ACCT 4631 - Internal Auditing: CIA Quiz Topic 1 & 2

Ace your homework & exams now with Quizwiz!

With regard to the exercise of due professional care, an internal auditor should A. Consider the relative materiality or significance of matters to which assurance procedures are applied. B. Emphasize the potential benefits of an engagement without regard to the cost. C. Consider whether criteria have been established to determine whether goals are achieved, not whether those criteria are adequate. D. Select procedures that are likely to provide absolute assurance that irregularities do not exist.

A. Consider the relative materiality or significance of matters to which assurance procedures are applied. Answer A is correct. Exercising due professional care means applying the care and skill expected of a reasonably prudent and competent internal auditor (Attr. Std. 1220). Internal auditors must exercise due professional care by considering, among other things, the relative complexity, materiality, or significance of matters to which assurance procedures are applied (Impl. Std. 1220.A1).

Through an engagement performed at the credit department, the chief audit executive (CAE) became aware of a material misstatement of the year-end accounts receivable balance. The external auditors have completed their engagement without detecting the misstatement. What should the CAE do in this situation? A. Inform the external auditors of the misstatement. B. Report the misstatement to management when the external auditors present a report. C. Exclude the misstatement from the final engagement communication because the external auditors are responsible for expressing an opinion on the financial statements. D. Perform additional engagement procedures on accounts receivable balances to benefit the external auditors.

A. Inform the external auditors of the misstatement. Answer A is correct. Rule of Conduct 2.3 under the objectivity principle states, "Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review." Additionally, the CAE should share information and coordinate activities with the external auditors (Perf. Std. 2050).

Internal auditors may include in their audit report that their activities conform with The IIA Standards. They may use this statement only if A. It is supported by the results of the quality program. B. An independent external assessment of the internal audit activity is conducted annually. C. Senior management or the board is accountable for implementing a quality program. D. External assessments of the internal audit activity are made by external auditors.

A. It is supported by the results of the quality program. Answer A is correct. The chief audit executive may state that the internal audit activity conforms with the International Standards for the Professional Practice of Internal Auditing only if the results of the quality assurance and improvement program support this statement (Attr. Std. 1321).

In applying the Rules of Conduct set forth in The IIA's Code of Ethics, internal auditors are expected to A. Not be unduly influenced by their own interests in forming judgments. B. Compare them with standards of other professions. C. Be guided by the desires of the engagement client. D. Use discretion in deciding whether to use them.

A. Not be unduly influenced by their own interests in forming judgments. Answer A is correct. The objectivity principle contained in The IIA's Code of Ethics states, in part, "Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments."

Control by management is the result of A. Planning, organizing, and directing of organizational activities. B. Ascertaining needs, identifying alternative courses of action, setting standards for measuring performance, and comparing outcomes with predetermined standards. C. Authorizing and monitoring performance and comparing actual performance with planned performance. D. Determining efficiency and economy of operations, including whether objectives have been met.

A. Planning, organizing, and directing of organizational activities. Answer A is correct. A control is any action taken by management, the board, or other parties to manage risk and increase the likelihood that established objectives will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives will be achieved. Thus, control by management is the result of proper planning, organizing, and directing.

Independence is freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner. Which policy best promotes independence? A. Requiring internal auditors to report to the chief audit executive any conflicts of interest or bias. B. Preventing the internal audit activity from recommending standards of control for systems that it evaluates. C. Allowing engagements concerning sensitive operations to be outsourced. D. Preventing personnel transfers from operating activities to the internal audit activity.

A. Requiring internal auditors to report to the chief audit executive any conflicts of interest or bias. Answer A is correct. Internal auditors are to report to the chief audit executive (CAE) any situation in which (1) an actual or potential impairment of independence or objectivity may reasonably be inferred or (2) they have questions about whether the situation constitutes an impairment of objectivity or independence. If the CAE determines that impairment exists or may be inferred, (s)he needs to reassign the auditor(s) (PA 1130-1, para. 1).

The chief audit executive for a large decentralized organization has developed a manual containing comprehensive detailed written procedures as a guide for the decentralized engagement work groups, each of which has 20 to 30 internal auditors. The organization recently acquired a small organization that has an internal audit activity consisting of a supervisor and two staff personnel. Which of the following actions is the most practical in providing administrative guidance for this new internal audit activity? A. Select key procedures from the manual and use informal supervisory direction for other engagement management issues. B. Use informal supervisory direction for engagement management issues. C. Use the already developed manual. D. Adopt the administrative procedures being followed by the internal auditors of the acquired organization.

A. Select key procedures from the manual and use informal supervisory direction for other engagement management issues. Answer A is correct. Orientation to acquaint the acquired organization's staff with the established environment should be through exposure to selected key procedures from the formal manual. The form and content of policies and procedures are dependent upon the size and structure of the internal audit activity and the complexity of its work (Inter. Std. 2040). Thus, a small internal audit activity may be managed informally, for example, through daily close supervision and written memoranda (PA 2040-1, para. 1).

Which situation most likely violates The IIA's Code of Ethics and the Standards? A. The chief audit executive (CAE) disagrees with the engagement client about the observations and recommendations in a sensitive area. The CAE discusses the detail of the observations and the proposed recommendations with a fellow CAE from another organization. B. An organization's charter for the internal audit activity requires the chief audit executive (CAE) to present the yearly engagement work schedule to the board for its approval and suggestions. C. The engagement manager has removed the most significant observations and recommendations from the final engagement communication. The in-charge internal auditor opposed the removal, explaining that (s)he knows the reported conditions exist. The in-charge internal auditor agrees that, technically, information is not sufficient to support the observations, but management cannot explain the conditions, and the observations are the only reasonable conclusions. D. Because the internal audit activity lacks skill and knowledge in a specialty area, the chief audit executive (CAE) has hired an expert. The engagement manager has been asked to review the expert's approach to the assignment. Although knowledgeable about the area under review, the manager is hesitant to accept the assignment because of lack of expertise.

A. The chief audit executive (CAE) disagrees with the engagement client about the observations and recommendations in a sensitive area. The CAE discusses the detail of the observations and the proposed recommendations with a fellow CAE from another organization. Answer A is correct. Rule of Conduct 3.1 under the confidentiality principle states, "Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties." Discussion of sensitive matters with an unauthorized party is the situation most likely to be considered a Code violation.

In which of the following situations does an internal auditor potentially lack objectivity? A. An internal auditor reviews the procedures for a new electronic data interchange (EDI) connection to a major customer before it is implemented. B. A former purchasing assistant performs a review of internal controls over purchasing 4 months after being transferred to the internal auditing department. C. An internal auditor recommends standards of control and performance measures for a contract with a service organization for the processing of payroll and employee benefits. D. A payroll accounting employee assists an internal auditor in verifying the physical inventory of small motors.

B. A former purchasing assistant performs a review of internal controls over purchasing 4 months after being transferred to the internal auditing department. Answer B is correct. Persons transferred to or temporarily engaged by the internal audit activity should not be assigned to audit those activities they previously performed until at least 1 year has elapsed. Such assignments are presumed to impair objectivity (PA 1130.A1-1, para. 1).

Which of the following actions by an internal auditor would violate The IIA's Code of Ethics? A. Attendance at an educational program offered by an engagement client to all employees. B. Acceptance of airline tickets from an engagement client. C. Disclosure, in an engagement communication, of all material facts relevant to the area reviewed. D. Disposal of a small ownership interest in the organization prior to learning of a business downturn.

B. Acceptance of airline tickets from an engagement client. Answer B is correct. Rule of Conduct 2.2 under the objectivity principle states, "Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment."

Which core principle of The IIA's Code of Ethics do the following actions violate? The internal auditor assumes operational duties on a temporary basis. The internal auditor performs an audit in a department managed by the auditor's father. The internal auditor managed the department being audited 6 months prior to the audit. The internal auditor receives a bonus based on the number of observations generated during an audit. A. Competency. B. Objectivity. C. Independence. D. Integrity.

B. Objectivity. Answer B is correct. According to The IIA's Code of Ethics, "Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interest or by others in forming judgments." The auditor should not participate in any activity or relationship that may impair or appear to impair an unbiased assessment. Assuming management responsibilities and auditing an area in which the auditor had such responsibilities within 1 year violate the objectivity principle. Performing an audit in a department managed by a family member also violates this principle because of an actual or implied conflict of interest. Accepting a bonus based on work accomplished during an audit also may impair or be presumed to impair the auditor's objectivity.

Internal auditors who fail to maintain their proficiency through continuing education could be found to be in violation of A. The International Standards for the Professional Practice of Internal Auditing. B. The IIA's Code of Ethics. C. Both the International Standards for the Professional Practice of Internal Auditing and The IIA's Code of Ethics. D. None of the answers are correct.

C. Both the International Standards for the Professional Practice of Internal Auditing and The IIA's Code of Ethics. Answer C is correct. Rule of Conduct 4.3 under the competency principle states, "Internal auditors shall continually improve their proficiency and the effectiveness and quality of their services." Furthermore, Attr. Std. 1230 states, "Internal auditors must enhance their knowledge, skills, and other competencies through continuing professional development." Hence, both The IIA's Code of Ethics and the Standards are violated by failing to earn continuing education credits.

External assessment of an internal audit activity is not likely to evaluate A. Adherence to the internal audit activity's charter. B. Conformance with the Standards. C. Detailed cost-benefit analysis of the internal audit activity. D. The tools and techniques employed by the internal audit activity.

C. Detailed cost-benefit analysis of the internal audit activity. Answer C is correct. The external assessment has a broad scope of coverage that includes (1) conformance with The IIA's mandatory guidance and the internal audit activity's charter, plans, policies, procedures, practices, and applicable legislative and regulatory requirements; (2) the expectations of the internal audit activity expressed by the board, senior management, and operational managers; (3) the integration of the internal audit activity into the governance process; (4) the tools and techniques employed by the internal audit activity; (5) the mix of knowledge, experience, and disciplines within the staff, including staff focus on process improvement; and (6) the determination whether the internal audit activity adds value and improves operations (PA 1312-1, para. 10). However, the costs and benefits of internal auditing are neither easily quantifiable nor the subject of an external assessment.

An internal audit activity has scheduled an engagement relating to a construction contract. One portion of this engagement will include comparing materials purchased with those specified in the engineering drawings. The internal audit activity does not have anyone on staff with sufficient expertise to complete this procedure. The chief audit executive should A. Delete the engagement from the schedule. B. Perform the entire engagement using current staff. C. Engage an engineering consultant to perform the comparison. D. Accept the contractor's written representations.

C. Engage an engineering consultant to perform the comparison. Answer C is correct. If the internal auditors lack the necessary expertise, external service providers should be employed who can provide the requisite knowledge, skills, and other competencies.

Which of the following, though not appropriate for use with a large internal audit activity, is an acceptable approach for managing a small internal audit activity? A. Preparing comprehensive policies and procedures. B. Writing detailed instructions and guidelines for each engagement area. C. Using only daily, close supervision and written memoranda. D. Developing technical manuals to guide performance.

C. Using only daily, close supervision and written memoranda. Answer C is correct. Formal administrative and technical audit manuals may not be needed by all internal audit entities. A small internal audit activity may be managed informally. Its audit staff may be directed and controlled through daily, close supervision and written memoranda. In a large internal audit activity, more formal and comprehensive policies and procedures are essential to guide the internal audit staff in the execution of the internal audit plan (PA 2040-1, para. 1).

The board is most likely to participate in approving A. Staff promotions and salary increases. B. Engagement communication observations, conclusions, and recommendations. C. Engagement work programs. D. Appointment of the chief audit executive.

D. Appointment of the chief audit executive. Answer D is correct. Organizational independence is effectively achieved when the CAE reports functionally to the board. Examples of functional reporting to the board involve the board Approving the internal audit charter Approving the risk-based internal audit plan Receiving communications from the CAE on the internal audit activity's performance Approving decisions regarding the appointment and removal of the CAE Making appropriate inquiries of management and the CAE to determine whether there are inappropriate scope or resource limitations (Inter. Attr. Std. 1110)

Internal auditing is an assurance and consulting activity. An example of an assurance service is a(n) A. Advisory engagement. B. Facilitation engagement. C. Training engagement. D. Compliance engagement.

D. Compliance engagement. Answer D is correct. According to The IIA Glossary, an assurance service is "an objective examination of evidence for the purpose of providing an independent assessment of governance, risk management, and control processes for the organization. Examples may include financial, performance, compliance, system security, and due diligence engagements."

As part of the process to improve internal auditor-engagement client relations, it is very important to deal with how the internal audit activity is perceived. Certain types of attitudes in the work performed will help create these perceptions. From a management perspective, which attitude is likely to be the most conducive to a positive perception? A. Objective. B. Investigative. C. Interrogatory. D. Consultative.

D. Consultative. Answer D is correct. A consultative attitude leads to two-way communication. Consultation considers the client's viewpoint, helps to dispel fear and mistrust, and demonstrates the value of internal auditing to the client.

A chief audit executive for a large manufacturer is considering revising the internal audit activity's charter with respect to the minimum educational and experience qualifications required. The CAE wants to require all staff auditors to possess specialized training in accounting and a professional auditing certification such as the Certified Internal Auditor or the Chartered Accountant. One of the disadvantages of imposing this requirement is that the policy A. Might negatively affect the internal audit activity's ability to perform quality engagements relating to the organization's financial and accounting systems. B. Does not promote the professionalism of the internal audit activity. C. Would prevent the internal audit activity from using external service providers when it did not have the knowledge, skills, and other competencies required in certain engagements. D. Could limit the range of services that could be performed due to the internal audit activity's narrow expertise and backgrounds

D. Could limit the range of services that could be performed due to the internal audit activity's narrow expertise and backgrounds Answer D is correct. Each member of the internal audit activity need not be qualified in all disciplines (PA 1210.A1-1, para. 1). The internal audit activity should have an appropriate balance of experience, training, and skills to permit the performance of a wide range of services. Requiring certain professional certifications could limit the range of services offered by the internal audit activity.

In their reporting, internal auditors are required by The IIA's Code of Ethics to A. Present sufficient factual information without revealing confidential matters that could be detrimental to the organization. B. Disclose all material information obtained by the auditor as of the date of the final engagement communication. C. Obtain factual information within the established time and budget parameters. D. Disclose material facts known to the internal auditor that could distort the final engagement communication if not revealed.

D. Disclose material facts known to the internal auditor that could distort the final engagement communication if not revealed. Answer D is correct. Rule of Conduct 2.3 under the objectivity principle states, "Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review."

One of the purposes of the International Standards for the Professional Practice of Internal Auditing ("the Standards") is to A. Encourage the professionalization of internal auditing. B. Establish the independence of the internal audit activity and emphasize the objectivity of internal auditing. C. Encourage external auditors to make more extensive use of the work of internal auditors. D. Establish the basis for evaluating internal auditing performance.

D. Establish the basis for evaluating internal auditing performance. Answer D is correct. The IIA provides the following purposes of the Standards: 1. Delineate basic principles that represent the practice of internal auditing. 2. Provide a framework for performing and promoting a broad range of value-added internal audit activities. 3. Establish the basis for evaluating internal auditing performance. 4. Foster improved organizational processes and operations.

Which of the following goals sets risk management strategies at the optimum level? A. Minimize costs. B. Maximize market share. C. Minimize losses. D. Maximize shareholder value.

D. Maximize shareholder value. Answer D is correct. The risk management processes chosen depend on the organization's culture, management style, and business objectives. These choices should optimize stakeholder (for example, shareholder) value by coping effectively with uncertainty, risks, and opportunities. Thus, maximizing shareholder value is a comprehensive approach that relates to risk management strategies across the organization.

Which of the following statements is an appropriate reason for the internal audit activity not to participate in the systems development process? A. Recommendations prior to implementation will affect independence, and the internal auditors will not be able to perform an objective evaluation after the system is implemented. B. Participation will delay implementation of the project. C. Participation will cause the internal auditors to be labeled as partial owners of the application, and they will then have to share the blame for any problems that remain in the system. D. None of the answers are correct.

D. None of the answers are correct. Answer D is correct. Objectivity is not adversely affected when the internal auditors recommend standards of control for systems or review procedures before they are implemented. Designing, installing, drafting procedures for, or operating systems is presumed to impair objectivity (PA 1120-1, para. 4).

A review of an organization's code of conduct revealed that it contained comprehensive guidelines designed to inspire high levels of ethical behavior. The review also revealed that employees were knowledgeable of its provisions. However, some employees still did not comply with the code. What element should a code of conduct contain to enhance its effectiveness? A. Periodic review and acknowledgment by all employees. B. Employee involvement in its development. C. Public knowledge of its contents and purpose. D. Provisions for disciplinary action in the event of violations.

D. Provisions for disciplinary action in the event of violations. Answer D is correct. Penalties for violations of a code of conduct should enhance its effectiveness. Some individuals will be deterred from misconduct if they expect it to be detected and punished.

During an examination of grants awarded by a not-for-profit organization, an internal auditor discovered a number of grants made without the approval of the grant authorization committee (which includes outside representatives), as required by the organization's charter. All the grants, however, were approved and documented by the president. The chair of the grant authorization committee, who is also a member of the board of directors, proposes that the committee meet and retroactively approve all the grants before the engagement communication is issued. If the committee meets and approves the grants before such issuance, the internal auditor should A. Not report the grants in question because they were approved before the issuance of the engagement communication. B. Discuss the matter with the chair of the grant committee to determine the rationale for not approving the grants earlier. If the grants are routine, discussion of the grant committee's inaction should be omitted from the engagement communication. C. Include the items in the communication as an override of the organization's controls. Details about each grant should be reported, and the internal auditor should investigate further for fraud. D. Report the override of control to the board.

D. Report the override of control to the board. Answer D is correct. Rule of Conduct 2.3 under the objectivity principle states, "Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review." The management override of an important control over approval of grants created a material risk exposure. The internal auditor is ethically obligated to report the matter to senior officials charged with performing the governance function.


Related study sets

Chapter 10. MAKING CAPITAL INVESTMENT DECISIONS

View Set

ASTR 111 Chapter 7 Review Questions

View Set

Unit #4: The Western Expansion - Mining

View Set

CH 1 Cognitive Psychology Reisberg

View Set

NMLS National Do Not Call Registry

View Set

Articles of Confederation and the Constitution (Moody)

View Set

Georgia Life and Health Mock Exam

View Set

PNC IV - Test 2 - ECG Interpretation - The Basics

View Set