, medium, or low by either the CAE or an internal audit manager who had performed an engagement at the division. The CAE assigned a weight ranging from 0.5 to 1.0 to each factor and then computed a composite risk score. Which statement is true?

Using a subjective group consensus to assess personnel competence is appropriate

When reviewing engagement working papers, the primary responsibility of an engagement supervisor is to determine that

Working papers adequately support the engagement observations, conclusions, and recommendations.

Which of the following statements regarding the review of workpapers is true?

Workpapers should be initialed and dated by the reviewer as evidence of supervisory review.


Set pelajaran terkait

Abeka 5th Grade Science Quiz 18 Study Guide

View Set

Principles of Real Estate (Part 1) - Chapter Quizzes

View Set

445 Ch. 5 - Competitive Advantage

View Set

Leadership Module 1- Ch. 7, 23, 24

View Set

Computer Fundamentals ch. 3 Test

View Set