CIA Part I
26. Management is exploring different ways of reducing or preventing pollution in manufacturing operations. The objective of a pollution prevention audit is to identify opportunities where waste can be minimized and pollution can be eliminated at the source rather than controlled at the end of a process. In what order should the following opportunities to reduce waste be considered? I. Recycle and reuse. II. Elimination at the source. III. Energy conservation. IV. Recovery as a usuable product. V. Treatment. a. V, II, IV, I, and III. b. IV, II, I, III, and V. c. I, III, IV, II, and V. d. III, IV, II, V, and I.
b. IV, II, I, III, and V.
48. Internal auditors and management have become increasingly concerned about computer fraud. Which of the following control procedures would be least important in preventing computer fraud? a. Program change control which required a distinction between production programs and test programs. b. Testing of new applications by users during the systems development process. c. Segregation of duties between the applications programmer and the program librarian function. d. Segregation of duties between the programmer and systems analyst.
b. Testing of new applications by users during the systems development process. d. Segregation of duties between the programmer and systems analyst.
70. Which of these statements should be in the recommendation section of the finding? a. III only. b. III and IV only. c. V only. d. VI only.
c. V only
42. If the auditors were to perform a preliminary review, which of the following procedures should be performed? a. Review reports of audits performed by regulatory and outside auditors since the last internal audit. b. Interview management to identify changes made in policies regarding investments or loans. c. Review minutes of the board of directors' meetings to identify changes in policies affecting investments and loans. d. All of the above.
d. All of the above.
23. If the internal auditing department is assigned the responsibility of conducting an environmental audit, which of the following actions should be performed first? a. Conduct risk assessments for each site. b. Review company policies and procedures. c. Provide the assigned staff with technical training. d. Review the environmental management system.
b. Review company policies and procedures.
29. The auditor wants to determine whether or not the computer program is appropriately matching the purchase receipts, and vendor invoices throughout the year. Which one of the following computerized audit techniques would be most efficient and effective in accomplishing this objective? a. Use the test data method during the last quarter. b. Use an integrated test facility throughout the year. c. Use parallel simulation and apply on a monthly basis. d. Use the SCARF (Systems Control Audit Review File) on a daily basis.
b. Use an integrated test facility throughout the year.
20. If a manufacturing firm has established a limit on the number of defects that are tolerable in the final assembly of its product, which of the following quality control procedures should be employed? I. Inspect completed goods for compliance with established tolerances. II. Review sales returns for defects not detected during the final inspection process. III. Compare materials and machinery specifications to original product designs. IV. Establish a quality circle which includes management and subordinates to discuss labor efficiency. a. I, III, and IV. b. II and III only. c. I, II, and III. d. III and IV only.
c. I, II, and III
44. Which of the following items might alert the auditor to the possibility of fraud in the division? a. The division is not scheduled for an external audit this year. b. Sales have increased by 10 percent. c. A significant portion of management's compensation is directly tied to reported net income of the division. d. All of the above.
c. A significant portion of management's compensation is directly tied to reported net income of the division.
49. Which of the following preprocessing controls is least likely to provide the auditor with assurance about the validity of transactions? a. Verification of the requestor. b. Authentication of information. c. Exception processing. d. Decryption of data.
d. Decryption of data.
58. Which of the following indicators is least likely to indicate the possibility of sales-related fraud in the division? a. A significant portion of divisional management compensation is based on reported divisional profits. b. There is an unusually large amount of sales returns recorded after year-end. c. The auditor has taken a random sample of sales invoices, but cannot locate a shipping document for a number of the sales transactions selected for November and December. d. One of the division's major competitors went out of business during the year.
d. One of the division's major competitors went out of business during the year.
2. Which of the following factors would be considered the least important in deciding whether existing internal audit resources should be moved from the ongoing legal compliance audit to the management-requested division audit? a. A financial audit of the division by the external auditor a year ago. b. The potential of fraud associated with the legal compliance audit. c. The increase in expenditures at the division for the past year. d. The potential for significant regulatory fines associated with the legal compliance audit.
a. A financial audit of the division by the external auditor a year ago.
56. Which of the following database controls would be most effective in maintaining a segregation of duties appropriate to the users' reporting structure within an organization? a. Access security features. b. Software change control procedures. c. Dependency checks. d. Backup and recovery procedures.
a. Access security features.
26. Audit committees have been identified as a major factor in promoting both the internal and external auditor's independence. Which of the following is the most important limitation on the effectiveness of audit committees? a. Audit committees may be composed of independent directors. However, those directors. may have close personal and professional friendships with management. b. Audit committee members are compen¬sated by the organization and thus favor a stockholder's view. c. Audit committees devote most of their efforts to external audit concerns and do not pay much attention to internal auditing and the overall control environ¬ment. d. Audit committee members do not normally have degrees in the accounting or auditing fields.
a. Audit committees may be composed of independent directors. However, those directors. may have close personal and professional friendships with management.
59. The Standards would not require the director of internal auditing to: a. Contribute resources for the annual audit of financial statements. b. Coordinate audit work with that of the external auditors. c. Communicate to senior management and the board the results of evaluations of the coordination between internal and external auditors. d. Communicate to senior management and the board the results of evaluations of the performance of external auditors.
a. Contribute resources for the annual audit of financial statements.
13. Which of the following is a control strength? (A correct response to this question may involve making more than one answer.) a. Goods received are scanned in to develop an electronic receiving report. b. The scanned in goods are reconciled with the number of price tags generated and attached to the products. c. Product managers are permanently assigned to specific product lines to develop expertise. d. Product managers are given a purchasing budget by the marketing manager which may constrain the amount of their purchases.
a. Goods received are scanned in to develop an electronic receiving report. b. The scanned in goods are reconciled with the number of price tags generated and attached to the products. d. Product managers are given a purchasing budget by the marketing manager which may constrain the amount of their purchases.
53. Red flags are conditions which indicate a higher likelihood of fraud. Which of the following would not be considered a red flag? a. Management has delegated the authority to make purchases under a certain dollar limit to subordinates. b. An individual has held the same cash-handling job for an extended period without any rotation of duties. c. An individual handling marketable securities is responsible for making the purchases, recording the purchases, and reporting any discrepancies and gains/losses to senior management. d. The assignment of responsibility and accountability in the accounts receivable department is not clear.
a. Management has delegated the authority to make purchases under a certain dollar limit to subordinates.
53. During an audit of a manufacturing division of a defense contractor, the auditor came across a scheme which looked like the company was inappropriately adding costs to a cost-plus governmental contract. The auditor discussed the manner with senior management which suggested that the auditor seek an opinion from legal counsel. The auditor did so and, upon review of the government contract, legal counsel indicated that the practice was questionable, but did offer the opinion that the practice was not technically in violation of the government contract. Based on legal counsel's decision, the auditor decided to omit any discussion of the practice in the formal audit report that went to management and the audit committee, but did informally communicate legal counsel's decision to management. Did the auditor violate The IIA's Code of Ethics? a. No. The auditor followed up the matter with appropriate personnel within the organization and reached a conclusion that no fraud was involved. b. No. If a fraud is suspected, it should be resolved at the divisional level where it is taking place. c. Yes. It is a violation because all important information, even if resolved, should be reported to the audit committee. d. Yes. Internal legal counsel's opinion is not sufficient. The auditor should have sought advice from outside legal counsel.
a. No. The auditor followed up the matter with appropriate personnel within the organization and reached a conclusion that no fraud was involved.
46. Before authorizing payment of an EDI invoice, the computer automatically compares the invoice with the purchase order and receiving report data. When the system was being developed, the auditor reviewed the payment authorization program and made recommendations. Which one of the following was most likely recommended by the auditor for the situation in which the quantity invoiced is greater than the quantity received? a. Prepare an exception report. b. Pay the amount billed and adjust the inventory for the difference. c. Return the invoice to the vendor. d. Authorize payment of the full invoice, but maintain an open purchase order record for the missing goods.
a. Prepare an exception report.
24. In which year did the division have the highest productivity in terms of numbers of homes built? a. 1992. b. 1993. c. 1994. d. 1995.
b. 1993.
6. Discuss the matter with plant security. What priority should the above actions have? a. 1, 6, and 4. b. 4, 5, and 6. c. 6, 5, and 1. d. 2, 3, and 4.
b. 4, 5, and 6.
4. A large data processing center is experiencing processing bottlenecks at peak batch-processing hours. The center is sometimes unable to complete all batch processing by the start of the next business day, creating difficulties in starting on-line systems in a timely manner. In investigating this problem, the internal auditor should initially focus on controls over: a. Backup/restart procedures. b. Job scheduling. c. Console logs. d. Program documentation.
b. Job scheduling.
58. When assessing application controls, which one of the following input controls or edit checks is most likely to be used to detect a data input error in the customer account number field? a. Limit check. b. Validity check. c. Control total. d. Hash total.
b. Validity check.
66. Monitoring is an important component of internal control. Which of the following items would not be an example of monitoring? a. Management regularly compares divisional performance with budgets for the division. b. Data processing management regularly generates exception reports for unusual transactions or volumes of transactions and follows up with investigation as to causes. c. Data processing management regularly reconciles batch controls totals for items processed with batch controls for items submitted. d. Management has asked internal auditing to perform regular audits of the control structure over cash processing.
c. Data processing management regularly reconciles batch controls totals for items processed with batch controls for items submitted.
11. A decentralized production facility uses a mini-computer to process inventory and production records. The computer system transmits data to the main production facility as a batch process each day. Which of the following would the auditor perform as part of a review of the production facility's general controls? I. Reviewing the fire suppression capabilities located at the production facility. II. Reviewing position descriptions for production personnel assigned to computer-related duties. III. Reviewing error listings of inventory transactions incorrectly entered. IV. Reviewing record counts of production data transmitted to the central facility. a. III only. b. II and IV. c. I and II only. d. I, II, and III.
c. I and II only.
38. Assume the auditor investigates and finds that the company providing the computing services is clearly performing research and development activities and charging the governmental entity for those activities because it is experimenting with implementing the security techniques on the governmental entity. Which of the following statements are correct? I. Fraud must exhibit intentional deception. II. Determining whether this is a violation of contract terms is a legal function, not an audit function. III. It would be fraud only if the outsourcer had implemented similar security measures at other entities. a. I only. b. II only. c. I and II only. d. I, II, and III.
c. I and II only.
8. In order to prevent maintenance materials from being charged incorrectly to capital projects, the accounting information system should: a. Verify that the project number being entered contains the required number of characters. b. Authenticate the user identification and verify the input location. c. Use tables of project numbers and material requirements. d. Require internal file labels for inventory transactions.
c. Use tables of project numbers and material requirements.
19. Which of the following would best describe the reason that the division has experienced growth in both the number of employees and market share during 1995? a. Increased productivity per employee. b. Increase in the housing price index for the region. c. Increase in number of jobs in progress at year-end. d. Acquisition of another building company during the year.
d. Acquisition of another building company during the year.
25. In many countries the company generating hazardous waste is responsible for the waste from "cradle to grave" (creation to destruction). A potential risk to the company is the use of an outside vendor to process hazardous waste. Which of the following steps should be performed during a review of the waste vendor? a. Review the vendor's documentation on hazardous material. b. Review the financial solvency of the vendor. c. Review the vendor's emergency response planning. d. All of the above.
d. All of the above.
30. An auditor decides to perform an inventory turnover analysis for both raw materials inventory and finished goods inventory. The analysis would be potentially useful in: a. Identifying products for which management has not been attuned to changes in market demand. b. Identifying potential problems in purchasing activities. c. Identifying obsolete inventory. d. All of the above.
d. All of the above.
31. An internal auditor finds that senior management has given tacit approval to activities which have resulted in prematurely recognizing revenue for goods that were not shipped. A preliminary investigation corroborates the auditor's initial findings. As part of the annual financial statement audit, the internal auditor coordinates work with the external auditor, who has asked to review the internal audit workpapers related to the audit of sales activities. Assuming the dollar amounts could be material to the financial statements, the auditor should report the finding to: a. Internal legal counsel to gain an assessment as to whether the action might constitute a fraud. b. The audit committee since it is a significant accounting matter that should be addressed before the year-end audit is issued. c. The external auditor as part of the process of sharing audit working papers. d. All of the above.
d. All of the above.
53. An internal auditor has been requested to perform a review of the company's process for developing accruals for its liability to clean up toxic waste sites. The audit should determine whether: a. The company monitors governmental investigations to identify locations where it may be potentially responsible for a waste site clean-up. b. The company has identified the situations in which it is potentially responsible for cleaning up a waste site. c. Clean-up costs are reasonably estimated. d. All of the above.
d. All of the above.
68. Auditors are operating in organizations in which management is in the process of "reengineering" operations with strong emphasis on total quality management techniques. In their quest to gain efficiency in processing, many of the traditional control procedures are being deleted from the organization's control structure. As part of this change, management is: a. Placing more emphasis on monitoring control activities. b. Making different assumptions about human performance and the nature of human motivation than was done under traditional control techniques. c. Placing more emphasis on self-correcting control activities and process automation. d. All of the above.
d. All of the above.
7. Which of the following would indicate that fraud may be taking place in a marketing department? a. There is no documentation for some fairly large expenditures made to a new vendor. b. A manager appears to be living a lifestyle that is in excess of what could be provided by a marketing manager's salary. c. The control environment can best be described as "very loose." However, this attitude is justified by management on the grounds that it is needed for creativity. d. All of the above.
d. All of the above.
28. Assume that an auditor's findings are so serious that, in the auditor's view, they require immediate action by management. Which of the following statements regarding the auditor's responsibility with respect to reporting and follow up are correct? I. The conditions should be actively monitored by the internal auditor until corrected. II. The initial findings should be communicated to senior management and the audit committee even if the audit of the activities is not complete. III. The auditor should test the actions implemented by management to determine if they remedy the problem. a. I only. b. II only. c. II and III only. d. I, II, and III.
d. I, II, and III.
19. The use of transaction codes provides the fleet manager with information concerning the types of inventory activity. The auditor is considering an analytical review of transaction codes and materials used. The objective of this review is to: a. Provide evidence of inventory items which are overstocked. b. Reveal shortages in perpetual inventory records. c. Determine whether inventory items are properly valued. d. Identify possible material lost due to employee theft.
d. Identify possible material lost due to employee theft.
5. Which of the following is not a benefit of using information technology in solving audit problems? a. It helps reduce audit risk. b. It improves the timeliness of the audit. c. It increases audit opportunities. d. It improves the auditor's judgment.
d. It improves the auditor's judgment.
31. The auditor wishes to determine if the change in investment income during the current year was due to (a) changes in investment strategy; (b) changes in portfolio mix; or (c) other factors. Which of the following analytical review procedures should the auditor use? a. Simple linear regression which compares investment income changes over the past five years to determine the nature of the changes. b. Ratio analysis which compares changes in the investment portfolio on a monthly basis. c. Trend analysis which compares the changes in investment income as a percentage of total assets and of investment assets over the past five years. d. Multiple regression analysis which includes independent variables related to the nature of the investment portfolio and market conditions.
d. Multiple regression analysis which includes independent variables related to the nature of the investment portfolio and market conditions.
38. Is Action 5 a violation of the Standards? a. Yes. Internal control should be evaluated on every audit, but the internal control questionnaire is not the mandated approach to evaluate the controls. b. No. Auditors may omit necessary procedures if there is a time constraint. It ia a matter of audit judgment. c. Yes. Internal control should be evaluated on every audit engagement and the internal control questionnaire is the most efficient method to do so. d. No. Auditors are not required to fill out internal control questionnaires on every audit.
d. No. Auditors are not required to fill out internal control questionnaires on every audit.
37. Considering Actions 2, 3 and 4 that were taken, which would be considered a violation of the Standards? a. Actions 2, 3, and 4. b. Action 4 only. c. Action 2 and 3 only. d. None of the Actions.
d. None of the Actions.
57. An internal auditor, recently terminated from a company due to downsizing, has found a job with another company in the same industry. Which of the following disclosures made by the internal auditor to the new organization would constitute a violation of The IIA's Code of Ethics? a. The auditor used the audit risk approach that was used by the auditor's former employer in determining audit priorities in the new job. b. The new audit department does not utilize PPS sampling and the auditor believes PPS sampling has advantages for many of the types of audits conducted by the new employer. c. While at the previous firm, the auditor conducted a great deal of research to identify "best practices" for the management of the treasury function as part of an audit for that firm. Since most of the research was done at home and during non-office hours, the auditor retained much of the research and plans to use it in conducting an audit of the treasury function at the new employer. d. None of the above represent a violation of the Code.
d. None of the above represent a violation of the Code.
46. Without prejudice to your response to question 45, assume that the auditor finds that total health insurance costs for the organization are 10% higher per employee than for comparable companies in the same industry. Based on this finding, the auditor can conclude: a. The company is paying too high a premium to the health care processor for administering the health plan. b. The health care processor is not doing a good job in denying claims that should not be paid. c. The company is providing better health care coverage to its employees than are its competitors. d. None of the above.
d. None of the above.
34. The auditor wants to determine that only the marketing manager and other designated personnel in the department have approved changes to the price of products in the product database. Which of the following audit procedures would provide the most persuasive evidence on the effectiveness of the control over price changes? a. Use an integrated test facility (ITF) and submit product orders to the ITF. Compare the prices invoiced to the prices in the most recent catalog. b. Use the System Control Audit Review File (SCARF) audit technique to create a listing of all customer orders exceeding a specified dollar limit and print out the results for subsequent investigation. c. Obtain a copy of all authorized price changes and manually trace to the current edition of the organization's catalog. d. Obtain a computerized log of all changes made to the price database. Take a random sample of changes and trace to a signed document by the person authorizing the change.
d. Obtain a computerized log of all changes made to the price database. Take a random sample of changes and trace to a signed document by the person authorizing the change.
14. Which of the following control procedures would be the least effective in preventing a fraud conducted by sending purchase orders to bogus vendors? a. Require that all purchases be made from an authorized vendor list maintained independently of the individual placing the purchase order. b. Require that only approved vendors be paid for purchases, based on actual production. c. Require contracts with all major vendors from whom production components are purchased. d. Require that total purchases for a month not exceed the total budgeted purchases for that month.
d. Require that total purchases for a month not exceed the total budgeted purchases for that month.
50. Assume the auditor becomes concerned that significant fraud may be taking place by dentists who are billing the health care processor for services that were not provided. For example, employees may have their teeth cleaned, but the dentist charges the processor for pulling teeth and developing dentures. The most effective audit procedure to determine whether such a fraud exists would be to: a. Develop a schedule of payments made to individual dentists. Verify that payments were made to the dentists by confirming the payments with the health care processor. b. Take a random sample of payments made to dentists and confirm the amounts paid with the dentists' offices to determine that the amounts agree with the amounts billed by the dentists. c. Take a random sample of claims submitted by dentists and trace through the system to determine whether the claims were paid at the amounts billed. d. Take a discovery sample' of employee claims which were submitted through dentist offices, and confirm the type of service performed by the dentist through direct correspondence with the employee who had the service performed.
d. Take a discovery sample' of employee claims which were submitted through dentist offices, and confirm the type of service performed by the dentist through direct correspondence with the employee who had the service performed.
39. Which of the following audit procedures would be least effective in addressing the auditor's concern? a. Retest the computation of the overhead by multiplying actual costs by the overhead rate. b. Take a probability-proportional-to-size sample of expenditures included in the company's overhead expense and examine to determine if they are consistent with the contract. c. Recompute the overhead rate to determine if it is properly computed on the appropriate base. d. Take a sample of contractor payments to determine if the underlying expense was appropriately classified as contract expense or overhead.
d. Take a sample of contractor payments to determine if the underlying expense was appropriately classified as contract expense or overhead.
65. Which of the following audit procedures would provide the least relevant evidence in determining that payroll payments were made to bona fide employees? a. Reconcile time cards in use to employees on the job. b. Examine canceled checks for proper endorsement and compare to personnel records. c. Test for segregation of the authorization for payment from the hire/fire authorization. d. Test the payroll account bank reconciliation by tracing outstanding checks to the payroll register.
d. Test the payroll account bank reconciliation by tracing outstanding checks to the payroll register.
48. When the audit was assigned, management asked the auditor to evaluate the appropriateness of using self-insurance to minimize risk to the organization. Given the scope of the audit requested by management, should the auditor engage an actuarial consultant to assist in the audit if these skills do not exist on staff? a. No. The audit department is skilled in assessing controls, and the insurance control concepts are not distinctly different from other control concepts. b. No. It is a normal audit function to assess risk; this audit engagement is therefore not unique. c. Yes. An actuary is essential to determine whether the health care costs are reasonable. d. Yes. The actuary has skills, not usually found in auditors, to identify and quantify self-insurance risks.
d. Yes. The actuary has skills, not usually found in auditors, to identify and quantify self-insurance risks.
3. During a preliminary survey, an auditor notes that several accounts payable vouchers for major suppliers show adjustments for duplicate payment of prior invoices. This would indicate: a. A need for additional testing to determine related controls and the current exposure to duplicate payments made to suppliers. b. An unrecorded liability for the amount of purchases which are not processed while awaiting supplier master file address maintenance. c. A lack of control in the receiving area that prevents timely notice to the accounts payable area that goods have been received and inspected. d. The existence of a sophisticated accounts payable system that correlates overpayments to open invoices and therefore requires no further audit concern.
a. A need for additional testing to determine related controls and the current exposure to duplicate payments made to suppliers.
37. An employee in the payroll department is contemplating a fraud which would involve the addition of a fictitious employee and the input of fictitious hours worked. The paycheck would then be sent to the payroll employee's home address. The most effective control procedure to prevent this type of fraud would be to require that: a. A report of all new employees added be approved by someone outside of the payroll department. Require that reports showing all employees and hours worked be sent to the supervisor's department for review. b. All new employees and their hours worked be input by the human resources department. c. All changes to employee records be approved by supervisors outside of both human resources and payroll. d. The payroll department physically deliver paychecks to employees, rather than mailing them to the employees.
a. A report of all new employees added be approved by someone outside of the payroll department. Require that reports showing all employees and hours worked be sent to the supervisor's department for review.
50. Which of the following concepts distinguishes the retention of computerized audit workpapers from that of the traditional hardcopy form? a. Analyses, conclusions, and recommendations are filed on electronic media and are therefore subject to computer system controls and security procedures. b. Evidential support for all findings is copies and provided to local management during the closing conference and to each person receiving the final report. c. Computerized data files can be used in EDP audit procedures. d. Audit programs can be standardized to eliminate the need for a preliminary survey at each location.
a. Analyses, conclusions, and recommendations are filed on electronic media and are therefore subject to computer system controls and security procedures.
33. During an audit, an employee with whom you have developed a good working relationship informs you that she has some information about top management which would be damaging to the organization and may concern illegal activities. The employee does not want her name associated with the release of the information. Which of the following actions would be considered inconsistent with the IIA Code of Ethics and Standards? a. Assure the employee that you can maintain her anonymity and listen to the information. b. Suggest the person consider talking to legal counsel. c. Inform the individual that you will attempt to keep the source of the information confidential and will look into the matter further. d. Inform the employee of other methods of communicating this type of information.
a. Assure the employee that you can maintain her anonymity and listen to the information.
1. Division A has a large number of small customers and has automated cash collection. Customers are requested to return a copy of their invoice (turnaround document) with their payment. The returned document contains the customer's account number, name, and other pertinent information. A cash listing is developed immediately by the cash receipts/mail clerk who then segregates checks and turnaround documents. Checks are given to the treasurer for deposit. Turnaround documents are given to the accounts receivable department for posing. Customer inquiries are referred to the customer service section of the accounts receivable department. If a customer fails to return the turnaround document, the best control would be to have a substitute document prepared by the: a. Cash receipts/mail clerk. b. Treasurer. c. Accounts receivable clerk. d. Customer service section.
a. Cash receipts/mail clerk.
64. An organization has outsourced many services, including waste collection, cafeteria, and custodial services, which had previously been performed internally. Management requests an audit of contract compliance and the overall performance of the companies performing the outsourced activities. Which of the following audit procedures would be the least effective in accomplishing the audit objectives? a. Comparison of current costs with the costs of performing the same services before they were outsourced. b. Comparison of charges with the terms of the outsourcing contract. c. A survey of users' satisfaction with the services performed by the outsourcer. d. Comparison of identified activities for each outsourcer with "best practices" of other outsourcers.
a. Comparison of current costs with the costs of performing the same services before they were outsourced. d. Comparison of identified activities for each outsourcer with "best practices" of other outsourcers.
7. The auditor randomly selects participants in the job retraining program for the past year to verify that they had met all the eligibility requirements. This type of audit is best referred to-as a(n): a. Compliance audit. b. Operational audit. c. Economy and efficiency audit. d. Program audit.
a. Compliance audit.
22. Management is evaluating the need for an environmental audit program. Which one of the following should not be included as an overall program objective? a. Conduct site assessments at both facilities. b. Verify company compliance with all environmental laws. c. Evaluate waste minimization opportunities. d. Ensure management systems are adequate to minimize future environmental risks.
a. Conduct site assessments at both facilities.
32. The auditor used the reporting capabilities of the 4GL to analyze the data files for unusual activity, such as excessive overtime hours, unusual fluctuations in pay rates, or excessive vacation time. The application controls being verified by this analysis are: a. Edit and validation controls. b. Rejected and suspense item controls. c. Controls over update access to the database. d. Programmed balancing controls.
a. Edit and validation controls.
67. Systems development audits include reviews at various points to ensure that development is properly controlled and managed. The reviews should include all of the following except: a. Conducting a technical feasibility study on the available hardware, software, and technical resources. b. Examining the level of user involvement at each stage of implementation. c. Verifying the use of controls and quality assurance techniques for program development, conversion, and testing. d. Determining if system, user, and operations documentation conforms to formal standards.
a. Conducting a technical feasibility study on the available hardware, software, and technical resources.
63. Management has requested that the auditor investigate the possibility of kickbacks going to a purchasing agent. Which of the following procedures would be least effective in addressing management's concern? a. Confirm all contract terms with vendors. b. Analyze, by purchasing agent, all increases in cost of procured goods from specific vendors. c. Take a statistical sample of goods purchased and compare purchase prices for goods with those of other sources of similar goods, such as other companies or catalogs. d. Observe any changes in the lifestyles or individual consumption habits of the purchasing agents involved.
a. Confirm all contract terms with vendors.
52. Which of the following actions would be a violation of auditor independence? a. Continuing on an audit assignment at a division for which the auditor will soon be responsible as the result of a promotion. b. Reducing the scope of an audit due to budget restrictions. c. Participating on a task force which recommends standards for control of a new distribution system. d. Reviewing a purchasing agent's contract drafts prior to their execution.
a. Continuing on an audit assignment at a division for which the auditor will soon be responsible as the result of a promotion.
3. Auditors realize that at times corrective action is not taken even when agreed to by the appropriate parties. This should lead an internal auditor to: a. Decide the extent of necessary follow-up work. b. Allow management to decide when to follow-up, since it is management's ultimate responsibility. c. Decide to conduct follow-up work only if management requests the auditor's assistance. d. Write a follow-up audit report with all findings and their significance to the operations.
a. Decide the extent of necessary follow-up work.
62. Which of the following statements regard ing the internal auditor's responsibility for detecting fraud in the environment described in the scenario above is not correct? The auditor should: a. Detect fraud if "red flags" are present in the environment. b. Have sufficient knowledge to correctly identify indicators that fraud may have been committed. c. Identify control weaknesses which could allow fraud to occur. d. Evaluate the indicators of fraud sufficiently to determine if a fraud investigation should take place.
a. Detect fraud if "red flags" are present in the environment.
51. The health care processor wishes to implement controls that would help prevent the type of fraud described in the prior question. Assume further that all the claims are submitted electronically to the health care processor. Which of the following control procedures would be the most effective? a. Develop a program which identifies procedures performed on an individual in excess of expectations based on: the age of the employee, whether a similar procedure was performed recently, or the average cost per claim. b. Require all submitted claims to be accompanied by a signed statement by the dentist testifying to the fact that the claimed procedures were performed. c. Send confirmations to the dentists requesting them to confirm the exact nature of the claims submitted to the health care processor. d. Develop an integrated test facility and submit false claims to verify that the system is detecting such claims on a consistent basis.
a. Develop a program which identifies procedures performed on an individual in excess of expectations based on: the age of the employee, whether a similar procedure was performed recently, or the average cost per claim.
59. Management is concerned that employee productivity and morale may be decreasing even though production workers are being paid more overtime wages. Which of the following audit procedures would be least effective in addressing this concern? a. Develop a schedule of employee pay and analyze changes in overtime pay. b. Develop a schedule of production per employee over the past two years stratified by production during standard work shifts and production during overtime periods. c. Take a statistical sample of employees and interview selected employees regarding their morale, productivity, and views on methods to improve efficiency. d. Obtain "best practices" production data from a comparable industry and identify areas of differences. Follow-up with interviews of production supervisors.
a. Develop a schedule of employee pay and analyze changes in overtime pay.
32. Which of the following would be permissible under the IIA Code of Ethics? a. Disclosing confidential, audit-related, information that is potentially damaging to the organization in a court of law in response to a subpoena. b. Using audit-related information in a decision to buy stock issued by the employer corporation. c. Accepting an unexpected gift from an employee whom you have praised in a recent audit report. d. Not reporting significant findings about illegal activity to the audit committee because management has indicated it will handle the issue.
a. Disclosing confidential, audit-related, information that is potentially damaging to the organization in a court of law in response to a subpoena.
70. The preliminary survey indicates that severe staff reductions at the audit location have resulted in extensive amounts of overtime among accounting staff. Department members are visibly stressed and very vocal about the effects of the cutbacks. Accounting payrolls are nearly equal to prior years and many key controls, such as segregation of duties, are no longer in place. The accounting supervisor now performs all operations within the cash receipts and posting process, and has no time to review and approve transactions generated by the remaining members of the department. Journal entries for the last six months since the staff reductions show increasing numbers of prior-month adjustments and corrections, including revenues, cost of sales, and accruals that had been misstated or forgotten during month-end closing activity. The auditor should: a. Discuss these findings with audit management to determine whether further audit work would be an efficient use of audit resources at this time. b. Proceed with the scheduled audit but add audit personnel based on the expected number of findings and anticipated lack of assistance from local accounting management. c. Research temporary help agencies and evaluate the cost and benefit of out-sourcing needed services. d. Suspend further audit work because the findings are obvious and issue the audit report.
a. Discuss these findings with audit management to determine whether further audit work would be an efficient use of audit resources at this time.
9. The following are potential sources of evidence regarding the effectiveness of the division's total quality management program. Assume that all comparisons are for similar time periods and duration and current items are compared with similar items before the implementation of the total quality management program. The least persuasive evidence would be a comparison of: a. Employee morale over the two time periods. b. Scrap and rework costs over the two time periods. c. Customer returns over the two time periods. d. Manufacturing and distribution costs per unit over the two time periods.
a. Employee morale over the two time periods.
23. An investment portfolio manager has the authority to use financial derivatives to hedge transactions but is not supposed to take speculative positions. However, the manager launches a scheme which includes: (1) taking a position larger than required by the hedge; (2) putting the speculative gains in a suspense account; and (3) transferring the funds to a non-existent broker and from there to a personal account. Which of the following audit procedures would be least effective in detecting this fraud? a. Examine individual trades to determine whether the trades violate the authorization limit for the manager. b. Sample individual trades and determine the exact matching of a hedge. Schedule and investigate all differences. c. Sample all debits to the suspense account and examine their disposition. d. Sample fund transfers to brokers and determine if the brokers are on the authorized list for company transactions.
a. Examine individual trades to determine whether the trades violate the authorization limit for the manager.
17. In applying the standards of conduct set forth in the Code of Ethics, internal auditors are expected to: a. Exercise their individual judgment. b. Compare them to standards in other professions. c. Be guided by the desires of the auditee. d. Use discretion in deciding whether to use them or not.
a. Exercise their individual judgment.
9. After noting some red flags, an auditor has an increased awareness that fraud may be present. Which of the following best describes the auditor's responsibility? a. Expand activities to determine whether an investigation is warranted. b. Report the possibility of fraud to top management and ask them how they would like to proceed. c. Consult with external legal counsel to determine the course of action to be taken, including the approval of the proposed audit program to make sure it is acceptable on legal grounds. d. Report the matter to the audit committee and request funding for outside specialists to help investigate the possible fraud.
a. Expand activities to determine whether an investigation is warranted.
39. Regarding Action 6, which of the following elements of the action would be considered a violation of the Standards? a. Failing to report the lack of criteria to appropriate level of management. b. Development a set of criteria to present to the auditee as a basis for evaluating the auditee's operations. c. Commenting on the agreed-upon criteria. d. All of the above.
a. Failing to report the lack of criteria to appropriate level of management.
36. Which of the following elements of Action 1 taken by the audit manager would be considered a violation of the Standards? I. The type of audits was changed before modifying the charter and going to the audit committee. II. Negative findings were omitted from the audit reports. III. Cost savings and recommendations were highlighted in the report. a. I and II. b. I and III. c. I only. d. II and III.
a. I and II.
67. Which of these statements should be in the condition section of the finding? a. I only. b. IV only. c. VI only. d. VII only.
a. I only
12. During the first meeting, a disagreement occurs over the approach taken regarding store compliance. The audit director for company B questions company A's extensive use of store compliance testing, stating that the approach is neither responsive to materiality concepts nor an appropriate application of risk assessment. Company A's audit director presents the following reasoning: I. You have misconstrued materiality. Materiality is not based only on the size of individual stores; it is also based on the control structure that affects the whole organization. 11. Any deviation from a prescribed control procedure is, by definition, material. III. The only way to ensure that a material amount of the company's control structure is covered is to comprehensively audit all stores. Which of the statements by the audit director of company A are valid? a. I only. b. I and II only. c. III only. d. I, II, and III.
a. I only.
42. Assume that the contract also states that the contractor must comply with all applicable environmental regulations because the government is responsible for fines for such regulations. The governmental auditor finds that the environmental protection agency has recently performed an environmental audit of the contractor and found numerous, but minor, deviations from current environmental law. However, there was one major item: the company was not meeting the standard for emissions into the atmosphere. The auditor contacts the environmental regulators and finds the company has acted responsibly. It has fixed all the minor findings and has approved a large capital expenditure to reduce the emission of toxic wastes into the air. Which of the following statements regarding these findings are correct? I. Materiality of the findings should be based on the potential amount of fines that could be imposed, not on the fact that most of the deviations were minor in nature. II. The auditor should report the problem with toxic emissions but should not report the other items because they were of a minor nature. III. Because the report will have a significant effect on the government, the auditor should report the toxic waste emissions only if the nature and type can be substantiated. a. I only. b. II only. c. I, II, and III. d. I and III only.
a. I only.
29. Assume the audit testing performed in question 28 indicates that the spreadsheet has correctly implemented the freight dispatching algorithm. Which of the following conclusions is justified from the audit evidence? I. The spreadsheet must be obtaining incorrect data when it is downloaded from the mainframe. II. Although the algorithm is correctly implemented, it is not the most efficient algorithm. III. The increased freight costs must be due to some other cause than the spreadsheet calculation. a. III only. b. I, II, and III. c. I and II. d. II only.
a. III only.
70. The standards of conduct set forth in the Code of Ethics: a. Provide basic principles in the practice of internal auditing. b. Are guidelines to assist internal auditors in dealing with auditees. c. Are rules that must be obeyed in all circumstances. d. Provide a general understanding of the responsibility of internal auditing.
a. Provide basic principles in the practice of internal auditing.
10. Monthly project reports compare actual costs to original budget estimates and compute variances. Project variations greater than 10 percent of budget require subsequent explanation and approval by the supervisor. Which of the following audit test(s) would the internal auditor use to determine whether the required procedure is being followed? I. Select a sample of over-budget explanations and test for subsequent approvals. II. Trace over-budget explanations to supporting monthly project reports. III. Use audit software to recompute monthly project report variances and totals. IV. Compare a sample of project variances to documented approvals and explanations. a. IV only. b. III and IV. c. I, II, and III. d. I and II only.
a. IV only.
59. During a regularly scheduled EDP audit of a major division, the EDP auditor discovers a complicated programming algorithm that adds costs to a cost-plus program billing the government. The amount added accounted for 95 percent of the net income for the division for the most recent year. Upon further investigation, the EDP auditor finds that only the marketing manager, the divisional manager, and the programmer know of the algorithm. The company has a separate section to investigate fraud. The auditor communicates with management and the special investigation section and the investigation is turned over to that group. However, after a month, it becomes apparent that senior management has instructed the group to "not make waves" and to drop the investigation. The internal audit department should: a. Immediately report the circumstances and the EDP auditor's findings to the audit committee. b. Immediately report the circumstances and the EDP auditor's findings to the appropriate governmental regulatory agency because the auditor cannot knowingly be a party to an illegal act. c. Take no further action. The nature of the fraud has been reported to the proper authorities within the company and the auditor has no power to pursue the investigation further. d. Report the findings to the external auditor because the external auditor should be aware of any material misstatement of account balances.
a. Immediately report the circumstances and the EDP auditor's findings to the audit committee.
56. Which one of the following is likely to be a concern in performing an assessment of an EDI purchasing system? a. Increased turnover of the information technology staff. b. Increased transaction volume. c. Increased competition in the market. d. Decreased competition in the market.
a. Increased turnover of the information technology staff.
24. An advantage of conducting environmental audits under the direction of the internal auditing department would be that: a. Independence and authority are already in place. b. Technical expertise is more readily available. c. The financial aspects are de-emphasized. d. Internal audit work products are confidential.
a. Independence and authority are already in place.
69. During the course of a bank audit, the auditors discover that one loan officer had approved loans to a number of related but separate organizations, in violation of regulatory policies. The loan officer indicated that it was an oversight and it would not happen again. However, the auditors believe it may have been intentional because the loan officer is related to one of the primary owners of the corporate group that controls the related organizations. The auditors should: a. Inform management of the conflict of interest and the violation of the regulatory requirements and suggest further investigation. b. Report the violation to the regulatory agency because it constitutes a significant breakdown of the bank's control structure. c. Not report the violation if the loan officer agrees to take corrective action. d. Expand the audit work to determine if there may be fraudulent activity on the part of the loan officer and report the findings to management when the follow-up investigation is complete.
a. Inform management of the conflict of interest and the violation of the regulatory requirements and suggest further investigation.
60. Follow-up activity may be required to ensure that corrective action has taken place for certain findings. The internal audit department's responsibility to perform follow-up activities as required should be defined in the: a. Internal auditing department's written charter. b. Mission statement of the audit committee. c. Engagement memo issued prior to each audit assignment. d. Purpose statement within applicable audit reports.
a. Internal auditing department's written charter.
62. During testing of the effectiveness of inventory controls, the auditor makes a note in the working papers that most of the cycle count adjustments for the facility involved transactions of the machining department. The machining department also had generated an extraordinary number of cycle count adjustments in comparison to other departments last year. The auditor should: a. Interview management and apply other audit techniques to determine whether transaction controls and procedures within the machining department are adequate. b. Do no further work because the concern was not identified by the analytical procedures designed in the audit program. c. Notify internal audit management that fraud is suspected. d. Place a note in the working papers to review this matter in detail during the next review.
a. Interview management and apply other audit techniques to determine whether transaction controls and procedures within the machining department are adequate.
50. Which of the following would not explain the decrease in cost of goods sold as a percentage of sales ratio? The division: a. Liquidated inventory in conjunction with a plan to bring its current ratio more in line with the industry average. b. Increased the selling price of its products by selling to less credit-worthy customers. c. Recorded subsequent year's sales in the current year, but adjusted inventory to actual goods on hand at year-end. d. Is incorrectly capitalizing certain production costs.
a. Liquidated inventory in conjunction with a plan to bring its current ratio more in line with the industry average.
41. Assume the contract with the defense contractor states that the government will not pay for costs associated with waste or inefficiency on the part of the contractor. Which of the following sources of evidence would be least persuasive regarding potential waste and inefficiency on the part of the contractor? a. Management certification that it has not incurred waste or inefficiencies that are not allowed in the contract. b. A walk-through of the contractor's manufacturing and development facilities. c. An examination of the nature of expenses incurred to determine their intent and relationship to the contract. d. A comparison of contract expense with that of similar projects in the past or similar projects with other companies.
a. Management certification that it has not incurred waste or inefficiencies that are not allowed in the contract.
54. When an office supply company is unable to fill an order completely, it marks the out-of-stock items as back ordered on the customer's order and enters these items in a back order file which management can view or print. Customers are becoming disgruntled with the company because it seems unable to keep track of and ship out-of-stock items as soon as they are available. The best approach for ensuring prompt delivery of out-of-stock items is to: a. Match the back order file to goods received daily. b. Increase inventory levels to minimize the number of times that out-of-stock conditions occur. c. Implement electronic data interchange with supply vendors to decrease the time to replenish inventory. d. Reconcile the sum of filled and back orders with the total of all orders placed daily.
a. Match the back order file to goods received daily.
52. An internal auditor has been assigned to audit a foreign subsidiary. The auditor is aware that the social climate of the country is such that "facilitating payments" (bribes) are often used to make things happen and are an accepted part of that society. The auditor has completed an audit of the division and has found significant weaknesses relating to important controls. The division manager offers the auditor a substantial "facilitating payment" to omit the audit findings from the audit report with a provision that the auditor could re-visit the division in six months so the auditor could verify that the problem areas had been properly addressed. The auditor should: a. Not accept the payment since such acceptance would be in conflict with the Code of Ethics. b. Not accept the payment, but omit the findings as long as there is a verification visit in six months. c. Accept the offer since it is consistent with the ethical concepts of the country in which the division is doing business. d. Accept the payment because it has the effect of doing the greatest good for the greatest number; the auditor is better off, the division is better off, and the organization is better off because there is strong motivation to correct deficiencies found by the auditor.
a. Not accept the payment since such acceptance would be in conflict with the Code of Ethics.
25. Which of the following procedures would be the least appropriate audit procedure to address these analytical findings? a. Note the explanation in the working papers for investigation during the next audit and perform no further work at this time. b. Develop a comparative analysis of auger expense over the past few years to determine if the relationship held in previous years. c. Take a sample of debits to the auger expense account and trace to independent shipping documents and to invoices for the augers. d. Arrange to take an inventory of augers to determine if the augers purchased this year were on hand and would be available for use in the next two years.
a. Note the explanation in the working papers for investigation during the next audit and perform no further work at this time.
28. As organizations become more computer integrated, management is becoming increasingly concerned with the quality of access controls to the computer system. Which of the following provides the most accountability? Option I. Option II. Option III. Option IV. Restrict Access by: Individuals Groups Individuals Departments Identify Computer Data at: Field Level Work- station Workstation Individual Record Level Restrict Access: Need to Know Right to Know Normal Processing by Employee Type Items Identified as Processed by Department Identify Users by: Password Password Key Access to Workstation, or Password on Workstation Departmental Password Limit Ability to: Delete, Add, or Modify Date Add or Delete Files Add, Delete, or Modify Date Stored at Work- station Add, Delete, or Modify Date Normally Processed by Department a. Option I. b. Option II. c. Option III. d. Option IV.
a. Option I.
64. Auditors have learned that increased computerization has created more opportunities for computer fraud, but has also led to the development of computer audit techniques to detect frauds. A type of fraud that has occurred in the banking industry is a programming fraud where the programmer designs a program to calculate daily interest on savings accounts to four decimal points. The programmer then truncates the last two digits and adds it to his or her account balance. Which of the following computer audit techniques would be most effective in detecting this type of fraud? a. Parallel Simulation. b. Generalized audit software which selects account balances for confirmation with the depositor. c. Snapshot. d. SCARF (Systems Control and Audit Review File).
a. Parallel Simulation.
48. A financial institution is overstating revenue by charging too much of each loan payment to interest income and too little to repayment of principal. Which of the following audit procedures would be least effective in detecting this error? a. Perform an analytical review by comparing interest income this period as a percentage of the loan portfolio with the interest income percentage for the prior period. b. Use an integrated test facility (ITF) and submit interest payments for various loans in the ITF portfolio to determine if they are recorded correctly. c. Use test data and submit interest payments for various loans in the test portfolio to determine if they are recorded correctly. d. Use generalized audit software to take a random sample of loan payments made during the period, calculate the correct posting amounts, and trace the postings that were made to the various accounts.
a. Perform an analytical review by comparing interest income this period as a percentage of the loan portfolio with the interest income percentage for the prior period.
56. Of the following management requests, which is within the normal audit scope as stated in the Standards? a. Perform an independent evaluation of management's planning process as a basis for making recommendations. b. Talk with banks to identify financing alternatives and negotiate contract alternatives which would be presented to management for their evaluation. c. Analyze financing alternatives and present the alternatives to the audit committee. d. Undertake a make-or-buy decision analysis to determine whether the company should sub-contract for part of its manufacturing versus adding capacity. Report the recommendation to management for approval.
a. Perform an independent evaluation of management's planning process as a basis for making recommendations.
59. The requirement that purchases be made from suppliers on an approved vendor list is an example of a: a. Preventive control. b. Detective control. c. Corrective control. d. Monitoring control.
a. Preventive control.
34. The auditor wishes to estimate the additional cost of the added security. Which of the following procedures would be the best first step in providing that evidence? Compare the total costs of computer security under the new contract with the total computer security costs: a. Previously incurred. b. Previously incurred, as a percent of total cost incurred. c. Of other governmental entities of similar size. d. Of each other entity managed by this outsourcer.
a. Previously incurred.
34. Which of the following describes a control weakness? a. Purchasing procedures are well designed and are followed unless otherwise directed by the purchasing supervisor. b. Prenumbered blank purchase orders are secured within the purchasing department. c. Normal operational purchases fall in the range from $500 to $ 1,000 with two signatures required for purchases over $1,000. d. The purchasing agent invests in a publicly traded mutual fund that lists the stock of one of the company's suppliers in its portfolio.
a. Purchasing procedures are well designed and are followed unless otherwise directed by the purchasing supervisor.
18. The auditor wants to determine if purchasing requirements have been updated for changes in production techniques. Which of the following audit procedures would be most effective in addressing the auditor's objective? a. Recalculate parts needed based on current production estimates and on the MRP for the revised production techniques. Compare these needs with purchase orders generated from the system for the same period. b. Develop test data to input into the LAN and compare purchase orders generated from test data with purchase orders generated from production data. c. Use generalized audit souftware to develop a report of excess inventory. Compare the inventory with current production volume. d. Take a sample of production estimates and MRP's for several periods and trace them into the system to determine that input is accurate.
a. Recalculate parts needed based on current production estimates and on the MRP for the revised production techniques. Compare these needs with purchase orders generated from the system for the same period.
40. The auditor has planned an audit of the effectiveness of the quality assurance function as it affects the receiving of goods, transfer of the goods into production, and the scrap costs related to defective items. The auditee argues that such an audit is not within the scope of the internal auditing function and should come only under the purview of the quality assurance department. What would be the most appropriate audit response? a. Refer to the audit department charter and the approved audit plan which includes the area designated for audit in the current time period. b. Since quality assurance is a new function, seek the approval of management as a mediator to set the scope of the audit. c. Indicate that the audit will only examine the function in accordance with the standards set by, and approved by, the quality assurance function before beginning the audit. d. Terminate the audit because an operational audit will not be productive without the auditee's cooperation.
a. Refer to the audit department charter and the approved audit plan which includes the area designated for audit in the current time period.
24. During the audit, the auditor's preliminary evidence indicated that the first concern (loans to the 10 largest customers) is not violated. However, upon further investigation of related parties and interlocking organizations, the auditor concludes that although there is not a technical violation, there is some likelihood that the bank may be in violation of the regulation because of loans to a number of related entities that in total exceeds the legal limits. The auditor should: a. Report the findings immediately to management and suggest that legal counsel review the regulations and the audit evidence gathered to date to determine if a violation has taken place. b. Informally notify management of the finding, but omit any mention of the problem in the formal audit report because the evidence is not persuasive. c. Report the findings to the regulatory agency and obtain their opinion on whether or not there is a violation. Include their opinion in the final audit report. d. Immediately issue an informal report to the audit committee because the findings reflect adversely on management.
a. Report the findings immediately to management and suggest that legal counsel review the regulations and the audit evidence gathered to date to determine if a violation has taken place.
69. Assume the perpetrators confessed to the auditors. What is the appropriate auditor action? a. Request the perpetrators sign the auditor's summary of the confession and include it in the working papers. Report the details to senior management for further action. b. Omit the documentation from the working papers because it is subjective, sensitive, and may become legal evidence. Report the details to management and have them request legal counsel to document the confession. c. Orally report the confession to management and suggest they report it to legal authorities because a crime was involved. Do not document. d. Inform the perpetrators of their rights, document their confession on tape, and inform the local legal authorities of the crime.
a. Request the perpetrators sign the auditor's summary of the confession and include it in the working papers. Report the details to senior management for further action.
9. Based on the previous information, which of the following preliminary conclusions can the auditor use as a basis for further investigations? a. Sales per store are directly related to the size of the store. b. Sales clerks are less productive in larger sized stores. c. Gross margin is directly related to the size of the store. d. a and c only.
a. Sales per store are directly related to the size of the store.
39. If an auditee's operating standards are vague and thus subject to interpretation, the auditor should: a. Seek agreement with the auditee as to the standards to be used to measure operating performance. b. Determine best practices in this area and use them as the standard. c. Interpret the standards in their strictest sense because standards are otherwise only minimum measures of acceptance. d. Omit any comments on standards and the auditee's performance in relationship to those standards, because such an analysis would be meaningless.
a. Seek agreement with the auditee as to the standards to be used to measure operating performance.
21. The best audit procedure to determine whether or not the company is meeting its objective of satisfying 95 percent of customer inquiries within 24 hours would be to: a. Select an attribute sample from the population of logged-in customer complaints and trace to records indicating its disposition, noting time and nature of disposition. b. Develop a customer satisfaction survey and send it to all customers, and include a question about the timeliness of service. c. Develop a customer satisfaction survey and send it to a statistically selected sample of customers based on mean-per-unit sampling and ask them to identify the time it took for the service department to satisfactorily address their problem. Calculate a mean and standard deviation. d. Select a mean-per-unit statistical sample from the total population base and trace the sample to the customer complaint log to determine whether or not 95 percent of the sample had their complaints addressed within 24 hours.
a. Select an attribute sample from the population of logged-in customer complaints and trace to records indicating its disposition, noting time and nature of disposition.
47. A bank internal auditor wishes to determine if loans that were not funded were rejected using criteria consistent with that contained in bank policies. All loan requests are initially processed by a lending officer. Those that the officer deems appropriate to be funded are forwarded to the lending committee for its approval. The most efficient audit procedure to address this objective would be to: a. Select an attribute sample of loans not funded and review the loan applications and the reasons for rejecting them. b. Select an attribute sample of loans that were funded, review the loan applications, and determine if the funded loans complied with bank policies. c. Take a sample of all loan applications, review the applications, and trace them to either a funded or rejected loan to determine if all actions taken were consistent with bank policies. d. Take a sample of loans presented to the lending committee for approval and determine if committee actions taken were consistent with bank policies.
a. Select an attribute sample of loans not funded and review the loan applications and the reasons for rejecting them.
58. Reporting a senior management and the board is an important part of the auditor's obligation. Which of the following items is not required to be reported to senior management and/or the board? a. Subsequent to the completion of an audit, but prior to the issuance of an audit report, the audit senior in charge of the audit was offered a permanent position in the auditee's department. b. An annual report summary of the department's audit work schedule and financial budget. c. Significant interim changes to the approved audit work schedule and financial budget. d. An audit plan was approved by senior management and the board. Subsequent to the approval, senior management informed the audit director not to perform an audit of a division because the division's activities were very sensitive.
a. Subsequent to the completion of an audit, but prior to the issuance of an audit report, the audit senior in charge of the audit was offered a permanent position in the auditee's department.
39. The auditor is concerned that retired employees are not receiving the correct benefits. Which of the following auditing procedures would be the least effective in addressing this concern? a. Take a sample of employees added to the retirement list for a specified time period, for example, a day or a week, and determine that they are scheduled for the appropriate benefits. b. Use an integrated test facility and submit transactions over a period of time to determine if the system is paying the appropriate benefits. c. Use generalized audit software to take a classical variables sample of retired employees on the database. Verify that all benefit payments are appropriate. d. Use generalized audit software to take a variables sample stratified on years since retirement and size of benefit payments. Verify that all benefit payments are appropriate.
a. Take a sample of employees added to the retirement list for a specified time period, for example, a day or a week, and determine that they are scheduled for the appropriate benefits.
7. The first phase of the risk assessment process is to identify and catalog and auditable activities of the organization. Which of the following would not be considered an auditable activity? a. The agenda established by the audit committee for one of its quarterly meetings. b. General ledger account balances. c. Computerized information systems. d. Statutory laws and regulations as they affect the organization.
a. The agenda established by the audit committee for one of its quarterly meetings.
63. An internal auditor plans to use an analytical review to verify the correctness of various operating expenses in a division. The use of an analytical review as a verification technique would not be a preferred approach if: a. The auditor notes strong indicators of a specific fraud involving this account. b. The company has relatively stable operations which have not changed much over the past year. c. The auditor would like to identify large, unusual, or non-recurring transactions during the year. d. The operating expenses vary in relation to other operating expenses, but not in relation to revenue.
a. The auditor notes strong indicators of a specific fraud involving this account.
27. Which of the following statements best describes aces auditor's responsibility for follow up activities related to a previous audit? a. The auditor should determine if corrective action has been taken and is achieving the desired results or if management or the board has assumed the risk of not taking the corrective action. b. The auditor should determine if manage¬ment has initiated corrective action, but the auditor has no responsibility to determine if the action is achieving the desired results. That determination is management's responsibility. c. The director of internal auditing is responsible for scheduling follow up activities only if directed to do so by senior management or the audit committee. Otherwise, follow up is entirely discretionary. d. None of the above.
a. The auditor should determine if corrective action has been taken and is achieving the desired results or if management or the board has assumed the risk of not taking the corrective action.
2. Assume that senior management has decided to accept the risk involved in failure to document the basis for lease-versus-purchase decisions involving company automobiles. In such a case, what would be the auditors' reporting obligation? a. The auditors have no further reporting responsibility. b. Management's decision and the auditors' concern should be reported to the company's Board of Directors. c. The auditors should issue a follow-up report to management clearly stating the rationale for the recommendation that the basis for lease-versus-purchase decisions be properly documented. d. The auditors should inform the external auditor and any responsible regulatory agency that no action has been taken on the finding in question.
a. The auditors have no further reporting responsibility.
16. Which of the following would explain all the changes in the analyses presented above? a. The company recorded fictitious sales during November and December, but did not credit inventory. b. There was a cutoff problem with January sales being recorded as November & December sales. c. The company re-billed items to customers as part of an extended terms program, but failed to issue the corresponding credit memo. The re-billed invoice, including cost of goods sold, was properly recorded. d. The company adopted a policy of extending credit to less credit-worthy customers during the last quarter of the year, but did not change sales prices.
a. The company recorded fictitious sales during November and December, but did not credit inventory.
34. Which of the following statements, if true, would contribute to the control effectiveness of the computerized environment described above? a. The company uses an automated access control program that identifies all users, data, and actions that can be taken by the users. b. All program changes are implemented only by the programmer responsible for coding the changes. c. All changes to the vendor database should be initiated by the purchasing agent responsible for purchasing the product lines furnished by the vendor. d. The receiving department should not have access to the purchase order information.
a. The company uses an automated access control program that identifies all users, data, and actions that can be taken by the users.
51. When the auditor called to arrange the annual control audit during the third quarter, the VAN stated that it could not accommodate the auditor since the peak processing period started earlier than normal this year and all VAN personnel were occupied. This scope limitation, along with its potential effect, must be communicated to which one of the following? a. The company's board of directors. b. The board of directors of the VAN. c. The board of directors of both the company and the VAN. d. This does not need to be reported at the board of directors level.
a. The company's board of directors.
15. The internal auditor is considering performing risk analysis as a basis for determining which areas of the organization ought to be examined. Which one of the following statements is correct regarding risk analysis? a. The extent to which management judgments are required in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis. b. The highest risk assessment should always be assigned to the area with the largest potential loss. c. The highest risk assessment should always be assigned to the area with highest probability of occurrence. d. Risk analysis must be reduced to quantitative terms in order to provide meaningful comparisons across an organization.
a. The extent to which management judgments are required in an area could serve as a risk factor in assisting the auditor in making a comparative risk analysis.
8. Auditors use a variety of indexing and cross-referencing methods in their audit workpapers. An internal auditing manager might devise a workpaper-indexing method tailored to a specific organization's needs. On the other hand, a government audit agency would devise one method for all organizations under the agency's jurisdiction. Which of the following best explains the reason for this difference between the two workpaper-indexing methods? a. The internal auditing manager devises a method which simplifies the review process within a particular organization, but the government audit agency devises one uniform method to simplify the review process of the vastly different organizations to be audited. b. The method of the internal auditing manager is prescribed by the Standards, but the method of the government audit agency is required by agency policy. c. The method of the internal auditing manager is prescribed by the Standards, but the method of the government audit agency is required by law. d. The internal auditing manager devises that method which is specified by the organization's audit committee, but the government audit agency devises one uniform method which is required by law.
a. The internal auditing manager devises a method which simplifies the review process within a particular organization, but the government audit agency devises one uniform method to simplify the review process of the vastly different organizations to be audited.
11. Which of the following would be the least important risk factor when considering the ability to integrate the two companies' computer systems? a. The number of programmers and systems analysts employed by each company. b. The extent of EDI connections with vendors. c. The compatibility of existing operating systems and database structures. d. The size of company databases and the number of database servers used.
a. The number of programmers and systems analysts employed by each company.
25. A company is considering purchasing a commercial property. Because of the location of the property and the known recent history of activities on the property, management has asked the internal audit department, in cooperation with company counsel, to provide a preliminary identification of any environmental liability that may be present. The strongest reason supporting management's decision to request such an investigation is: a. The potential for future liability may outweigh any advantages achieved by obtaining the property. b. Management will be able to pay a lower price for the property if environmental contamination can be identified. c. The current owner would be required by law to clean up all identified contamination before the sale is closed. d. Regulatory agencies require a purchaser to identify and disclose all actual and potential instances of contamination.
a. The potential for future liability may outweigh any advantages achieved by obtaining the property.
48. A new staff auditor has been assigned to an audit of the cash management operations of the organization. The staff auditor has no background in cash management and this is the auditor's first audit. Under which of the following conditions would the internal auditing department be in compliance with the Standards regarding knowledge and skills? a. The senior auditor is skilled in the area and closely supervises the staff auditor. b. The staff auditor performs the work and prepares a report which is reviewed in detail by the director of audit. c. Both a and b. d. Neither a or b.
a. The senior auditor is skilled in the area and closely supervises the staff auditor.
53. Which one of the following would not be included as a reason for the company to use EFT with the EDI system? a. To take advantage of the time lag associated with negotiable instruments. b. To allow the company to negotiate discounts with EDI vendors based upon prompt payment. c. To improve its cash management program. d. To reduce input time and input errors.
a. To take advantage of the time lag associated with negotiable instruments.
26. Which of the following control procedures would provide the greatest assurance that all donations to a nonprofit organization are immediately deposited to the organization's account? a. Use a lockbox to receive all donations. b. Perform periodic internal audits of the organization's cash receipts by tracing deposits to the original posting in the cash receipts records. c. Require that all donations be made by check. d. Require issuance of a confirmation receipt to all donors, with the receipt issued by the person who opens and deposits the cash receipts.
a. Use a lockbox to receive all donations.
65. The auditor suspects a disbursements fraud whereby an unknown employee(s) is submitting and approving invoices for payment. Before discussing the potential fraud with management, the auditor decides to gather additional evidence. Which of the following procedures would be most helpful in providing the additional evidence? a. Use audit software to develop a list of vendors with post office box numbers or other unusual features. Select a sample of those items and trace to supporting documents such as receiving reports. b. Select a sample of payments made during the year and investigate each one for approval. c. Select a sample of receiving reports representative of the period under investigation and trace to approved payment. Note any items not properly processed. d. Take a sample of invoices received during the past month; examine to determine if properly authorized for payment; and trace to underlying documents such as receiving reports.
a. Use audit software to develop a list of vendors with post office box numbers or other unusual features. Select a sample of those items and trace to supporting documents such as receiving reports.
30. The best procedure to determine whether the control procedure to limit the amount of purchases for a particular product line was working properly during the past year would be to: a. Use generalized audit software to prepare a list of purchases by product line. Compare the amounts with the authorized by the marketing manager. b. Submit test data to the program controlling purchases. (The amount of data entered should exceed the authorized purchases.) Examine the computer output. c. Use parallel simulation techniques to compute the amount of purchases authorized and compare it with the amount actually purchased. d. Implement a snapshot audit approach which will tag selected transactions and print them out with a listing of items arranged by purchasing agent.
a. Use generalized audit software to prepare a list of purchases by product line. Compare the amounts with the authorized by the marketing manager.
46. A bank internal auditor wishes to determine whether all loans are backed by sufficient collateral, properly aged as to current payments, and properly categorized as current or non-current. The best audit procedure to accomplish this objective would be to: a. Use generalized audit software to read the total loan file, age the file by last payment due, and take a statistical sample stratified by the current and aged population. Examine each loan selected for proper collateralization and aging. b. Take a block sample of all loans in excess of a specified dollar limit and determine if they are current and properly categorized. For each loan approved, verify aging and categorization. c. Take a discovery sample of all loan applications to determine whether each application contains a statement of collateral. d. Take a sample of payments made on the loan portfolio and trace them to loans to see that the payments are properly applied. For each loan identified, examine the loan application to determine that the loan has proper collateralization.
a. Use generalized audit software to read the total loan file, age the file by last payment due, and take a statistical sample stratified by the current and aged population. Examine each loan selected for proper collateralization and aging.
65. Which of the following audit procedures would be the best procedure to investigate this observation? a. Use generalized audit software to sort payments to recipients by social worker. Then sort the payments by common addresses and names. b. Implement an integrated test facility and monitor transactions throughout the year to identify unusual items. c. Implement the snapshot approach and tag transactions that are related to the social worker identified with the unusually large increases. d. Use generalized audit software to take a random sample of recipients and investigate by sending confirmations to each recipient to determine if they had received proper payments.
a. Use generalized audit software to sort payments to recipients by social worker. Then sort the payments by common addresses and names.
61. The transportation department for a large manufacturing company maintains its vehicle inventory and maintenance records in a database on a stand-alone microcomputer in the fleet supervisor's office. Which audit approach is most appropriate for evaluating the accuracy of the database information? a. Verify a sample of the records extracted from the database with supporting documentation. b. Submit batches of test transactions through the current system and verify with expected results. c. Simulate normal processing by using test programs. d. Use program tracing to show how, and in what sequence, program instructions are processed in the system.
a. Verify a sample of the records extracted from the database with supporting documentation.
37. Management has requested an audit of promotional expenses. The sales department has been giving away expensive items in conjunction with new product sales to stimulate demand. The promotion seems successful, but management believes the cost may be too high. Which of the following audit procedures would be the least useful to determine the effectiveness of the promotion? a. A comparison of product sales during the promotion period with sales during a similar non-promotion period. b. A comparison of the unit cost of the products sold before and during the promotion period. c. An analysis of marginal revenue and marginal cost for the promotion period, compared to the period before the promotion. d. A review of the sales department's reasons for believing that the promotion has been successful.
b. A comparison of the unit cost of the products sold before and during the promotion period.
45. In which of the following situations does the auditor potentially lack objectivity? a. An auditor reviews the procedures for a new electronic data interchange (EDI) connection to a major customer before it is implemented. b. A former purchasing assistant performs a review of internal controls over purchasing four months after being transferred to the internal auditing department. c. An auditor recommends standards of control and performance measures for a contract with a service organization for the processing of payroll and employee benefits. d. A payroll accounting employee assists an auditor in verifying the physical inventory of small motors.
b. A former purchasing assistant performs a review of internal controls over purchasing four months after being transferred to the internal auditing department.
15. A new product manager has proposed that the organization implement Electronic Data Interchange (EDI) with its 15 largest vendors. Automated cash register information on products sold would go to the vendors and the vendors would be allowed to ship products directly to the distribution center for attachment of price tags and distribution to the stores. Which of the following statements is true regarding this proposed change? (A correct response to this question may involve marking more than one answer.) a. Control would be decreased because goods received could not always be matched with individual purchase orders. b. A long-term contract specifying prices, maximum delivery amounts, and timing of deliveries would be an acceptable substitute for individual purchase orders. c. There is a greater probability that the company will have more obsolete inventory than it would have under the previous system. d. Profit and total sales should increase for the product lines involved.
b. A long-term contract specifying prices, maximum delivery amounts, and timing of deliveries would be an acceptable substitute for individual purchase orders. d. Profit and total sales should increase for the product lines involved.
64. A CIA is working in a non-internal audit position as the director of purchasing. The CIA signs a contract to procure a large order from the supplier with the best price, quality, and performance. Shortly after signing the contract, the supplier presents the CIA with a gift of significant monetary value. Which of the following statements regarding the acceptance of the gift is correct? a. Acceptance of the gift would be prohibited only if it were non-customary. b. Acceptance of the gift would violate the IIA Code of Ethics and would be prohibited for a CIA. c. Since the CIA is no longer acting as an internal auditor, acceptance of the gift would be governed only by the organization's code of conduct. d. Since the contract was signed before the gift was offered, acceptance of the gift would not violate either the IIA Code of Ethics or the organization's code of conduct.
b. Acceptance of the gift would violate the IIA Code of Ethics and would be prohibited for a CIA.
49. The division had a large increase in sales in the previous year (19X2). Which of the following hypotheses would the data support regarding the potential cause of the sales increase? The division: a. Reduced its selling price for most of its product line. b. Acquired another company and accounted for the purchase as a purchase transaction, not a pooling. c. Liquidated a substantial part of its older inventory. d. Sold off most of its intangible assets, realizing a profit on the sale.
b. Acquired another company and accounted for the purchase as a purchase transaction, not a pooling.
57. Which of the following factors might best indicate the possibility of fraudulent activity in the production process? a. Employee overtime has increased 50% during the past year. b. Although scrap is generated, there is no income reported from scrap sales. c. Interviews with employees indicate they have a general dissatisfaction with management and believe that productivity could be greatly improved if management listened to the employees. d. Inventory, per accounting records, has decreased at the same time that the cost of goods sold has increased.
b. Although scrap is generated, there is no income reported from scrap sales.
5. An auditor reviews and adapts a systems flowchart to understand the flow of information in the processing of cash receipts. Which of the following statements is true regarding the use of such flowcharts? The flowcharts: a. Show specific control procedures used, such as edit tests that are implemented and batch control reconciliations. b. Are a good guide to potential segregation of duties. c. Are generally kept up to date for systems changes. d. Show only computer processing, not manual processing.
b. Are a good guide to potential segregation of duties.
1. The primary purpose for performing a follow-up review is to: a. Ensure timely consideration of the internal auditors' recommendations. b. Ascertain that appropriate action was taken on reported findings. c. Allow the internal auditors to evaluate the effectiveness of their recommendations. d. Document what management is doing in response to the audit report and close the audit file in a timely manner.
b. Ascertain that appropriate action was taken on reported findings.
44. Which of the following combinations best illustrates a scope limitation and the appropriate response by the director of internal auditing? Nature of Limitation Intenal Auditing Action a. Auditee limits scope of audit based upon proprietary information. Report only to the Controller b. Auditee will not provide access to records needed for approved audit work plan. Report to the board c. Auditee requests that the audit be delayed for two weeks to allow them to close their books. Report directly to the CEO and controller d. Auditee will not allow auditor to contact major customers as part of a performance audit to measure efficiency of operations. No reporting needed since it is an operational audit.
b. Auditee will not provide access to records needed for approved audit work plan. Report to the board
19. Which of the following computerized control procedures would be most effective in ensuring that data uploaded from personal computers to a mainframe are complete and that no additional data are added? a. Self-checking digits to ensure that only authorized part numbers are added to the database. b. Batch control totals, including control totals and hash totals. c. Passwords that effectively limit access to only those authorized to upload the data to the mainframe computer. d. Field-level edit controls which test each field for alpha/numerical integrity.
b. Batch control totals, including control totals and hash totals.
6. Regarding item E, which of the following conclusions/audit actions is appropriate? a. There is no audit finding since the loan committee approved all of the loans. b. Before issuing a final audit report, the auditor should investigate to determine the reasons for the lack of documentation and timely submittal to the loan committee and include that analysis in the report. c. The auditor should include the audit findings in the report only if the auditor is able to determine the cause of the findings. d. Both b and c are correct.
b. Before issuing a final audit report, the auditor should investigate to determine the reasons for the lack of documentation and timely submittal to the loan committee and include that analysis in the report.
43. The Standards state that internal auditors are "responsible for continuing their education in order to maintain their proficiency." Which of the following is correct regarding the continuing education requirements of the practicing internal auditor? a. Internal auditors are required to obtain 40 hours of continuing professional development each year and a minimum of 120 hours over a three-year period. b. CIAs have formal requirements that must be met in order to continue as a CIA. c. Attendance, as an officer or committee member, at formal Institute of Internal Auditors meetings does not meet the criteria of continuing professional development. d. In-house programs meet continuing professional development requirements only if they have been pre-approved by The Institute of Internal Auditors.
b. CIAs have formal requirements that must be met in order to continue as a CIA.
26. An organization uses a database management system (DBMS) as a repository of data. The DBMS in turn supports a number of end-user developed applications which were created using fourth generation programming languages. Some of the applications update the database. In evaluating the control procedures over access and use of the database, the auditor would be most concerned that: a. End users have their read-only applications approved by data processing before accessing the database. b. Concurrency update controls are in place. c. End-user applications are developed and tested on microcomputers before being ported to the mainframe. d. A relational database model is adopted so that multiple users can be served at the same time.
b. Concurrency update controls are in place.
60. Without prejudice to your answers on the previous question, assume that the analysis shows unusually high sales and gross margin during the months of November and December and the auditor wishes to investigate further. Which of the following audit procedures would be most effective in analyzing whether or not fraudulent sales may have been recorded? a. Take a sample of shipping documents and trace to related sales invoice, noting that all items were properly billed. b. Confirm accounts receivable with large customers. c. Perform an analytical review comparing sales and gross margin with the previous 10 months and the first month of the following year. d. Use regression analysis techniques for the first ten months to estimate the sales and cost of goods sold for the last two months.
b. Confirm accounts receivable with large customers.
51. Today's internal auditor will often encounter a wide range of potential ethical dilemmas, not all of which are explicitly addressed by The Institute of Internal Auditors' Code of Ethics. If the auditor encounters such a dilemma, the auditor should always: a. Seek counsel from an independent attorney to determine the personal consequences of potential actions. b. Consider all parties affected and the potential consequences of actions, and take an action consistent with the objectives of internal auditing and the concepts embodied in The Institute of Internal Auditors' Code of Ethics. c. Seek the counsel of the audit committee before deciding on an action. d. Act consistently with the Code of Ethics adopted by the organization even if such action would not be consistent with The Institute of Internal Auditors' Code of Ethics.
b. Consider all parties affected and the potential consequences of actions, and take an action consistent with the objectives of internal auditing and the concepts embodied in The Institute of Internal Auditors' Code of Ethics.
60. As used by the internal auditing profession, the Standards refer to all of the following except: a. Criteria by which the operations of an internal audit department are evaluated and measured. b. Criteria which dictate the minimum level of ethical actions to be taken by internal auditors. c. Statements intended to represent the practice of internal auditing as it should be. d. Criteria that are applicable to all types of internal audit departments.
b. Criteria which dictate the minimum level of ethical actions to be taken by internal auditors.
8. The auditor plans an audit of the job retraining program to verify that the program complies with applicable grant provisions. One of the provisions is that the city adopt a budget for the program and subsequently follow procedures to ensure that the budget is adhered to and that only allowable costs are charged to the program. In performing an audit of compliance with this provision, the auditor should perform all of the following procedures except: a. Determine that the budget was reviewed and approved by supervisory personnel within the city. b. Determine that the budget was reviewed and approved by supervisory personnel within the granting agency. c. Select a sample of expenditures to determine that the expenditures are (1) properly classified as to type; (2) appropriate to the program; and (3) designed to meet the program's objectives. d. Compare actual results with budgeted results and determine the reason for deviations. Determine if such deviations have been approved by appropriate officials.
b. Determine that the budget was reviewed and approved by supervisory personnel within the granting agency.
59. If the auditor continued to suspect fraudulent recording of transactions to increase reported profits, which of the following audit procedures would be least effective? a. Take a physical inventory. b. Develop a schedule of inventory by month and investigate unusual fluctuations and gross margin by month. c. Investigate unusually high months of sales and gross margin by examining support for sales. d. Perform year-end sales and purchase cut-off tests.
b. Develop a schedule of inventory by month and investigate unusual fluctuations and gross margin by month.
64. Insurance companies are beginning to receive hospitalization claims directly from hospitals by computer media; no paper is transmitted from the hospital to the insurance company. Which of the following control procedures would be most effective in detecting fraud in such an environment? a. Use integrated test facilities to test the correctness of processing in a manner that is transparent to data processing. b. Develop monitoring programs to identify unusual types of claims or an unusual number of claims by demographic classes for investigation by the claims department. c. Use generalized audit software to match the claimant identification number with a master list of valid policy holders. d. Develop batch controls over all items received from a particular hospital and process those claims in batches.
b. Develop monitoring programs to identify unusual types of claims or an unusual number of claims by demographic classes for investigation by the claims department.
33. Assume the auditor finds a number of instances in which travel and entertainment reimbursements going to the president seem excessive and inconsistent with the charter of the organization. Before an audit report is issued, a front-page article appears in a major financial newspaper alleging that the president has been using the organization's funds for personal purposes. The auditor has enough information to confirm the allegations made in the newspaper article. The auditor is called by the newspaper and by a financial magazine in an attempt to confirm the facts. Which of the following would be the best response by the auditor? a. Respond truthfully and fully since the auditor is in a position to confirm the facts which concern the president, not the organization. b. Direct the inquiry to the audit committee or the board of directors. c. Provide information "off the record" so that the article does not state who gave the information. d. Respond that the investigation is not complete.
b. Direct the inquiry to the audit committee or the board of directors.
13. The audit director for company B decides to review selected store compliance audit reports issued by the internal audit department of company A. Upon reviewing the reports, the director comments that most items included in the report are inappropriate because they are very minor and cannot be considered material. The director states that such reports would not be tolerated by the management of company B. Which of the following assertions by the audit director of company A are valid? I. These are the kinds of reports we have provided since the company has been in operation, and they have served our company well. II. The reports are consistent with management's control philosophy and are an integral part of the overall control environment. III. Materiality is in the eyes of the beholder. Any deviation is considered material by my management. a. I only. b. II only. c. III only. d. II and Ill.
b. II only
17. Company A's audit director, who is also a CIA, faces an ethical dilemma. For an audit in process, persuasive evidence indicates that a top manager has been involved in insider trading. The extent and type of trading is such that the trading would be considered fraudulent. However, the finding was encountered as a side issue of another audit and is not considered relevant to the compatibility of the computer systems. Regarding this finding, which of the following is the audit director's most appropriate action? a. Discontinue audit work associated with the insider trading and report the preliminary findings to the company's external legal counsel for their investigation. Report the legal counsel findings to management. b. Discontinue audit work associated with the insider trading. Report the preliminary findings to the chairperson of the audit committee and recommend an investigation. c. Continue work on the insider trading sufficient to conclusively establish whether fraudulent activity has taken place, then report the findings to the chairperson of the audit committee. Report the matter to government officials if appropriate action is not taken. d. Discontinue audit work associated with the insider trading since it is not an integral part of the existing audit and the audit committee has established higher priority work far the auditors.
b. Discontinue audit work associated with the insider trading. Report the preliminary findings to the chairperson of the audit committee and recommend an investigation.
5. A controller became aware that a competitor appeared to have access to the company's pricing information. The internal auditor determined that the leak of information was occurring during the electronic transmission of data from branch offices to the head office. Which of the following controls would be most effective in preventing the leak of information? a. Asynchronous transmission. b. Encryption. c. Use of fiber-optic transmission lines. d. Use of passwords.
b. Encryption.
57. Governmental auditors have been increasingly called upon to perform audits to determine whether or not individuals are getting extra social welfare payments. One common type of welfare fraud is individuals receiving more than one social welfare payment. This is often accomplished by filing multiple claims under multiple names, but using the same address. Which of the following computer audit tools and techniques would be most helpful in identifying the existence of this type of fraud? a. Tagging and tracing. b. Generalized audit software. c. Integrated test facility. d. Spreadsheet analysis.
b. Generalized audit software.
35. Assuming that a high degree of security is needed, which of the following potential sources of evidence would also be relevant to the auditor's assessment of whether the governmental unit is being charged for computer security that exceeds the entity's needs? I. Comparison of the security system with best practices implemented for similar systems. II. Comparison of the security system with recent publications on state of the art systems. III. Tests of the functionality of the security system. a. II only. b. I and II only. c. III only. d. I, II, and III.
b. I and II only
19. If the data are correct, which of the following conclusions by the auditor is justified? I. The rate of customer complaints logged is decreasing. II. The number of service calls made at customer locations seems to be more closely related to the number of technicians than the number of customers complaints. III. The average sale of complementary services has remained about the same per customer. a. I, II, and III. b. I and II. c. II and III. d. II only.
b. I and II.
67. Which of the following statements correctly characterizes the "red flags" literature that has recently developed in the auditing profession? I. Red flags are items or actions that have been associated with fraudulent conduct. II. The auditor should document all red flags that may have been noted on an audit engagement. III. Many red flags are "subjective" in nature and might not come to the auditor's attention during the course of an audit that is properly planned and conducted in accordance with the Standards. a. I and II. b. I and III. c. II and III. d. III only.
b. I and III.
15. A manufacturing firm's inventory includes a significant investment in precious metals. The auditors' review of management's system of internal controls over these items most likely would include: I. Reviewing procedures to ensure that the value of the materials is properly stated on the balance sheet. II. Reviewing material acquisition forms for approvals, and tracing release forms to perpetual inventory records to verify that inventory is issued upon proper authorization. III. Observing inventory transactions to ascertain if material thefts are occurring. IV. Reviewing the manufacturing department's system for comparing the usage of these metals to standards. a. III and IV. b. I and IV. c. I only. d. II and III.
b. I and IV.
13. Obsolete or scrap materials are charged to a predefined project number. The material is segregated into specified bin locations and eventually transported to a public auction for sale. In order to reduce the risks associated with this process, a company would employ which of the following procedures? I. Require managerial approval for material to be declared scrap or obsolete. II. Permit employees to purchase obsolete or scrap material prior to auction. III. Limit obsolete or scrap material sales to a pre-approved buyer. IV. Specify that a fixed fee, rather than a commission, be paid to the auction firm. a. II and III. b. I only. c. II and IV. d. I, III, and IV.
b. I only.
31. It is often recognized that one control procedure by itself is not sufficient to achieve a particular control objective. One control objective is to ensure that purchase orders are made only by authorized purchasing agents, to authorized vendors, for authorized goods. Which of the following combination of control procedures would be necessary to accomplish this objective? I. Require passwords for each agent, and change the passwords periodically to make them difficult to guess. II. Require that authorized products be entered into the product database by someone independent of the purchasing function. III. Require that purchase agent functions be periodically rotated among purchasing agents. IV. Require that the authorized "vendor" database be maintained by someone independent of the purchasing function. a. I, II, and III. b. I, II, and IV. c. I only. d. I, II, III, and IV.
b. I, II, and IV.
55. An internal auditor was performing an operational audit of the purchasing and accounts payable system. The audit objective was to identify changes to processes that would improve efficiency and effectiveness. Which of the following statements support the auditor's recommendation that electronic data interchange (EDI) should be implemented within a company? I. There is a small number of transactions. II. There is a time-sensitive just-in-time purchase environment. III. There is a large volume of custom purchases. IV. There are multiple transactions with the same vendor. a. I only. b. II and IV only. c. I and III. d. II, III, and IV.
b. II and IV only.
13. Which of the following represents appropriate internal audit action in response to the risk assessment process? I. The low risk areas may be delegated to the external auditor, but the high risk areas should be performed by the internal auditing function. II. The high risk areas should be integrated into an audit plan along with the high priority requests of management and the audit committee. III. The risk analysis should be used in determining an annual audit work plan, therefore the risk analysis should be performed only on an annual basis. a. I only. b. II only. c. III only. d. I and II only.
b. II only
68. Which of these statements should be in the cause section of the finding? a. I only. b. II only. c. VI only . d. VII only.
b. II only
16. In analyzing the differences between the two companies, the audit director of company A notes that company A has a formal corporate code of ethics while company B does not. The code of ethics covers such things as purchase agreements and relationships with vendors as well as a host of other issues to guide individual behavior within the firm. Which of the following statements regarding the existence of the code of ethics in company A can be logically inferred? I. Company A exhibits a higher standard of ethical behavior than does company B. II. Company A has established objective criteria by which an individual's actions can be evaluated. III. The absence of a formal corporate code of ethics in company B would prevent a successful audit of ethical behavior in that company. a. 1 and II. b. II only. c. III only. d. II and III.
b. II only.
3. Assume with regard to item B, the vice president asks the loan committee to review the loans on an after-the-fact basis. Assume further, upon this subsequent review, the loan committee approves the loans on the after-the-fact basis. Which of the following conclusions would be correct regarding the reporting of the audit finding in the auditor's report? I. The sample deviation rate would drop to 0%. II. The item should still be reported in the audit report because it wasn't approved in a timely manner in accordance with company policies. III. The item should be reported as a non-deviation because subsequent action validated the vice president's approach. a. I only. b. II only. c. III only. d. I, I, and III.
b. II only.
12. The director of internal auditing for an organization has just completed a risk assessment process, identified the areas with the highest risks, and assigned an audit priority to each. Which of the following conclusions logically follow from such a risk assessment and are consistent with the Standards? I. Items should be quantified as to risk in the rank order of quantifiable dollar exposure to the organization. II. The risk priorities should be in order of major control deficiencies. III. The risk process, though quantified, is the result of professional judgments about both exposures and probability of occurrences. a. I only. b. III only. c. II and III only. d. I, II, and III.
b. III only.
47. Assume the auditor found that there was a plan to overstate inventory and therefore increase reported profits for the division. If reported correctly, the division would not have shown an increase in net income. The auditor has substantial evidence that the divisional manager was aware of, and approved the plan to overstate inventory. There is also some evidence that the manager may have been responsible for the implementation of the plan. The appropriate audit action would be to: a. Continue to conduct interviews with subordinates until a clear-cut case is made. Then report the case to the audit committee. b. Inform management and the audit committee of the findings and discuss proper follow-up action and/or further investigation with them. c. Inform the divisional manager of the audit suspicions and obtain the manager's explanation of the findings before pursuing the matter further. d. Document the case thoroughly and report the suspicions to the external auditor for further review and external reporting.
b. Inform management and the audit committee of the findings and discuss proper follow-up action and/or further investigation with them.
55. During the course of an audit, the auditor makes a preliminary determination that a major division has been inappropriately capitalizing research and development expense. The audit is not yet completed and the auditor has not documented the problem or determined that it really is a problem. However, the auditor is informed that the director of internal auditing has received the following communication from the president of the company: "The controller of Division B informs me that you have discovered a questionable account classification dealing with research and development expense. We are aware of the issue. You are directed to discontinue any further investigation of this matter until informed by me to proceed. Under the confidentiality standard of your profession, I also direct you not to communicate with the outside auditors regarding this issue." Which of the following would be an appropriate action for the director to take regarding the questionable item? a. Immediately report the communication to The Institute of Internal Auditors and ask for an ethical interpretation and guidance. b. Inform the president that this scope limitation will need to be reported to the chairperson of the audit committee. c. Continue to investigate the area until all the facts are determined and document all the relevant facts in the audit workpapers. d. Immediately notify the external auditors of the problem to avoid aiding and abetting a potential crime by the organization.
b. Inform the president that this scope limitation will need to be reported to the chairperson of the audit committee.
67. Auditors regularly evaluate controls and control procedures. Which of the following best describes the concept of control as recognized by internal auditors? a. Management regularly discharges personnel who do not perform up to expectations. b. Management takes action to enhance the likelihood that established goals and objectives will be achieved. c. Control represents specific procedures that accountants and auditors design to ensure the correctness of processing. d. Control procedures should be designed from the "bottom up" to ensure attention to detail.
b. Management takes action to enhance the likelihood that established goals and objectives will be achieved.
45. Which of the following analytical review procedures would provide the most insight into the reasonableness of the increase in health care costs? a. Develop a comparison of the costs incurred with similar costs incurred by other companies. b. Obtain the government index of health care costs for the comparable period of time and compare the rate of increase with that, of the cost per employee incurred by the company. c. Obtain a bid from another health care administrator to provide the same administrative services as the current health care administrator. d. Develop a comparison of overall health insurance costs incurred by the company with similar costs incurred by companies in the same industry.
b. Obtain the government index of health care costs for the comparable period of time and compare the rate of increase with that, of the cost per employee incurred by the company.
6. The auditor wants to understand the actual flow of data regarding cash processing. The most convincing evidence would be obtained by: a. Reviewing the systems flowchart. b. Performing a "walk-through" of the processing and obtaining copies of all documents used. c. Reviewing the programming flowchart for evidence of control procedures placed into the computer programs. d. Interviewing the treasurer.
b. Performing a "walk-through" of the processing and obtaining copies of all documents used.
42. A small city managed its own pension fund. According to city charter, the funds could be invested in bonds, money market funds, or high quality stocks only. The auditor has already verified the existence of the pension fund assets. The fund balance was not very large and was managed by the City Treasurer. The auditor decided to estimate income from investments for the fund by multiplying the average fund balance by a weighted average return based on the current portfolio mix. Upon doing so, the auditor found that recorded income was substantially less than was expected. The auditor's next audit step should be to: a. Inquire of the treasurer as to the reason that income appears to be less than expected. b. Prepare a more detailed estimate of income by consulting a dividend and reporting service which lists the interest or dividends paid on specific stocks and bonds. c. Inform management and the audit committee that fraud is suspected and suggest that legal counsel be called in to complete the investigation. d. Select a sample of entries to the pension fund income account and trace to the cash journal to determine if cash was received.
b. Prepare a more detailed estimate of income by consulting a dividend and reporting service which lists the interest or dividends paid on specific stocks and bonds.
61. Which of the following audit procedures would be most effective in determining whether material fraud was taking place? a. Take a random sample of cash disbursements and trace to approved purchase orders and receiving slips. b. Reconcile the perpetual inventory to the general ledger and investigate any differences. c. Take a random sample of purchase orders. Trace each purchase order to a receiving slip, vendor invoice, and approval by the accounts payable department. d. Perform an analytical review of inventory by product line to determine whether a particular product line has increased. Inquire of the purchasing agent as to the reason for the inventory increase.
b. Reconcile the perpetual inventory to the general ledger and investigate any differences.
61. The director of internal auditing has been appointed to a committee to evaluate the appointment of the external auditors. The engagement partner for the external accounting firm wants the director to join him for a week of hunting at his private lodge. The director should: a. Accept, assuming both their schedules allow it. b. Refuse on the grounds of conflict of interest. c. Accept as long as it is not charged to company time. d. Ask the comptroller if this would be a violation of the company's code of ethics.
b. Refuse on the grounds of conflict of interest.
4. Regarding item C, which of the following actions would be inappropriate on the part of the auditor? a. Examine the loans to determine if there is a pattern of the loans to companies. Summarize amounts and include in the audit report. b. Report the amounts of the loan committee and leave it up to them to correct. Take no further follow-up action at this time and do not include the items in the audit report. c. Follow up with the vice president and include the vice president's acknowledgement of the situation in the audit report. d. Determine amount of differences and make an assessment as to whether or not the dollar differences are material. If the amount are not material, not in violation of government regulations, and can be rationally explained, omit the finding from the audit report.
b. Report the amounts of the loan committee and leave it up to them to correct. Take no further follow-up action at this time and do not include the items in the audit report.
55. Management has requested the audit department to conduct an audit of the implementation of its recently developed company code of conduct. In preparing for the audit, the auditor reviews the newly developed code and compares it with several others for comparable companies and concludes that the newly developed code has severe deficiencies. Based on this conclusion, the auditor should: a. Plan an audit for the implementation of management's code of conduct and also for compliance with the "best practices" from the other codes since this represents the best available criteria. b. Report the nature of the deficiencies in a formal report to management. c. Inform management of the problems with the existing code and report that it would be inappropriate to conduct an audit until the code is revised to incorporate the "best practices" from industry. d. Conduct the audit as requested by management, reporting only noncompliance with the code.
b. Report the nature of the deficiencies in a formal report to management.
36. The automated system contains a table of pay rates which is matched to the employee job classifications. The best control to ensure that the table is updated correctly for only valid pay changes would be to: a. Limit access to the data table to management and line supervisors who have the authority to determine pay rates. b. Require a supervisor in the department, who does not have the ability to change the table, to compare the changes to a signed management authorization. c. Ensure that adequate edit and reasonableness checks are built into the automated system. d. Require that all pay changes be signed by the employee to verify that the change goes to a bona fide employee.
b. Require a supervisor in the department, who does not have the ability to change the table, to compare the changes to a signed management authorization.
13. A manufacturing firm uses large quantities of small inexpensive items such as nuts, bolts, washers, and gloves in the production process. As these goods are purchased, they are recorded in inventory in bulk amounts. Bins are located on the shop floor to provide timely access to these items. When necessary the bins are refilled from inventory, and the cost of the items is charged to a consumable supplies account, which is part of shop overhead. Which of the following would be an appropriate improvement to controls in this environment? a. Relocate bins to the inventory warehouse. b. Require management review of reports on the cost of consumable items used in relation to budget. c. Lock the bins during normal working hours. d. None of the above controls are needed for items of minor cost and size.
b. Require management review of reports on the cost of consumable items used in relation to budget.
14. A manufacturing firm uses large quantities of small inexpensive items such as nuts, bolts, washers, and gloves in the production process. As these goods are purchased, they are recorded in inventory in bulk amounts. Bins are located on the shop floor to provide timely access to these items. When necessary the bins are refilled from inventory, and the cost of the items is charged to a consumable supplies account, which is part of shop overhead. Which one of the following would be an appropriate improvement to controls in this environment? a. Relocate bins to the inventory warehouse. b. Require management review of reports on the cost of consumable items used in relation to budget. c. Lock the bins during normal working hours. d. None of the above controls are needed for items of minor cost and size.
b. Require management review of reports on the cost of consumable items used in relation to budget.
31. A payroll clerk with authorized access to the local area network (LAN) was able to directly update personnel files independent of the application programs. The best control to prevent a clerk from doing this would be to: a. Restrict access to LAN workstations by such means as automatic lock-up after a predefined period of keyboard inactivity. b. Restrict access to and monitor installation of software products or tools having powerful update capabilities. c. Use password security to authenticate users as they attempt to log on to the LAN. d. Establish a security policy for the department that prohibits direct updating of data files.
b. Restrict access to and monitor installation of software products or tools having powerful update capabilities.
23. Which of the following procedures would provide the best evidence of the effectiveness of a credit-granting function? a. Observe the process. b. Review the trend in receivables write-offs. c. Ask the credit manager about the effectiveness of the function. d. Check for evidence of credit approval on a sample of customer orders.
b. Review the trend in receivables write-offs.
52. Because the VAN did not provide the auditor with access to its system, that portion of the audit program was not completed. Which one of the following should not be done by the auditor? a. Include the scope limitation in the final report. b. Rewrite the audit program to eliminate the step. c. Obtain the approval of the internal audit director. d. Document the VAN's actions in the workpapers.
b. Rewrite the audit program to eliminate the step.
45. It is November and the audit manager is finalizing plans for a year-end audit of the division. Based on the above data, the audit procedure with highest priority would be to: a. Select sales transactions and trace shipping documents to entries into cost of goods sold to determine if all shipments were recorded. b. Schedule a complete count of inventory at year-end and have the auditor observe and test the year-end inventory. c. Schedule a complete investigation of the standard cost system by preparing cost buildups of a sample of products. d. Schedule a year-end sales cutoff test.
b. Schedule a complete count of inventory at year-end and have the auditor observe and test the year-end inventory.
23. Which of the following audit procedures ought to be included as part of the audit program to address the specific audit concerns identified above? a. Send confirmations to the 10 largest customers to determine the collectibility of the account balances. b. Select a random sample of all loans over $100,000 and examine supporting documentation to determine if the documentation is in compliance with the applicable regulations. c. Use audit software to prepare an aging of the loans receivable to determine if a proper allowance for uncollectible accounts has been recorded. d. All of the above.
b. Select a random sample of all loans over $100,000 and examine supporting documentation to determine if the documentation is in compliance with the applicable regulations.
18. The auditor sends positive confirmations to the 10 largest customers and to randomly selected other customers. Of the 10 largest customers, eight respond that they do not confirm accounts receivable. In following up on the response of the eight customers who indicated they would not respond, which of the following procedures would not be required? a. Trace subsequent cash collections from customer to the open account balance noting that the receipt is applicable to the open account items. b. Send second requests to the customers pointing out the need to respond to positive confirmations. c. Examine credit memos issued after year-end to determine if they were for goods & services that had been returned before year-end, or for adjustments to the year-end balance. d. Trace any remaining open items to underlying supporting documents, especially to shipping documents.
b. Send second requests to the customers pointing out the need to respond to positive confirmations.
22. The auditor wishes to investigate whether the number of service calls is based more on the number of service technicians than on the number of complaints that actually merit service. The following are four audit procedures which would be performed in sequence. Indicate when the auditor should have sufficient evidence to reach a conclusion on the assertion. Step 1: Perform an analytical review by comparing the number of service calls per service technician and determine the average number of calls per year by technician. Step 2: Obtain the customer complaint backlog file and determine the extent to which there is a backlog of service complaints that need to be addressed. Calculate an average number of backlogged complaints per technician. Step 3: Send a confirmation to all customers who are shown on the backlog of complaints requesting information on the length of time for the backlog. Step 4: Based on the customer's response in step 3, calculate an average number of backlog complaints and determine the number of new service technicians that would have to be added to address the complaints. The audit assertion would be sufficiently addressed when the following steps are completed. a. Step 1. b. Steps 1 and 2. c. Steps 1, 2, and 3. d. Steps 1, 2, 3, and 4.
b. Steps 1 and 2.
6. During an audit of cash controls, an auditor compared a sample of cash receipts lists with (1) the total of daily cash receipts journal entries, and (2) daily bank deposit slip amounts. The comparison revealed that: * each cash receipts list equaled cash journal entry totals but not daily bank deposit amounts. * totals for cash receipts lists equaled bank deposit totals in the long run. To support a finding that "Cash receipts are not deposited intact daily," the above evidence is: a. Sufficient, but not competent or relevant. b. Sufficient, competent, and relevant. c. Not sufficient, competent, or relevant. d. Relevant, but not sufficient or competent.
b. Sufficient, competent, and relevant.
22. The organization sells its homes with a 10-year warranty against defects and has chosen to insure the warranty costs itself. The auditor is concerned that the organization may be understating these warranty costs by making optimistic assumptions regarding the number of defects, costs of repairs, and so forth. The warranty expense is accrued when the sale is made. Which of the following audit procedures would be least helpful in assisting the auditor in addressing these concerns? a. Compare total warranty costs as a percentage of revenue with similar figures for other building companies in the region. Investigate differences. b. Take a sample of the debits to warranty expense and trace to purchases of building materials to verify the correct posting of the account. c. Take a sample of warranty claims and trace to account charged. d. Take a sample of warranty claims and send a questionnaire to the home owner to determine the satisfaction with the warranty repairs.
b. Take a sample of the debits to warranty expense and trace to purchases of building materials to verify the correct posting of the account.
61. The auditor has not yet performed any detailed audit work. Based on the information given, the most appropriate action for the auditor to take would be to: a. Report the items to divisional management and ask for their explanation before determining whether to include the findings in an audit report. b. Take a sample of the items on hand and trace to underlying documents, such receiving reports and sales orders, to determine how the goods were handled. c. Write the finding up, but do not perform any additional work without the approval of the director of internal auditing because it is clearly a scope expansion. d. Take an inventory of the goods on hand so the dollar amount could be excluded in the audit report along with the explanation of the problem.
b. Take a sample of the items on hand and trace to underlying documents, such receiving reports and sales orders, to determine how the goods were handled.
29. Contributions to a nonprofit organization have been constant for the past three years. The audit committee has become concerned that the president may have embarked on a scheme in which some of the contributions from many sustaining members have been redirected to other organizations. The audit committee suspects that the scheme may involve taking major contributions and depositing them in alternative accounts or soliciting contributions to be made in the name of another organization. Which of the following audit procedures would be most effective in detecting the existence of such a fraud? a. Use generalized audit software to take a sample of pledged receipts not yet collected and confirm the amounts due with the donors. b. Take a sample which includes all large fonors for the past three years and a statistical sample of thers and request a confirmation of total contributions made to the organization or to affiliated organizations. c. Take a discovery sample of cash receipts and confirm the amounts of the receipts with the donors. Investigate any differences. d. Use analytical review procedures to compare contributions generated with those of other comparable institutions over the same period of time. If the amount is significantly less, take a detailed sample of cash receipts and trace to the bank statements.
b. Take a sample which includes all large fonors for the past three years and a statistical sample of thers and request a confirmation of total contributions made to the organization or to affiliated organizations.
35. The auditor wants to gain assurance that all telephone orders received were shipped and billed in a timely fashion. Which of the following audit procedures would be most effective in meeting the auditor's objective? a. Use an integrated test facility (ITF) and submit product orders to the ITF. Compare the prices invoiced to the prices in the most recent catalog. Determine that all submitted items were shipped. b. Take the computer log of incoming orders and use generalized audit software to compare order date to invoice and shipping date in the sales invoice file. c. Use test data to generate batch control totals. Trace the batch controls totals from the items submitted to the sales invoice file generated for the test data. d. Use generalized audit software to randomly select a sample to sales invoices and have the software match the items selected to the log of transactions maintained for all incoming orders.
b. Take the computer log of incoming orders and use generalized audit software to compare order date to invoice and shipping date in the sales invoice file.
56. It is important that the auditor be able to carefully distinguish between a scope limitation and other limitations on the audit. According to the Standards, which of the following would not be considered a scope limitation? a. The divisional management of an auditee has indicated that the division is in the process of converting a major computer system and has indicated that the EDP portion of the planned audit will have to be postponed until next year. b. The audit committee reviews that audit plan for the year and deletes an audit that the director thought was important to conduct. c. The auditee has indicated that certain customers cannot be contacted because the organization is in the process of negotiating a long-term contract with the customers and they do not want to upset the customers. d. None of the above.
b. The audit committee reviews that audit plan for the year and deletes an audit that the director thought was important to conduct.
54. A new staff auditor was told to perform an audit in an area with which the auditor was not familiar. Because of time constraints, there was no supervision of the audit. The auditor was given the assignment because if represented a good learning experience, but the area was clearly beyond the auditor's competence. Nonetheless, the auditor prepared comprehensive working papers and reported the results to management. In this situation: a. The audit department violated the Standards by hiring an auditor without proficiency in the area. b. The audit department violated the Standards by not providing adequate supervision. c. The director of internal auditing has not violated the Code of Ethics since the code does not address supervision. d. The Standards and the Code of Ethics were followed by the audit department.
b. The audit department violated the Standards by not providing adequate supervision.
23. Which of the following hypotheses is warranted from the preliminary data and should be considered by the auditor in determining the scope of the audit for 1995? a. The division is using its work force more efficiently than it had in the two previous years. b. The division is building higher quality houses than in previous years. c. An unusually large part of recorded income in 1995 is due to accrued revenue for jobs in progress. d. The market share growth must be primarily due to increased marketing efforts since the cost of the homes are consistent with the home building price materials index.
c. An unusually large part of recorded income in 1995 is due to accrued revenue for jobs in progress.
21. A consultant's employees will be working on an organization's property using heavy equipment to handle potentially hazardous materials. Although it is believed that the consultant selected is technically competent, which of the following is a control which would best ensure that the consultant performs the work in accordance with applicable environmental, safety, and health regulations? a. The contract with the consultant should require that all work be performed in accordance with applicable environmental, safety, and health regulations. b. The consultant should be required to prepare and submit regular reports over the duration of the project demonstrating that employees have been trained, that they are aware of hazards, and that the work area is inspected regularly for practices potentially unsafe or harmful to the environment. c. The organization should provide oversight by calling in regulatory agencies to inspect the work site and review certain records (e.g., injury and illness logs, training records, waste transfer documents), thereby providing assurance about the effectiveness of the consultant's controls. d. The organization should make sure that the consultant has a current copy on site of all applicable environmental, safety, and health regulations and that all employees have read them.
b. The consultant should be required to prepare and submit regular reports over the duration of the project demonstrating that employees have been trained, that they are aware of hazards, and that the work area is inspected regularly for practices potentially unsafe or harmful to the environment.
48. You have been asked to be a member of a peer review team. In assessing the independence of the internal audit department being reviewed, you should consider all of the following factors except: a. Access to and frequency of communications with the board of directors or its audit committee. b. The criteria of education and experience considered necessary when filling vacant positions on the audit staff. c. The degree to which auditors assume operating responsibilities. d. The scope and depth of audit objectives for the audits included in the review.
b. The criteria of education and experience considered necessary when filling vacant positions on the audit staff.
65. An organization was in the process of establishing its new internal audit department. The controller had no previous experience with internal auditors. Due to this lack of experience, the controller advised the applicants that they would be reporting to the external auditors. However, the new director of internal audit would have free access to the controller to report anything important. The controller would convey the director's concerns to the board of directors. Which of the following is true? a. The internal audit department will be independent because the director has direct access to the board of directors. b. The internal audit department will not be independent because the director reports to the external auditors. c. The internal audit department will not be independent because the controller has no experience with internal auditors. d. The internal audit department will not be independent because the company did not specify that the applicants must be Certified Internal Auditors.
b. The internal audit department will not be independent because the director reports to the external auditors.
10. Which one of the following statements is not correct regarding the auditor's further analysis? a. The Mid-Central Region has fewer average full-time equivalent employees per store than the other regions per store. b. The other regions all generate higher sales per square foot than the Mid-Central Region. c. The Mid-Central Region has the highest average wages per full-time equivalent employee. d. The largest contributor to total corporate profits is the Southwest Region.
b. The other regions all generate higher sales per square foot than the Mid-Central Region.
62. The auditor is responsible for evaluating the control structure to determine if the structure would allow for undetected fraud. Based on the above scenario, the most likely undetected fraud, if any, would be: a. The purchasing agent could be purchasing the majority of products from a favorite vendor since rotation among purchasing agents is not mandatory. b. The purchasing agents could be sending fake purchase orders to a dummy vendor, inserting a receiving slip, and having payments made to the dummy vendor. c. The receiving department could be diverting receipts to different locations and failing to create receiving reports. d. The production department could be deflating the price of products purchased and thereby increasing the reporting gross margin of sales.
b. The purchasing agents could be sending fake purchase orders to a dummy vendor, inserting a receiving slip, and having payments made to the dummy vendor.
51. The current ratio increased during the past year while the quick ratio decreased. Which of the following explanations would best explain the reason that the current ratio increased while the quick ratio decreased? a. A substantial increase in accounts payable which affects the current ratio but not the quick ratio. b. The significant buildup of inventory. c. The substantial increase in accounts receivable. d. The large increase in the amount of intangible assets which affects the current ratio, but not the quick ratio.
b. The significant buildup of inventory.
14. One auditor has suggested that each audit department conduct an audit of consumer satisfaction that would include an analysis of: (1) customer complaints recorded by the customer service department during the last three months; (2) merchandise returned in the last three months; and (3) responses to a survey of customers who made purchases in the last three months. Which of the following statements regarding this audit approach is correct) a. Although useful, such an audit does not address risk factors and would thus not be compatible with the audit committee directives. b. The survey would not consider customers who did not make purchases in the last three months. c. Parts 1 and 2 of the audit plan discussed above would not be necessary, or cost effective, if a comprehensive customer survey was developed. d. None of the above.
b. The survey would not consider customers who did not make purchases in the last three months.
47. Assume that the auditor wishes to test whether the health care processor is meeting contract requirements regarding the proper payment or denial of employee claims. The best audit approach would be to take a sample of: a. Employees and interview them regarding their health care experiences with proper and timely payment by the health care processor. b. Claims paid by the health care processor and determine whether all the payments were proper. c. Claims filed with the health care processor and determine whether they were either appropriately paid or denied. d. Claims paid by the health care processor and engage an outside expert to analyze whether the claims were appropriately processed.
c. Claims filed with the health care processor and determine whether they were either appropriately paid or denied.
7. To better monitor the performance of operating management, executive management has requested that the internal auditors examine interim financial statements which are prepared for internal use only. Although interim financial statements have been prepared for several years, this will be the first time that the internal auditors have been involved. The primary reason for this request was that executive management was surprised at the lower than anticipated net income eventually reflected in last year's audited financial statements. Earnings had been artificially manipulated on quarterly financial statements. In their work on this year's interim financial statements, internal auditors are likely to focus on which of the following? a. Whether payables have been accrued properly at the end of the interim period. b. The timing of revenue recognition and the valuation of inventories. c. Whether accounting estimates are reasonable given past actual results. d. Whether there have been changes in accounting principles that materially affect the financial statements.
b. The timing of revenue recognition and the valuation of inventories.
27. When the labor cost accounting component of the application was first implemented, it did not meet certain business requirements in the department and had to be substantially rewritten. Which one of the following risks associated with EUC application development could have led directly to this result? a. End-user applications may not receive the independent testing associated with randitional development. b. There may be insufficient review and analysis of user needs when user and analyst unctions are no longer separate. c. End-user applications may not be adequately documented to facilitate review. d. Segregation of duties would be inadequate if programmer, and operator functions were performed by the same person.
b. There may be insufficient review and analysis of user needs when user and analyst unctions are no longer separate.
16. The production line has experienced shutdowns because needed production parts were not on hand. Management wants to know the cause of this problem. Which of the following audit procedures best addresses this objective? a. Determine if access controls are sufficient to restrict the input of incorrect data into the production database. b. Use generalized audit software to develop a complete list of the parts shortages that caused each of the production shutdowns, and analyze this data. c. Take a random sample of parts on hand per the personal computer databases and compare with actual parts on hand. d. Take a random sample of production information for selected days and trace input into the production database maintained on the LAN.
b. Use generalized audit software to develop a complete list of the parts shortages that caused each of the production shutdowns, and analyze this data.
36. An organization uses electronic data interchange (EDI) and on-line systems. Paper-based documents are not generated for purchase orders, receiving reports, or invoices. An auditor wishes to determine if invoices are paid only for goods received and at approved prices. Which of the following audit procedures would be most appropriate? a. Using a statistical sample of major vendors, trace the amounts paid to specific invoices. b. Use generalized audit software to select a sample of payments and match purchase order, invoice, and receiving reports stored on the computer using a common reference. c. Take a monetary-unit sample of accounts payable and confirm the amounts directly with the vendors. d. Use generalized audit software to identify all receipts for a particular day and trace the receiving reports to checks issued.
b. Use generalized audit software to select a sample of payments and match purchase order, invoice, and receiving reports stored on the computer using a common reference.
25. Much nonprofit organization fundraising is done over the telephone. Which of the following control procedures would be least effective in gaining assurance that all of the pledges made by telephone are recorded and designated for payment to the organization? a. Periodic monitoring of phone calls by management personnel. b. Management reports which compare funds raised this year with funds raised last year on a per-call basis. c. A confirmation program which randomly selects donations received and confirms the amounts with the donors. d. Automatic computer recording of all phone calls, coupled with supervisory monitoring of randomly selected phone calls.
c. A confirmation program which randomly selects donations received and confirms the amounts with the donors.
22. A potential problem in a manufacturing company is that purchasing agents may take kickbacks or receive gifts from vendors in exchange for favorable contracts. Which of the following would be the least effective in preventing this problem? a. A specific corporate policy prohibiting the acceptance of anything of value from a vendor. b. A corporate code of ethics that would prohibit such activity. c. A requirement for the purchasing agent to develop a company profile of all vendors before the vendors are added to the authorized vendor list. d. The establishment of long-term contracts with major vendors, with the contract terms approved by top management.
c. A requirement for the purchasing agent to develop a company profile of all vendors before the vendors are added to the authorized vendor list.
27. An auditor performs an analytical review by comparing the gross margins of various divisional operations with those of other divisions and with the individual division's performance in previous years. The auditor notes a significant increase in the gross margin at one division. The auditor does some preliminary investigation and also notes that there were no changes in products, production methods, or divisional management during the year. Based on the above information, the most likely cause of the increase in gross margin would be: a. An increase in the number of competitors selling similar products. b. A decrease in the number of suppliers of the material used in manufacturing the product. c. An overstatement of year-end inventory. d. An understatement of year-end accounts receivable.
c. An overstatement of year-end inventory.
54. The internal auditing department encounters a scope limitation from senior management that will affect its ability to meet its goals and objectives for a potential auditee. The nature of the scope limitation should be: a. Noted in the audit working papers, but the audit should be carried out as scheduled and the scope limitation worked around, if possible. b. Communicated to the external auditors so they can investigate the area in more detail. c. Communicated, preferably in writing, to the board. d. Communicated to management stating that the limitation will not be accepted because it would impair the audit department's independence.
c. Communicated, preferably in writing, to the board.
38. An internal auditor conducts a preliminary survey and identifies a number of significant audit issues and reasons for pursuing them in more depth. The auditee informally communicates concurrence with the preliminary survey results and asks that the auditor not report on the areas of significant concern until the auditee has an opportunity to respond to the problem areas. Which of the following audit responses would not be appropriate? a. Keep the audit on the audit time schedule and discuss with management the need for completing the audit on a timely basis. b. Consider the risk involved in the areas involved, and if the risk is high, proceed with the audit. c. Consider the audit to be terminated with no report needed since the auditee has already agreed to take constructive action. d. Work with the auditee to keep the audit on schedule and address the significant issues in more depth, as well as the auditee's responses, during the course of the audit.
c. Consider the audit to be terminated with no report needed since the auditee has already agreed to take constructive action.
21. Which of the following is not likely to be included as an audit step when assessing vendor performance policies? a. Determine whether agreed-upon lot sizes were sent by vendors. b. Determine whether only authorized items were received from vendors. c. Determine whether the balances owed to vendors are correct. d. Determine whether the quality of the goods purchased from the vendors has been satisfactory.
c. Determine whether the balances owed to vendors are correct.
38. Which of the following is not likely to be included as an audit step when assessing vendor performance policies? a. Determine whether agreed-upon lot sizes were sent by vendors. b. Determine whether only authorized items were received from vendors. c. Determine whether the balances owed to vendors are correct. d. Determine whether the quality of the goods purchased from the vendors has been satisfactory.
c. Determine whether the balances owed to vendors are correct.
28. As part of cash management procedures, the treasurer of a nonprofit organization has decided to invest in a variety of new financial instruments. The audit committee has asked the internal audit department to conduct an audit of the adequacy of controls over the new investing techniques. Which of the following would not be required as part of such an audit? a. Determine if policies exist which describe the risks the treasurer may take and the types of instruments in which the treasurer may make investments. b. Determine the extent of management oversight over investments in sophisticated instruments. c. Determine whether the treasurer is getting higher or lower rates of return on investments than are treasurers in comparable organizations. d. Determine the nature of controls established by the treasurer to monitor the risks in the investments.
c. Determine whether the treasurer is getting higher or lower rates of return on investments than are treasurers in comparable organizations.
29. An audit manager has just returned from an executive training program and has suggested that the audit department develop a mathematical model to help identify factors that may be causing changes in the cost of production. According to the manager, the model should recognize that the company currently has three separate production (cost) centers. Which of the following approaches would best provide the analysis suggested by the audit manager? a. Develop a classical variables sampling estimate of cost of production per department, with the sample stratified by the dollar value of each product produced. b. Develop a three-year ratio analysis of cost of production compared to cost of raw inventory, across the three departments. c. Develop a multiple regression analysis of production costs including such variables as raw material inventory costs, number of employees in the department, and overtime pay. d. Develop a linear regression analysis relating cost of production to cost of goods sold.
c. Develop a multiple regression analysis of production costs including such variables as raw material inventory costs, number of employees in the department, and overtime pay.
56. An auditor finds a situation where there is some suspicion, but no evidence, of potential misstatement. The standard of due professional care would be violated if the auditor: a. Identified potential ways in which an error could occur and ranked the items for audit investigation. b. Informed the audit manager of the suspicions and asked for advice on how to proceed. c. Did not test for possible misstatement because the audit program had already been approved by audit management. d. Expanded the audit program, without the auditee's approval, to address the highest ranked ways in which a misstatement may have occurred.
c. Did not test for possible misstatement because the audit program had already been approved by audit management.
62. Assume the auditor found that most of the goods were repaired and sold as new items. Such sales are both (1) against company policy; and (2) against governmental regulations. The auditor does not know whether or not fraud was involved or the extent that divisional management had been involved in the scheme. The auditor should report the finding to: a. Divisional management only since they are responsible for correcting the problem. b. Divisional management and relevant regulatory bodies since it is a clear violation. c. Divisional management, the audit committee, and senior management. d. The audit committee and top management only.
c. Divisional management, the audit committee, and senior management. d. The audit committee and top management only.
28. The auditor wishes to gain assurance on whether the spreadsheet has properly implemented the freight dispatching algorithm. Which of the following audit procedures would accomplish the task? I. Develop an independent spreadsheet and run test data through it and through the user's spreadsheet. Compare the results. II. Use a product to print out the logic of the user spreadsheet. Examine the logic to determine if it has been correctly incorporated into the spreadsheet. III. Develop a set of test data and manually calculate the expected results. Run the test data through the user application. a. II only. b. I and III. c. I, II, III. d. I only.
c. I, II, III.
54. During an operational audit, an auditor observes a large number of above-ground storage containers and a large amount of black emissions from a company smokestack. The organization has an environmental safety department. The audit engagement is not designed to consider environmental concerns. The best course of audit action would be to: a. Make a note to consider environmental risk concerns when developing the audit plan for the next year, but do not expand the scope of the existing audit since the budget and risk priorities are already set. b. Report the observations to the audit committee and seek their advice on whether the audit should be expanded for the environmental audit. c. Document the observations and report them to the environmental safety department. Determine if their response will be timely, and follow-up to determine if they have taken timely action. d. Inquire of local management as to the use of the storage tanks in order to determine if they are properly classified as an asset. Do not take action on the environmental issues because the auditor is untrained in the area, and such action is the responsibility of an already existing department.
c. Document the observations and report them to the environmental safety department. Determine if their response will be timely, and follow-up to determine if they have taken timely action.
33. Regarding the audit finding of an advanced computing security system, what is the most appropriate course of action by the auditor? a. Estimate the amount of cost used to develop the advanced security system and inform the outsourcer that it will be a disallowed cost. b. Exclude the finding from the audit report because the contract was vague and the level security is clearly acceptable. c. Estimate the added cost, report it to management, and suggest that management meet with its lawyers and the outsourcer to resolve differences. d. Compare the cost with previous costs incurred by governmental operations and inform outsourcer that the difference will be a disallowed cost.
c. Estimate the added cost, report it to management, and suggest that management meet with its lawyers and the outsourcer to resolve differences.
69. One criticism of the banking industry is that loan committees were not properly carrying out their function of examining proposed loans, determining that proper collateral exists, and assessing the associated risk before approving the loan. In gathering evidence to determine if the loan committee is operating effectively, the auditor should: a. Interview loan officers to see if their individual loan recommendations were followed. b. Reconcile the total amount of loans made plus those rejected with the total amount of loans submitted to the committee for approval. c. Examine individual loans for signatures of the committee members and determine the amount of loans made during each meeting and an approximation of time spent in approving the loans. d. All of the above.
c. Examine individual loans for signatures of the committee members and determine the amount of loans made during each meeting and an approximation of time spent in approving the loans.
32. Auditors must always be alert for the possibility of fraud. Assume the controls over each risk listed below are marginal. Which of the following possible frauds or misuses of organization assets should be considered the area of greatest risk? a. The president is using company travel and entertainment funds for activities that might be considered questionable. b. Purchases of supplies are made from fictitious vendors. c. Grants are made to organizations that might be associated with the president or are not for purposes dictated in the organization's charter. d. The payroll clerk has added ghost employees.
c. Grants are made to organizations that might be associated with the president or are not for purposes dictated in the organization's charter.
44. Which of the following controls is least likely to provide an auditor with assurance that online purchase requisitions are properly authorized? a. Terminal access restrictions. b. Password requirements. c. Hash totals. d. Validity tests.
c. Hash totals.
38. Human resources and payroll are separate departments. Which of the following combinations would provide the best segregation of duties? a. Human resources adds employees, payroll processes hours, and human resources delivers the paychecks to employees. b. Human resources adds employees, reviews and submits payroll hours to payroll for processing, and delivers paychecks to employees. c. Human resources adds employees, and payroll processes hours and enters employee bank account numbers. Paychecks are automatically deposited in the employee's bank account. d. Payroll adds employees and enters employees' bank account numbers but processes hours only as approved by human resources. Paychecks are automatically deposited in the employee's bank account.
c. Human resources adds employees, and payroll processes hours and enters employee bank account numbers. Paychecks are automatically deposited in the employee's bank account.
43. An internal auditor for a large regional bank holding company was asked to serve on the board of directors of a local bank. The bank competes in many of the same markets as the bank holding company, but focuses more on consumer financing than on business financing. In accepting this position, the auditor: I. Violates the IIA Code of Ethics because serving on the board may be in conflict with the best interests of the auditor's employer. II. Violates the IIA Code of Ethics because the information gained while serving on the board of directors of the local bank may influence recommendations regarding potential acquisitions. a. I only. b. II only. c. I and II. d. Neither I nor II.
c. I and II.
10. An auditor notes that production is often stopped or hampered by raw materials inventory not being present when needed. Which of the following statements are correct based on this information alone? I. The auditor should investigate the quality of communication between production planners and purchasing agents. II. The auditor should recommend that management implement an economic order quantity (EOQ) model to better manage inventory and meet production needs. 111. The auditor should attempt to quantify the costs to the company related to this problem. a. I only. b. I and II. c. I and Ill. d. II and 111.
c. I and Ill.
14. Requests for purchases beyond those initially budgeted by the marketing manager must be approved by the marketing manager. Which of the following statements regarding this control procedure is correct? The procedure: I. Should provide for the most efficient allocation of scarce organizational resources. II. Is a detective control procedure. III. Is not necessary because each product manager is evaluated on profit generated, thus this control is redundant. a. II and III. b. I, II, and III. c. I only. d. III only.
c. I only.
70. Auditors need to determine if management has established criteria to determine if goals and objectives have been accomplished. If the auditor determines such criteria are inadequate or non-existent, which of the following actions would be appropriate? I. Report the inadequacies to the appropriate level of management and recommend appropriate courses of action. II. Recommend alternative sources of criteria to management such as acceptable industry standards. III. Formulate criteria the auditor believes to be adequate and perform and audit and report in relationship to the alternative criteria. a. I only. b. I and II only. c. I, II, and III. d. II only.
c. I, II, and III.
12. A manufacturing firm uses hazardous materials in production of its products. An audit of these hazardous materials may include: I. Recommending an environmental management system as a part of policies and procedures. II. Verifying the existence of "cradle to grave" (creation to destruction) tracking records for these materials. III. Using consultants to avoid self-incrimination of the firm in the event illegalities were detected in an environmental audit. IV. Evaluating the cost provided for in an environmental liability accrual account. a. II only. b. I and II only. c. I, II, and IV. d. III and IV.
c. I, II, and IV.
8. Management is concerned abut the lower level of profitability in the Mid-Central Region. Which of the following would be a reasonable possible explanation(s) of the lower profitability for the Mid-Central Region? I. Leasing and maintenance expenses are higher for the Mid-Central Region. II. Sales employees are not as productive in generating sales as those in other regions. III. The Mid-Central Region has a lower gross margin. a. I only. b. II only. c. II and III only. d. I, II and III.
c. II and III only
45. In considering the internal auditing department's independence, which of the following facts, by themselves, could contribute to a lack of internal audit independence? I. The CEO accused the previous director of not operating "in the best interests of the organization." II. The majority of audit committee members come from within the organization. III. The internal audit charter has not been approved by the board of the audit committee. a. I only. b. II only. c. II and III only. d. I, II, III.
c. II and III only. d. I, II, III.
27. A catalog company has been experiencing an increasing incidence of problems where the wrong products have been shipped to the customer. Most of the customer orders come in over the telephone and an operator enters the data into the order system immediately. Which of the following control procedures, if properly implemented, would address the problem? I. Have the computer automatically assign a sequential order number to each customer order. II. Implement a self-checking digit algorithm for each product number and request entries by product number. III. Request entries by product number, have the computer program identify the product and price, and require the operator to orally verify the product description with the customer. a. II only. b. I, II, and III. c. II and III. d. I and II.
c. II and III.
5. Regarding item D, which of the following would be correct? I. The deviation rate is under 4%, therefore the finding need not be reported to management and the audit committee. II. The auditor should review appropriate regulations and possibly get legal counsel opinion on the finding prior to including the finding in the final audit report. III. The auditor should report the finding to the vice president who approved the loans and ask for a follow-up report during the audit scheduled next year. IV. Review a plan by the loan committee to prevent such occurrences in the future and include a summary and analysis of the plan in the final audit report. a. I only. b. III only. c. II and IV. d. II only.
c. II and IV.
8. Assume that management has been working with a 5 percent materiality level for inventory. If the auditor decides that all of the sampling items identified above represent errors, which of the following conclusions are justified? I. Recorded inventory is not materiality misstated at the end of the third quarter. II. Recorded inventory is materially misstated at the end of the third quarter. III. If no changes are made to normal processing, inventory will not be materially misstated at year-end. IV. If no changes are made to normal processing, inventory will be materially misstated at year-end. a. I only. b. I and III. c. II and IV. d. II only.
c. II and IV.
9. An auditor is reviewing monthly reports distributed by management information system (MIS) output personnel to determine if access to confidential information is limited to project supervisors. Which of the following steps should the auditor perform? I. Review a sample of report end-of-job indicators. II. Determine if reports are signed for upon delivery. III. Review the operating system job control language (JCL) code for abend conditions. IV. Verify that the correct transaction file was used. a. I and III. b. II, III, and IV. c. II only. d. I and II.
c. II only.
66. Which of these statements should be in the criteria section of the finding? a. II only. b. III only. c. III and IV only. d. V only.
c. III and IV only
1. Which of the following comments are correct regarding the assessment of risk associated with the two projects? I. Activities requested by the audit committee should always be considered higher risk than those requested by management. II. Activities with higher dollar budgets should always be considered higher risk than those with lower dollar budgets. III. Risk should always be measured by the potential dollar or adverse exposure to the organization. a. I only. b. II only. c. III only. d. I and iii.
c. III only.
10. The auditor is concerned with the overall valuation of inventory. Rank the following sources of audit evidence from most persuasive to least persuasive in addressing the assertion as to the valuation of inventory. I. Calculate inventory turnover by individual product. II. Assess the net realizability of all inventory items with a turnover ratio of 2.0 or less by interviewing the marketing manager as to the marketability of the product. III. Calculate the Net Realizable Value (NRV) of all inventory products (using audit software to calculate NRV based on the last selling price) and compare NRV with cost. IV. Take a statistical sample of inventory and examine the latest purchase documents (invoices and receiving slips) to calculate inventory cost. a. I, II, III, IV. b. I, IV, II, III. c. IV, I, III, II. d. II, III, IV, I.
c. IV, I, III, II.
1. Regarding item A only, which of the following audit conclusions is justified? a. There is a 15% deviation rate in total loans processed. b. There is a problem in processing that should be followed up by the auditor to determine why 15 of the loans may have been lost. c. The loans that have been made comply with company procedures while the loans that were not made do not. d. None of the above.
d. None of the above.
36. Most organizations are concerned about the potential compromise of passwords. Which of the following procedures would be the most effective in controlling against a perpetrator obtaining someone else's password? a. Allow only the users to change their passwords and encourage them to change passwords frequently. b. Implement a computer program which tests to see that the password is not easily guessed. c. Implement the use of "see-through" authentication techniques whereby the user uses a card to generate a password and verifies both the key and the generated password to the system. d. Limit password authorization to time of day and location.
c. Implement the use of "see-through" authentication techniques whereby the user uses a card to generate a password and verifies both the key and the generated password to the system.
66. Assuming that there is a meeting later the same day with the audit committee of the board, which of the following is not a responsibility of the director of internal auditing? a. Inform the audit committee of senior management's decisions on all significant audit findings. b. Highlight significant audit findings and recommendations and report on the approved audit work schedule. c. Inform the audit committee of the outcome of earlier meetings with the CFO and the options being considered for recording the inventory adjustment. d. Attempt to resolve the inventory issue before reporting the finding to the audit committee.
c. Inform the audit committee of the outcome of earlier meetings with the CFO and the options being considered for recording the inventory adjustment.
12. Confirmation would be most effective in addressing the existence assertion for: a. The addition of a milling machine to a machine shop. b. Sale of merchandise during the regular course of business. c. Inventory hald on consignment. d. The granting of a patent for a special process developed by the organization.
c. Inventory hald on consignment.
41. Observation is considered a reliable audit procedure, but one that is limited in usefulness. However, it is used in a number of different audit situations. Which of the following statements is true regarding observation as an audit technique? a. It is the most effective audit methodology to utilize in filling out internal control questionnaires. b. It is the most persuasive methodology to learn how transactions are really processed during the period under audit. c. It is rarely sufficient to satisfy any audit assertion other than existence. d. It is the most persuasive audit technique for determining if fraud has occurred.
c. It is rarely sufficient to satisfy any audit assertion other than existence.
43. Which of the following would constitute a violation of The IIA's Code of Ethics? a. Janice has accepted an assignment to audit the electronics manufacturing division. Janice has recently joined the internal auditing department. But she was senior auditor for the external audit of that division and has audited many electronics companies during the past two years. b. George has been assigned to do an audit of the warehousing function six months from now. George has no expertise in that area, but accepted the assignment anyway. He has signed up for continuing professional education courses in warehousing which will be completed before his assignment begins. c. Jane is content with her career as an internal auditor and has come to look at it as a regular 9 to 5 job. She has not engaged in continuing professional education or other activities to improve her effectiveness during the last three years. However, she feels she is performing the same quality work she always has. d. John discovered an internal financial fraud during the year. The books were adjusted to properly reflect the loss associated with the fraud. John discussed the fraud with the external auditor when the external auditor reviewed working papers detailing the incident.
c. Jane is content with her career as an internal auditor and has come to look at it as a regular 9 to 5 job. She has not engaged in continuing professional education or other activities to improve her effectiveness during the last three years. However, she feels she is performing the same quality work she always has.
16. A restaurant food chain has over 680 restaurants. All food orders for each restaurant are required to be input into an electronic device which records all food orders by food servers and transmits the order to the kitchen for preparation. All food servers are responsible for collecting cash for all their orders and must turn in cash at the end of their shift equal to the sales value of food ordered for their I.D. number. The manager then reconciles the cash received for the day with the computerized record of food orders generated. All differences are investigated immediately by the restaurant. Corporate headquarters has established monitoring controls to determine when an individual restaurant might not be recording all its revenue and transmitting the applicable cash to the corporate headquarters. Which of the following would be the best example of a monitoring control? a. The restaurant manager reconciles the cash received with the food orders recorded on the computer. b. All food orders must be entered on the computer, and there is segregation of duties between the food servers and the cooks. c. Management prepares a detailed analysis of gross margin per store and investigates any store that shows a significantly lower gross margin. d. Cash is transmitted to corporate headquarters on a daily basis.
c. Management prepares a detailed analysis of gross margin per store and investigates any store that shows a significantly lower gross margin.
61. Which of the following, if observed, would not indicate the need to search for other indicators of fraud? a. The standard of living of one of the purchasing agents has increased. b. The internal control structure has significant weaknesses. c. Management, at the purchasing agents' request, has adopted a policy of paying vendors on a more timely basis to avoid incurring penalty charges. d. The cost of goods procured seems to be excessive in comparison with previous years.
c. Management, at the purchasing agents' request, has adopted a policy of paying vendors on a more timely basis to avoid incurring penalty charges.
66. An auditor, nearly finished with an audit, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing audit and there is pressure to complete the current audit. The auditor notes the problem and passes the information on to the director of internal audit but does no further follow-up. The auditor's actions would: a. Be in violation of the IIA Code of Ethics for withholding meaningful information. b. Be in violation of the Standards because the auditor did not properly follow-up on a red flag that might indicate the existence of fraud. c. Not be in violation of either the IIA Code of Ethics or Standards. d. Both a and b.
c. Not be in violation of either the IIA Code of Ethics or Standards.
24. Assume that the director of internal auditing determines that the department does not have the requisite skills to conduct an audit of the financial derivatives area. Which of the following actions would be the least acceptable? a. Notify the audit committee of the problem and consult with them regarding outsourcing the audit to a qualified external auditing firm. b. Determine the requisite knowledge needed and obtain the proper training for auditors if such training is available within the appropriate time framework outlined by the audit committee. c. Notify the audit committee of the problem and assign the most competent auditors to the job. d. Employ the skills of a financial derivatives expert to consult on the project, and supplement the consulting with a local seminar on financial derivatives.
c. Notify the audit committee of the problem and assign the most competent auditors to the job.
32. Most large-scale computer systems maintain at least three program libraries: production library (for running programs); source code library (maintains original source coding); and test library (for programs which are being changed). Which of the following statements is correct regarding the implementation of sound controls over computer programs libraries? a. Only programmers should have access to the production library. b. Users should have access to the test library to determine whether all changes are properly made. c. Only the program librarian should be allowed to make changes to the production library. d. The computer operator should have access to both the production library and the source code library to assist in diagnosing computer crashes.
c. Only the program librarian should be allowed to make changes to the production library.
4. A perpetual inventory system uses a minimum quantity on hand to initiate purchase ordering procedures for restocking. In reviewing the appropriateness of the minimum quantity level established by the stores department, the auditor would be least likely to consider: a. Stock-out costs, including lost customers. b. Seasonal variations in forecasting inventory demand. c. Optimal order sizes determined by the economic order quantities model. d. Available storage space and potential obsolescence.
c. Optimal order sizes determined by the economic order quantities model.
1. A receiving department receives copies of purchase orders for use in identifying and recording inventory receipts. The purchase orders list the name of the vendor and the quantities of the materials ordered. A possible error that this system could allow is: a. Payment to unauthorized vendors. b. Payment for unauthorized purchases. c. Overpayment for partial deliveries. d. Delay in recording purchases.
c. Overpayment for partial deliveries.
45. The auditor plans to select a sample of transactions to assess the extent that purchase discounts may have been lost by the company. After assessing the risks associated with lost purchase discounts, the auditor was most likely to select a sample from which one of the following populations? a. Open purchase orders. b. Paid EDI invoices. c. Paid non-EDI invoices. d. Paid EDI and non-EDI invoices.
c. Paid non-EDI invoices.
2. The auditor finds a situation where one person` has the ability to collect receivables, make deposits, issue credit memos, and record receipt of payments. The auditor suspects the individual may be stealing from cash receipts. Which of the following audit procedures would be most effective in discovering fraud in this scenario? a. Send positive confirmations to a random selection of customers. b. Send negative confirmations to all outstanding accounts receivable customers. c. Perform a detailed review of debits to customer discounts, sales returns, or other debit accounts, excluding cash posted to the cash receipts journal. d. Take a sample of bank deposits and trace the detail in each bank deposit back to the corresponding entry in the cash receipts journal.
c. Perform a detailed review of debits to customer discounts, sales returns, or other debit accounts, excluding cash posted to the cash receipts journal.
44. The audit committee has expressed concern that the financial institution has been taking on higher-risk loans in pursuit of short-term profit goals. Which of the following audit procedures would provide the least amount of information to address this audit concern? a. Perform an analytical review of interest income as a percentage of the investment portfolio in comparison with a group of peer financial institutions. b. Take a random sample of loans made during the period and compare the riskiness of the loans with that of a random sample of loans made two years ago. c. Perform an analytical review which involves developing a chart to compare interest income plotted over the past ten years. d. Develop a multiple-regression time-series analysis of income over the past five years including such factors as interest rate in the economy, size of loan portfolio, and dollar amount of new loans each year.
c. Perform an analytical review which involves developing a chart to compare interest income plotted over the past ten years.
68. Spreadsheet software would be most appropriate for which of the following audit activities? a. Preparing overhead projector slides for an audit presentation. b. Preparing a narrative report summarizing the results of an audit. c. Preparing depreciation schedules for fixed assets. d. Uploading data from a microcomputer to a mainframe.
c. Preparing depreciation schedules for fixed assets.
20. An auditor is planning an audit of a customer information system which uses a local area network (LAN) with personal computers (PC's). Increased risks associated with the company's use of a LAN and PC's, as opposed to use of a mainframe, could include all of the following except: a. Lack of documentation of procedures to ensure the complete capture of data. b. Poor security of data residing on the PC's. c. Problems with failures of the hardware used for processing data. d. Incomplete data communications.
c. Problems with failures of the hardware used for processing data.
55. The internal audit department can be involved with systems development continuously, at the end of specific stages, after imple-mentation, or not at all. An advantage of continuous internal audit involvement compared to the other two types of involvement is: a. The cost of audit involvement can be minimized. b. There are clearly defined points at which to issue audit comments. c. Redesign costs can be minimized. d. The threat of lack of audit independence can be minimized.
c. Redesign costs can be minimized.
14. Internal auditing is unique in that its scope often encompasses all areas of an organization. Thus, it is not possible for each internal auditor to possess detailed competence in all areas which might be audited. Which of the following competencies is required by the Standards for every internal auditor? a. Taxation and law as it applies to operation of the organization. b. Proficiency in accounting principles. c. Understanding of management principles. d. Proficiency in computer systems and databases.
c. Understanding of management principles.
41. During a review of purchasing operations, an auditor finds that current procedures differ markedly from stated company procedures. However, the auditor concludes that the procedures currently used represent an increase in efficiency and a decrease in processing time, without a discernible decrease in control. The auditor should: a. Report the lack of adherence to documented procedures as an operational deficiency. b. Develop a flowchart of the new procedures and include it in the report to management. c. Report the change and suggest that the change in procedures be documented. d. Suspend the completion of the audit until the auditee documents the new procedures.
c. Report the change and suggest that the change in procedures be documented.
26. Assume the auditor did not find a satisfactory explanation for the results of the analytical procedures performed and has conducted the appropriate follow-up procedures The audit of the area is otherwise complete. Which of the following would be the most appropriate action to take? a. Note the actions and follow-up next year. Defer the reporting to management until a satisfactory explanation can be obtained. b. Expand audit procedures by observing the receipt of all augers during a reasonable period of time and trace the receipts to the appropriate accounts. Determine causes of any discrepancies. c. Report the findings, as they are, to management and recommend an investigation for possible irregularities. d. Report the findings to the construction manager and insist that appropriate internal control such as independent receiving reports be implemented. Follow up to see if the controls are properly implemented.
c. Report the findings, as they are, to management and recommend an investigation for possible irregularities.
4. Upon investigation, the auditor finds that one division consistently has large amounts of excess cash at a time when the organization is borrowing heavily and using the proceeds to support other divisions. The best control procedure to address this concern, without a major change in procedures, would be to: a. Centralize all cash processing. b. Require each division to handle its own long-term financing, thereby forcing them to better match their cash needs and sources. c. Require each division to prepare detailed cash forecasts and budgets for future periods to be used for centralized cash management. d. Implement electronic data interchange with major customers to facilitate the timing of cash receipts.
c. Require each division to prepare detailed cash forecasts and budgets for future periods to be used for centralized cash management.
63. Which of the following control procedures, if properly implemented, would best decrease the likelihood of fraud in the environment described above? a. Require periodic rotation of purchases among different vendors. b. Require rotation of duties among the three purchasing agents. c. Require receiving reports be sent directly to accounts payable. d. Require that the updates to the perpetual inventory record be made by the receiving department.
c. Require receiving reports be sent directly to accounts payable.
40. The auditor reviews the retirement benefits plan and determines that the pension and medical benefits have been changed several times in the past ten years. The auditor wishes to determine whether there is justification to perform further audit investigation. The most appropriate audit procedure would be to: a. Review the trend of overall retirement expense over the last ten years. If the retirement expense increased, it would indicate the need for further investigation. b. Use generalized audit software to take a dollar-unit sample of retirement pay and determine whether each retired employee was paid correctly. c. Review reasonableness of retirement pay and medical expenses on a per-person basis stratified by which plan was in effect when the employee retired. d. Use generalized audit software to take an attributes sample of retirement pay, and perform detailed testing to determine whether each person chosen was given the proper benefits.
c. Review reasonableness of retirement pay and medical expenses on a per-person basis stratified by which plan was in effect when the employee retired.
19. Assume the auditor concludes that the most reasonable explanation of the observed data in the prior question is that inventory fraud is taking place in the three stores. Which of the following audit activities would provide the most persuasive evidence that fraud is taking place? a. Use an integrated test facility (ITC) to compare individual sales transactions with test transactions submitted through the ITF. Investigate all differences. b. Interview the three individual store managers to determine if their explanations about the observed differences are the same, then compare their explanations to that of the section manager. c. Schedule a surprise inventory audit to include a physical inventory. Investigate areas of inventory shrinkage. d. Take a sample of individual store prices and compare them with the sales entered on the cash register for the same items.
c. Schedule a surprise inventory audit to include a physical inventory. Investigate areas of inventory shrinkage.
51. Which of the following statements is most accurate regarding the data security of an on-line computer system protected by an internal user-to-data access control program? a. Access to data is controlled by restricting specific applications to specific files. b. Access to data is controlled by restricting specific terminals to specific applications. c. Security will be dependent upon the controls over the issuance of user ID's and user authentication. d. The use of this type of access control software will eliminate any significant control weaknesses.
c. Security will be dependent upon the controls over the issuance of user ID's and user authentication.
68. In a review of travel and entertainment expenses, a Certified Internal Auditor questioned the business purposes of an officer's reimbursed travel expenses. The officer promised to compensate for the questioned amounts by not claiming legitimate expenses in the future. If the officer makes good on the promise, the internal auditor: a. Can ignore the original charging of the nonbusiness expenses. b. Should inform the tax authorities in any event. c. Should still include the finding in the audit report. d. Should recommend that the officer forfeit any frequent flyer miles received as part of the questionable travel.
c. Should still include the finding in the audit report.
29. Management of the department allowed the outside consultants to test and install new releases of the application software without documenting the changes. Which of the following risks would be most closely associated with this practice? a. The reliability of the information processed may be reduced. b. Initiation of changes may not be properly authorized by an appropriate level of management. c. The users may not be aware that changes have been made. d. The changes may be made to the application without proper testing.
c. The users may not be aware that changes have been made.
68. Which of the following procedures would have most likely led to the discovery of the missing materials and the fraud? a. Take a random sample of receiving reports and trace to the recording in the perpetual inventory record. Note differences and investigate by type of product. b. Take a random sample of purchase orders and trace them to receiving documents and to the records in the accounts payable department. c. Take an annual physical inventory, reconciling amounts with the perpetual inventory, noting the pattern of differences and investigating. d. Take a random sample of sales invoices and trace to the perpetual records to see if inventory was on hand. Investigate any differences.
c. Take an annual physical inventory, reconciling amounts with the perpetual inventory, noting the pattern of differences and investigating.
24. An auditor is experienced in air-quality issues. While interviewing the manager of a small environmental, safety, and health (ESH) department, the auditor discovers that there is a significant lack of knowledge about legal requirements for controlling air emissions. The auditor should: a. Alter the scope of the audit to focus on activities associated with air emissions. b. Share the auditor's extensive knowledge with the ESH manager. c. Take note of the weakness and direct additional questions to help determine the potential effect of the lack of knowledge. d. Report potential violations in this area to the appropriate regulatory agency.
c. Take note of the weakness and direct additional questions to help determine the potential effect of the lack of knowledge.
43. The auditors are evaluating the adequacy of the new policies and procedures in maintaining an appropriate risk profile. Which of the following audit procedures would be least relevant to the accomplishment of the audit objective? a. Meet with operational management to determine its interpretation of those procedures which are not clear. b. Meet with top management or a board member, if necessary, to clarify policy issues. c. Test a sample of investments for compliance with the new procedures. d. Review recent regulatory pronouncements to determine if the new procedures are consistent with regulatory requirements.
c. Test a sample of investments for compliance with the new procedures.
5. In publicly held companies, management often requires the internal auditing department's involvement with quarterly financial statements that are made public and/or used internally. Which one of the following is generally not a reason for such involvement? a. Management may be concerned about its reputation in the financial markets. b. Management may be concerned about potential penalties that could occur if quarterly financial statements that are made public are misstated. c. The Standards state that internal auditors should be involved with reviewing quarterly financial statements. d. Management may perceive that having quarterly financial information examined by the internal auditors enhances its value for internal decision making.
c. The Standards state that internal auditors should be involved with reviewing quarterly financial statements.
33. Which of the following control procedures would be lease effective in assuring that the correct product is shipped and billed at the appropriate price? a. Self-checking digits are used on all products numbers and customers must order from a catalog with product numbers. b. The customer service representative verbally verifies both the product description and price with the customer before the order is closed for processing. c. The customer service representative prepares batch totals of the number of items ordered and the total dollar amount of the orders. d. The product database is tightly restricted and only the director of marketing (and limited personal in the marketing department) can approve changes to the price file.
c. The customer service representative prepares batch totals of the number of items ordered and the total dollar amount of the orders.
42. Corporate management has just implemented a policy that every department must downsize by immediately cutting 10% of each department's staff and budget. The director of internal auditing has reacted to the organization's recent plans for "downsizing" (reducing the size of staff across the board) by notifying the audit managers that the time allocated for all jobs must be cut by 10%. Which of the following statements regarding the director's action and potential manager's action would be correct? a. The director's action should result in approximately the same amount of risk coverage as the previous audit plan, but reduced by 10%. b. Individual audit managers can attain 90% of the previously defined audit coverage by uniformly cutting audit procedures by 10%. c. The director should have re-prioritized risks and cut out specific audit engagements, rather than cutting 10% across the board. d. All of the above.
c. The director should have re-prioritized risks and cut out specific audit engagements, rather than cutting 10% across the board.
47. The auditor determined that the risks associated with the EDI purchases were less than the risks associated with the purchases made through the traditional system. Which one of the following factors best supports this prioritization of risks? a. There are three vendors connected through EDI. b. About half of the materials are purchased through EDI. c. The internal auditors were involved with systems development and testing of the EDI software. d. The external auditor did not examine EDI purchase controls during the annual financial audit.
c. The internal auditors were involved with systems development and testing of the EDI software.
60. It has been established that an internal auditing charter is one of the more important factors positively affecting the internal auditing department's independence. The Standards help clarify the nature of the charter by providing guidelines as to the contents of the charter. Which of the following is not suggested in the Standards as part of the charter? a. The department's access to records within the organization. b. The scope of internal auditing activities. c. The length of tenure for the internal auditing director. d. The department's access to personnel within the organization.
c. The length of tenure for the internal auditing director.
49. Communication skills are important to internal auditors. According to the Standards, the auditor should be able to effectively convey all of the following to the auditee except: a. The audit objectives designed for a specific auditable entity. b. The audit evaluations based on a preliminary survey of an auditable entity. c. The risk assessment used in selecting the area for audit investigation. d. Recommendations that are generated in relationship to a specific auditable entity.
c. The risk assessment used in selecting the area for audit investigation.
55. Which of the following audit procedures would be least effective in determining whether a division recorded subsequent-year sales in the current year? a. Perform analytical review procedures which compare like-month sales for the past two years, including the months before and after the year end. b. Confirm the amount of year-end accounts receivable with major customers. c. Use an integrated test facility to run data through the computer during the last month of the year and the first month of the subsequent year to determine if sales were recorded correctly. d. Perform an analytical review comparing the unit volume of major products shipped during the last month of the year and the first month of the subsequent year.
c. Use an integrated test facility to run data through the computer during the last month of the year and the first month of the subsequent year to determine if sales were recorded correctly.
35. The auditor wishes to test controls over computer program changes. The specific objective to be addressed in the following audit step is that only authorized changes have been made to computer programs, (i.e.,, there are no unauthorized program changes). The organization uses an automated program library system and the auditor obtains copes of the table of contents of the program library system at various periods of time. The table of contents indicates the date a change was last made to the program, the version number of the program, and the length of the program. Which of the following audit procedures would best address the stated objective/ a. Use generalized audit software to randomly select a sample of current applications. Trace those selected to program change authorization forms. b. Take a sample of all program change requests. Trace the requests to proper authorization and to changes in the program library. c. Use generalized audit software to compare the table of contents of the program library currently with an auditor copy made previously. Compare and identify differences. Select a sample of the differences for further investigation. d. Obtain a list of programming projects implemented by the data processing manager during the last six months. Take a sample from the list and trace to program change authorization forms.
c. Use generalized audit software to compare the table of contents of the program library currently with an auditor copy made previously. Compare and identify differences. Select a sample of the differences for further investigation.
35. An auditor wishes to determine the extent to which invalid data could be contained in a human-resources computer system. Examples would be an invalid job classification, age in excess of retirement age, or an invalid ethnic classification. The best approach to determine the extent of the potential problem would be to: a. Submit test data to test the effectiveness of edit controls over the input of data. b. Review and test access controls to ensure that access is limited to authorized individuals. c. Use generalized audit software to develop a detailed report of all data outside specified parameters. d. Use generalized audit software to select a sample of employees. Use the sample to determine the validity of data items and project the result to the population as a whole.
c. Use generalized audit software to develop a detailed report of all data outside specified parameters.
17. Management insists that the changes in the accounts receivable account were due to a change in its customer base and credit terms. The most appropriate audit procedure to follow up on this management assertion would be to: a. Use attribute sampling to obtain a sample of customers. For each item selected, trace to a credit-ranking agency, such as Dun & Bradstreet and note its credit ranking. Project the results to the population as a whole. b. Use attribute sampling to obtain a sample of customers at year-end. Send a confirmation to all accounts selected asking them whether or not they are a new customer. c. Use generalized audit software to obtain a ranked listing of sales volume by customers for the year and compare with a similar list for the previous year. d. Use generalized audit software to develop an aging of accounts receivable and compare the aging to the previous year to determine if it has changed.
c. Use generalized audit software to obtain a ranked listing of sales volume by customers for the year and compare with a similar list for the previous year.
37. Management has asked the auditor to recommend monitoring controls which management could establish to provide timely oversight of the information systems contract. Which of the following would be the least effective monitoring control? a. Require monthly internal reports summarizing overhead rates used in billings. b. Require monthly reports by the outsourcer of total costs billed and services rendered. c. Use internal auditors to investigate the appropriateness of costs, as part of a yearly audit of the outsourcer. d. Randomly investigate selected cost accounts throughout the year to determine that all the expenses are properly charged to the governmental unit.
c. Use internal auditors to investigate the appropriateness of costs, as part of a yearly audit of the outsourcer.
40. Given the acceptance of the cost savings audits and the scarcity of internal audit resources, the audit manager also decided that follow-up action was not needed. The manager reasoned that cost savings should be sufficient to motivate the auditee to implement the auditor's recommendations. Therefore, followup was not scheduled as a regular part of the audit plan. Does the audit manager's decision violate the Standards? a. No. The Standards do not specify whether follow-up is needed. b. Yes. The Standards require the auditors to determine whether the auditee has appropriately implemented all of the auditor's recommendations. c. Yes. Scarcity of resources is not sufficient reason to omit follow-up action. d. No. When there is evidence of sufficient motivation by the auditee, there is not need for follow-up action.
c. Yes. Scarcity of resources is not sufficient reason to omit follow-up action.
30. Which of the following best describes a preliminary survey? a. A standardized questionnaire used to obtain an understanding of management objectives. b. A statistical sample of key employee attitudes, skills, and knowledge. c. A "walk-through" of the financial control system to identify risks and the controls that can address those risks. d. A process used to become familiar with activities and risks in order to identify areas for audit emphasis.
d. A process used to become familiar with activities and risks in order to identify areas for audit emphasis.
52. Internal auditors are often called upon to either perform, or assist the external auditor in performing, a due diligence review. A due diligence review is: a. A review of interim financial statements as directed by an underwriting firm. b. An operational audit of a division of a company to determine if divisional management is complying with laws and regulations. c. A review of operations as requested by the audit committee to determine whether the operations comply with audit committee and organizational policies. d. A review of financial statements and related disclosures in conjunction with a potential acquisition.
d. A review of financial statements and related disclosures in conjunction with a potential acquisition.
22. The auditor is reviewing the company's policy regarding investing in financial derivatives. The auditor would normally expect to find all of the following in the policy except: a. A statement indicating whether derivatives are to be used for hedging or speculative purposes. b. A specific authorization limit for the amount and types of derivatives which can be used by the organization. c. A specific limit on the amount authorized for any single trader. d. A statement requiring board review of each transaction because of the risk involved in such transactions.
d. A statement requiring board review of each transaction because of the risk involved in such transactions.
47. Management has requested the internal auditing department to perform an operational audit of the telephone marketing operations of a major division and to recommend procedures and policies for improving management control over the operation. The auditor should: a. Not accept the engagement because recommending controls would impair future objectivity of the department regarding this auditee. b. Not accept the engagement because audit departments are presumed to have expertise on accounting controls, not marketing controls. c. Accept the engagement, but indicate to management that recommending controls would impair audit independence so management knows that future audits of the area would be impaired. d. Accept the audit engagement because independence would not be impaired.
d. Accept the audit engagement because independence would not be impaired.
15. A company controller is concerned that parts may be stolen because there is no formal receiving function (that is, receiving slips are not filled out). Production raw materials are moved from rail cars directly to the production line, and vendors are paid based on actual production. Which of the following comments correctly protrays the current process? a. Goods can be paid for only if they have been used in production. Stolen goods or goods not shipped will not be paid for. b. There is less handling of goods received, thereby decreasing the cost associated with processing goods received as well as decreasing the opportunities for errors to enter the system. c. Shortages of materials in the system will be brought to a supervisor's attention because of production shutdowns. d. All of the above.
d. All of the above.
18. It would be appropriate for internal auditing departments to use consultants with expertise in health care benefits when the internal auditing department is: a. Conducting an audit of the organization's estimate of its liability for post- retirement benefits which include health care benefits. b. Comparing the cost of the organization's health care program with other programs offered in the industry. c. Training its staff to conduct an audit of health care costs in a major division of the organization. d. All of the above.
d. All of the above.
40. The auditor calculates a statistical estimate of expenditures by the contractor to determine whether they are in compliance with the contract. The audit working papers document the following evidence which the auditor is considering for the audit report: . Total expenditures per the contractor books: $12.3 million . Total number of items in population: 1,500 . Sample size: 100 . Number of items not in compliance: 5 . Dollar value of items wampled: $700,000 . Dollar amount of items not in compliance: $53,000 Which of the following communications would be correct? a. The best estimate is that five percent of the 1,500 items in the population are not in compliance with the contract. b. The best estimate is that the incorrect charges to the account equal about $795,000. c. The average dollar value of items not in compliance is greater than the average dollar value of items in the population. d. All of the above.
d. All of the above.
63. Developing an audit finding involves comparing the condition to the relevant standard or criterion. Which of the following choices best represents an appropriate standard or criterion to support a finding? a. A quality standard operating procedure (number and date) for the department. b. An internal accounting control principle, cited and copied from a public accounting reference. c. A sound business practice, based on the internal auditor's knowledge and experience obtained during many audit assignments within the company. d. All of the above.
d. All of the above.
7. The auditor wishes to follow appropriate sampling theory on projected dollar differences, even if made judgmentally, to the population. Which of the items noted above should have their dollar differences projected to the population as a whole to determine the potential misstatement of inventory? a. 1, 17, 26, and 45. b. Item 26 only, because the remaining items will be corrected by year-end. c. 17 and 26. d. All of the items.
d. All of the items.
20. Which of the following procedures would provide the most relevant evidence to determine the adequacy of the allowance for doubtful accounts receivable? a. Confirm the receivables. b. Analyze the following month's payments on the accounts receivable balances outstanding. c. Test the controls over the write-off of accounts receivable to ensure that management approves all write-offs. d. Analyze the allowance through an aging of receivables and an analysis of current economic data.
d. Analyze the allowance through an aging of receivables and an analysis of current economic data.
28. Certain payroll transactions were posted to the payroll file but were not uploaded correctly to the general ledger file on the mainframe. The best control to detect this type of error would be: a. A standard method for uploading mainframe data files. b. An appropriate edit and validation of data. c. A record or log of items rejected during processing. d. Balancing totals of critical fields.
d. Balancing totals of critical fields.
2. If the treasurer took a customer's cash remittance and omitted it from the cash deposit and recorded a debit to cash for the remaining receipts, the omission would best be detected by: a. Monthly analytical review comparing accounts receivable balances with sales volume and cash receipts. b. Customer inquiries to the customer services department. c. Periodic confirmation of randomly selected accounts by the internal auditing department and follow-up of all differences. d. Batching all receipts and turnaround documents and reconciling the posting of the batches to the receivables and cash account.
d. Batching all receipts and turnaround documents and reconciling the posting of the batches to the receivables and cash account.
10. During the course of an audit, an auditor discovers that a research and development employee has been patenting new developments that are unrelated to the basic business of the company. The company does not have a specific policy addressing patents on developments that are not related to the basic business, but has a general policy that all important new discoveries by employees are the property of the company. The employee is considered one of the most prestigious in the field. The employee's actions have been condoned by local management as an extra incentive to keep the employee at the lab. A decision not to report the employee's action would be: a. A violation of the IIA Code of Ethics. b. A violation of the reporting requirements in the Standards. c. Justified because divisional management is aware of the practice, and it is not in violation of company policies. d. Both a and b.
d. Both a and b.
52. Assume that the auditor's preliminary find ings indicate that certain dentists are billing the health care processor for services that were not provided and that this practice is not being detected or prevented by the health care processor. The auditor wishes to present to management an estimate of the amounts involved. The auditor chooses an approach which will sample claims by dentists and will verify whether the claims are appropriate. The best audit sampling approach would be: a. Discovery sampling based on a low to moderate level of fraud expectation. b. Dollar unit sampling of all dentists to determine if the fraud might exceed a predetermined limit. c. Attribute sampling classifying the existence of a non-valid claim as a deviation. d. Classical variables estimation of claims submitted by the suspected dentists stratified by dollar amount of services performed.
d. Classical variables estimation of claims submitted by the suspected dentists stratified by dollar amount of services performed.
58. Management requests the auditor to examine factors which would help improve the efficiency with which resources are used in the purchasing and production processes. Which of the following procedures would be the least effective in addressing management's concern? a. Perform an evaluation of the planning process to determine goods to be ordered and the method of purchasing goods. b. Perform a comparison of production costs over the past three years. Identify any large deviations and investigate causes. c. Interview personnel involved in the production process to gain insight on production or acquisition problems. d. Compare the company's total cost of goods sold, as a percentage of total sales, with industry averages.
d. Compare the company's total cost of goods sold, as a percentage of total sales, with industry averages.
9. The auditor must determine the applicable laws and regulations. Which of the following procedures would be the least effective in learning about the applicable laws and regulations? a. Make inquiries of the city's chief financial officer, legal counsel, or grant administrators. b. Review prior year working papers and inquire of officials as to changes. c. Review applicable grant agreements. d. Discuss the matter with the audit committee and make inquiries as to the nature of the requirements and the audit
d. Discuss the matter with the audit committee and make inquiries as to the nature of the requirements and the audit
70. Which of the following situations would be a violation of the IIA Code of Ethics? a. An auditor was subpoenaed in a court case in which a merger partner claimed to have been defrauded by the auditor's company. The auditor divulged confidential audit information to the court. b. An auditor for a manufacturer of office products recently completed an audit of the corporate marketing function. Based on this experience, the auditor spent several hours one Saturday working as a paid consultant to a hospital in the local area which intended to conduct an audit of its marketing function. c. An auditor gave a speech at a local IIA chapter meeting outlining the contents of a program the auditor had developed for auditing electronic data interchange (EDI) connections. Several auditors from major competitors were in the audience. d. During an audit, an auditor learned that the company was about to introduce a new product that would revolutionize the industry. Because of the probable success of the new product, the product manager suggested that the auditor buy additional stock in the company, which the auditor did.
d. During an audit, an auditor learned that the company was about to introduce a new product that would revolutionize the industry. Because of the probable success of the new product, the product manager suggested that the auditor buy additional stock in the company, which the auditor did.
18. The reconciliation of the summary report to the day's material request forms by the parts room supervisor: a. Verifies that all material request forms were approved. b. Provides documentation as to what material was available for a specific transaction. c. Confirms that all material request forms are entered for all parts issued. d. Ensures the accuracy and completeness of data input.
d. Ensures the accuracy and completeness of data input.
6. In some countries, governmental units have established audit standards. For example, in the United States, the General Accounting Office has developed standards for the conduct of governmental audits, particularly those that relate to compliance with government grants. In performing governmental grant compliance audits, the auditor should: a. Be guided only by the governmental standards. b. Be guided only by the IIA Standards because they are more encompassing. c. Be guided by the more general standards that have been issued by the public accounting profession. d. Follow both the IIA Standards and any additional governmental standards.
d. Follow both the IIA Standards and any additional governmental standards.
57. Which of the following statements are correct regarding internal audit workpaper documentation for a fraud investigation? I. All incriminating evidence should be included in the workpapers. II. All important testimonial evidence should be reviewed to ensure that it provides sufficient basis for the conclusions reached. III. If interviews are held with the suspected perpetrator, written transcripts or statements should be included in the workpapers with the interviewee's signature of approval. a. I only. b. I and II only. c. II and III only. d. I, II, and III.
d. I, II, and III.
30. When planning the controls review of the EUC application, the internal auditor chose to include the general control environment in the scope. Which one of the following statements regarding general controls is the auditor most likely to find true? a. The effectiveness of the general controls is influenced by the application controls. b. Identifying the person or function responsible for the general controls may be easier here than in a traditional mainframe environment. c. The need for specific general controls is relatively constant across EUC environments. d. General controls must be in place before application controls can be relied upon.
d. General controls must be in place before application controls can be relied upon.
53. An auditor has uncovered facts which could be interpreted as indicating unlawful activity on the part of an auditee. The auditor decides not to inform senior management of these facts since he cannot prove that an irregularity occurred. The auditor, however, decides that if questions are raised regarding the omitted facts, they will be answered fully and truthfully. In taking this action, the auditor: a. Has not violated the Code of Ethics or the Standards because confidentiality takes precedence over all other standards. b. Has not violated the Code of Ethics or the Standards because the auditor is committed to answering all questions fully and truthfully. c. Has violated the Code of Ethics because unlawful acts should have been reported to the appropriate regulatory agency to avoid potential "aiding and abetting" by the auditor. d. Has violated the Standards because the auditor should inform the appropriate authorities in the organization if fraud may be indicated.
d. Has violated the Standards because the auditor should inform the appropriate authorities in the organization if fraud may be indicated.
16. Inventory levels for a packing facility are controlled by the use of just-in-time techniques. If the auditor's objective is to evaluate ordering and stocking standards, which of the following procedures would be relevant? I. Using audit software to compute the number of shipping crates used per day. II. Reviewing shipping records for product quantity and dates. III. Comparing actual stocking levels to industry averages. IV. Reviewing sales records for defective returns. a. III only. b. I and IV. c. II and III. d. I and II.
d. I and II.
62. Which of the following activities would not be presumed to impair the independence of an internal auditor? I. Recommending standards of control for a new information system application. II. Drafting procedures for running a new computer application to ensure that proper controls are installed. III. Performing reviews of procedures for a new computer application before it is installed. a. I only. b. II only. c. III only. d. I and III.
d. I and III.
50. The auditor wants to obtain assurance that the EFT payments have not been made twice. Computer assisted audit tools and techniques could be used to perform which of the following procedures? I. Identification of EFT transactions to the same vendor for the same dollar amount. II. Extraction of EFT transactions with unauthorized vendor codes. III. Testing of EFT transactions for reasonableness. IV. Searching for EFT transactions with duplicate purchase order numbers. a. I, II, III, and IV. b. I, III, and IV only. c. I and III only. d. I and IV only.
d. I and IV only.
20. Based on the data, the auditor can justifiably conclude that: I. Total revenue is increasing more rapidly than is total cost. II. The service department is more efficient since revenue has increased dramatically in the current year. III. The service department is more efficient since revenue has increased by a greater percentage than the increase in costs in the current year. IV. There is excess capacity in the service department since 11 total staff serviced 1,000,000 customers, therefore 14 total staff should be able to service more than 1,250,000 customers. a. I, II, III, IV. b. I, II, and III. c. III and IV only. d. I only.
d. I only.
60. An internal audit department had been requested to perform an audit to determine whether the organization was in compliance with a particular set of laws and regulations. The audit did not reveal any issues of non-compliance but did reveal that the organization did not have an established system to ensure compliance with the applicable laws and regulations. The auditor's responsibility is to: I. Report that no significant compliance issues were noted. II. Report that the organization has a significant control deficiency because management has not established a system to ensure compliance. III. Meet with management to determine what follow-up action will be taken. IV. Monitor to determine that follow-up action has been taken. a. I only. b. I and II only. c. 11 and 111-only. d. I, 11, III, and IV.
d. I, 11, III, and IV.
39. The Standards specify that supervision of the work of internal auditors be "carried out continuously." Which of the following statements regarding supervision is correct? I. "Continuously" indicates that supervision should be performed throughout the planning, examination, evaluation, report, and follow-up stages of the audit. II. Supervision should also be extended to training, and time reporting, and expense control, as well as similar administrative matters. III. The extent and nature of supervision needs to be documented, preferably in the appropriate working papers. a. I only. b. I and III only. c. II only. d. I, II, and III.
d. I, II, and III
2. Regarding item B, which of the following would be correct? I. The sample deviation rate exceeds 4%. II. The auditor should examine the nature of the loans approved by the vice president to see if there is a pattern. III. The audit finding should be included in the auditor's report with a suggestion that the loan committee review the loans. a. II only. b. II and III only. c. III only. d. I, II, and III.
d. I, II, and III.
20. Which of the following audit procedures should be performed to verify the accrued revenue recorded for the jobs in progress account at year-end 1995? I. Take a sample of jobs listed in progress at year-end and physically observe the construction sites to determine the jobs are in progress. II. Perform detailed tests of the job cost build-up for the jobs in progress to determine that all costs have been properly assigned. III. Inspect a sample of job in progress with a consulting engineer to develop an independent estimate of the percentage completed. a. I only. b. I and III only. c. II only. d. I, II, and III.
d. I, II, and III.
31. Management's enthusiasm for computer security seems to vary with changes in the environment, particularly the occurrence of other computer disasters. Which of the following concepts should be addressed when making comprehensive recommendation regarding the cost/benefit of computer security? I. Potential loss if security is not implemented. II. Probability of occurrences. III. Cost and effectiveness of the implementation and operation of computer security. a. I only. b. I and II only. c. III only. d. I, II, and III.
d. I, II, and III.
58. Which of the following statements are correct regarding the deterrence of fraud? I. The primary means of deterring fraud is through an effective control system initiated by top management. II. Internal auditors are responsible for assisting in the deterrence of fraud by examining and evaluating the adequacy of the control system. III. Internal auditors should determine whether communication channels provide management with adequate and reliable information regarding the effectiveness of the control system and the occurrence of unusual transactions. a. I only. b. I and II only. c. II only. d. I, II, and III.
d. I, II, and III.
66. The auditor is considering making a recommendation on appropriate controls to address a potential problem of fictitious recipients. The auditor has identified the following control procedures as potential items to include in the recommendation. I. Require that all additions to the recipient file be independently investigated and approved by a supervisor of the social workers. II. Require the use of self-checking digits on the account numbers of all recipients so that any duplicates will be immediately noted by the system. III. Incorporate a code into the computer program to search for duplicate names and addresses. Develop an exception report which will go to the section supervisor whenever duplicates are noted. IV. Require social workers be rotated among recipients. Which of the following control combinations would effectively address the auditor's concerns and improve control over valid recipients? a. I, II, III, and IV. b. I, II, and III. c. I and IV. d. I, III, and IV.
d. I, III, and IV.
44. The auditor needs to determine the scope of the proposed audit of insurance coverage by the company. Which of the following statements are correct regarding the potential scope of the audit? I. Since it is an internal audit, the audit department should concentrate on processing that occurs within the company and not on auditing the correctness of transaction processing by the health care processor. II. The auditor should interview management prior to beginning the audit to understand (1) its concerns and (2) the underlying assumptions made and rationale used when making the self-insurance decision. Ill. The auditor should consider engaging an actuarial consultant to better understand the risks involved in order to help determine the scope of the audit. a. I only. b. II only. c. I and II. d. II and III.
d. II and III.
49. An auditor has taken an attribute sample of a bank's existing loan portfolio. Out of a sample of 60 loans, the auditor finds: * Four that were not properly collateralized, * Five that are not in compliance with bank policies (other than lack of collateralization), and * Four that were part of a related-party group, but were set up as separate loan entities. Of the 60 loans selected in the sample, these errors were noted on a total of 10 loans. Several loans had multiple problems. Which of the following conclusions can the auditor reach from these findings? I. There is sufficient evidence that fraudulent activity is taking place by one or more of the bank's lending officers. II. The financial statements will be misstated as a result of these actions. III. There are significant non-compliance audit findings that should be reported. a. I and II. b. I and III. c. II and III. d. III only.
d. III only.
25. Several members of senior management have questioned whether the internal audit department should report to the newly-established, quality audit function as part of the total quality management process within the company. The director of internal auditing has reviewed the quality standards and the programs that the quality audit manager has proposed. The director's response to senior management should include: a. Changing the applicable standards for internal auditing within the company to provide compliance with quality audit standards. b. Changing the qualification requirements for new staff members to include quality audit experience. c. Estimating departmental cost savings from eliminating the internal auditing function. d. Identifying appropriate liaison activities with the quality audit function to ensure coordination of audit schedules and overall audit responsibilities.
d. Identifying appropriate liaison activities with the quality audit function to ensure coordination of audit schedules and overall audit responsibilities.
33. The auditor wishes to determine that the program is correctly approving items for payment only when the purchase order, receiving report, and vendor invoice match within the tolerable 0.5 percent. Assume all the following suggested audit procedures would have been implemented to function over the proper time period. Which of the following computerized audit procedures would provide the most persuasive evidence as to the correct operation of the program? a. Using generalized audit software to take a random sample of purchase orders and tracing the selected items to the vendor invoice and receiving document. b. Using a test data approach at year-end by submitting mock purchase orders, vendor invoices, and receiving quantities. c. Implementing a Systems Control and Audit Review File (SCARF) audit technique which will automatically select all transactions which the purchase order exceeds a specific dollar limit. d. Implementing an integrated test facility with auditor-submitted test items throughout period under analysis.
d. Implementing an integrated test facility with auditor-submitted test items throughout period under analysis.
46. Given the current dispute with an auditee regarding audit scope, which of the following internal auditing actions are not appropriate? a. Meet with the board to obtain approval of the audit charter to mitigate the existence of this problem and similar problems that may occur in the future. b. Report the dispute, if it remains unresolved, to the board. c. Review the approved work plan with the CEO and controller and ask for immediate guidance in dealing with the auditee. d. Indicate the auditee that if the resistance continues, the auditing department will not be available to perform cost/benefit audits for the department in the future.
d. Indicate the auditee that if the resistance continues, the auditing department will not be available to perform cost/benefit audits for the department in the future.
63. Assume that subsequent investigation shows that previously issued financial statements were materially misstated due to the improper recognition of sales. The auditor's next step should be to: a. Immediately inform the external auditor and the divisional manager. b. Inform divisional management as a preliminary finding, but wait until a formal audit report is issued to inform the audit committee. c. Inform the external auditor, senior management, the board, and the audit committee. d. Inform senior management, the board, and the audit committee.
d. Inform senior management, the board, and the audit committee.
57. Which one of the following input controls or edit checks would catch certain types of errors within the payment amount field of a transaction? a. Record count. b. Echo check. c. Check digit. d. Limit check.
d. Limit check.
15. One manager has suggested that the audit teams jointly examine the corporate culture and the "tone at the top" to identify control risks associated with the proposed merger. Which of the following statements is correct? a. The corporate culture is not a part of the control environment and thus should not be considered for a proposed audit. b. Although the corporate culture could be considered part of the control environment, the assessment of such an environment would be highly subjective, and thus not useful. c. Differences in the corporate culture should be systematically identified since the differences may present major risks to the success of the merger. However, identifying differences is not an appropriate audit activity because it is political and subjective. d. None of the above.
d. None of the above.
67. Which of the following actions should the director take? a. Schedule audits to review the inventory costing systems at all locations after year end. b. Recall all copies of the draft audit report sent out for management review and response. c. Tell the representatives of senior management that distorting financial reports is not acceptable. d. Offer to review the basis for the conclusion about the inventory valuation at all locations.
d. Offer to review the basis for the conclusion about the inventory valuation at all locations.
11. Management has centralized purchasing and uses a model based upon previous year's sales with adjustments for trends in the marketplace, e.g., the trend to more casual shoes. A staff auditor has suggested that the centralized purchasing may be one of the reasons for the lower level of profitability in the Mid-Central Region. Which of the following would be the best single audit procedure to address the staff auditor's assertion? a. Take a sample of receiving documents at stores and trace to purchase orders to determine the length of time between the purchase and delivery of the goods. b. Interview store managers in the Mid-Central Region to determine their attitude toward centralized purchasing. c. Perform an inventory count at selected stores in the Mid-Central Region and determine if adjustments are needed to the perpetual records. d. Perform a product-line analysis of sales and purchases in the Mid-Central Region and compare with other regions.
d. Perform a product-line analysis of sales and purchases in the Mid-Central Region and compare with other regions.
40. A production manager for a moderate-sized manufacturing company began ordering excessive raw materials and had them delivered to a wholesale company that the manager was running as a side business. The manager falsified receiving documents and approved the invoices for payment. Which of the following audit procedures would most likely detect this fraud? a. Take a sample of cash disbursements; compare purchase orders, receiving reports, invoices, and check copies. b. Take a sample of cash disbursements and confirm the amount purchased, purchase price, and date of shipment with the vendors. c. Observe the receiving dock and count materials received; compare the counts to receiving reports completed by receiving personnel. d. Perform analytical tests, comparing production, materials purchased, and raw materials inventory levels; investigate differences.
d. Perform analytical tests, comparing production, materials purchased, and raw materials inventory levels; investigate differences.
27. A potential problem facing many nonprofit organizations is public skepticism over the use of funds. For example, there have been instances in which funds were used to support a lavish lifestyle of the organization's president or used to support political causes rather than actual research. Which of the following would be the least effective control procedure to address these concerns? a. Periodic presentation of audited financial statements for review by the public and major donors. b. Board of directors' review and approval required for all expenditures in excess of a specified dollar amount. c. Periodic internal audit of expenditures to determine compliance with stated objectives, with the results reported to the audit committee. d. Periodic payroll audits by the internal auditor to determine compliance with authorized pay rates.
d. Periodic payroll audits by the internal auditor to determine compliance with authorized pay rates.
41. A significant part of the auditor's working papers will be the conclusions reached by the auditor regarding the audit area. In some situations, the supervisor might not agree with the conclusions and will ask the staff auditor to perform more work. Assume that after subsequent work is performed, the staff auditor and the supervisor continue to disagree on the conclusions documented in the working paper developed by the staff auditor. Which of the following audit department responses would not be appropriate? a. Both the staff auditor and the supervisor document their reasons for reaching different conclusions. Retain the rationale of both parties in the working papers. b. Note the disagreement and retain the notice of disagreement and follow-up work in the audit working papers. c. Present both conclusions to the director of internal auditing for resolution. The director may resolve the matter. d. Present both conclusions in the audit report and let management and the auditee react to both.
d. Present both conclusions in the audit report and let management and the auditee react to both.
18. The two organizations agree to share data on store operations. The data reveal that three stores in company A are characterized by: • significantly lower gross margins, • higher-than-average sales volume, and • higher levels of employee bonuses. The three stores are part of a set of six that are managed by a relatively new section manager. In addition, the store managers of the three stores are also relatively new. The most likely cause of the observed data is: a. The relative inexperience of the store managers. b. Problems with employee training and employee ability to meet customer needs. c. Fraudulent activity whereby goods are taken from the stores, thus resulting in the lower gross margins. d. Promotional activities that offer large discounts coupled with the payment of commissions to employees who reach targeted sales goals.
d. Promotional activities that offer large discounts coupled with the payment of commissions to employees who reach targeted sales goals.
54. Which one of the following is least likely to be recommended by the auditor when an EDI/EFT system is being designed? a. The identity of the individual approving an electronic document should be stored as a data field. b. Disaster recovery plans should be established. c. Data security procedures should be written to prevent changes to data by unauthorized individuals. d. Remote access to electronic data should be denied.
d. Remote access to electronic data should be denied.
34. During an examination of grants awarded, the auditor discovered a number of grants made without the approval of the grant authorization committee (which includes outside representatives), as required by the organization's charter. All the grants, however, were approved and documented by the president. The chairperson of the grant authorization committee, who is also a member of the board of directors, proposes that the committee meet and retroactively approve all the grants before the audit report is issued. If the committee meets and approves the grants before the issuance of the audit report, the auditor should: a. Not report the grants in question because they were approved before the issuance of the audit report. b. Discuss the matter with the chairperson of the grant committee to determine the rationale for not approving the grants earlier. If they are routine grants, then omit discussion in the audit report. c. Include the items in the report as a breakdown of the organization's controls. Detail the nature of each grant and investigate further for fraud. d. Report the breakdown in control structure to the audit committee.
d. Report the breakdown in control structure to the audit committee.
43. A director of internal auditing uncovers a significant fraudulent activity which clearly involves the executive vice president to whom the director reports. Which of the following best describes how the director should proceed? a. Carry out an examination for the purpose of determining the extent of the fraud. b. Interview the executive vice president to obtain essential evidence. c. Notify regulatory authorities and police. d. Report the facts to the chief executive officer and the audit committee of the board of directors.
d. Report the facts to the chief executive officer and the audit committee of the board of directors.
3. An internal auditor is auditing a division's accounts and is concerned that the division's management may have shipped poor quality merchandise in order to boost sales and profitability for the year and thereby boost the division manager's bonus. Furthermore, the auditor suspects that returned goods are being shipped to other customers as new products without defects being fully corrected. Which of the following audit procedures would be the least effective in determining whether such shipments took place? a. Examine credit memos issued after year end for goods shipped before year end. b. Physically observe the shipping and receiving area for evidence of returned goods. c. Interview customer service representatives regarding unusual amounts of customer complaints. d. Require the division to take a complete physical inventory at year end, and observe the taking of the inventory.
d. Require the division to take a complete physical inventory at year end, and observe the taking of the inventory.
46. If the auditor decides there are significant problems with the standard cost system, the next audit step to perform would be to: a. Interview divisional management to determine why the standard cost system has not been updated on a timely basis. b. Select a random sample of products and review the standard cost buildup by tracing purchases to the standard cost record. c. Use generalized audit software to prepare a listing of gross margin by product by comparing standard cost with sales price. Select all high gross margin items for further investigation. d. Schedule all variances and determine their source and their disposition, i.e., whether they are allocated to inventory or cost of goods sold.
d. Schedule all variances and determine their source and their disposition, i.e., whether they are allocated to inventory or cost of goods sold.
11. The auditor wishes to test the assertion that all claims paid by a medical insurance company contain proper authorization and documentation, including but not limited to the validity of the claim from an approved physician and an indication that the claim complies with the claimant's policy. The most appropriate audit procedure would be to: a. Select a random statistical sample of all policyholders and examine all claims for the sampled items during the year to determine if they were handled properly. b. Select a sample of claims filed and trace to documentary evidence of authorization and other supporting documentation. c. Select a sample of claims denied and determine that all claims denied were appropriate. The claims denied file is much smaller and the auditor can obtain greater coverage with the sample size. d. Select a sample of paid claims from the claims (cash) disbursement file and trace to documentary evidence of authorization and other supporting documentation.
d. Select a sample of paid claims from the claims (cash) disbursement file and trace to documentary evidence of authorization and other supporting documentation.
21. A company uses a local area network (LAN) with one client server. The auditor wishes to determine whether LAN users are complying with company policies related to the documentation of applications developed by end users and shared by other users on the LAN. The most appropriate audit procedure would be to: a. Send a questionnaire to end users to determine the extent to which they have developed end-user applications for the LAN. b. Send a survey to end users to test their knowledge of required application documentation. c. Take a random sample of end users and examine all applications stored on their computers for compliance with existing policies. d. Take a random sample of end-user applications stored on the server and examine the applications for compliance with company policies.
d. Take a random sample of end-user applications stored on the server and examine the applications for compliance with company policies.
36. The auditor is concerned whether all the debits to the computer security expense account are appropriate expenditures. The most appropriate audit procedure would be to: a. Take an attribute sample of computing invoices and determine whether all invoices are properly classified. b. Perform an analytical review comparing the amount of expenditures incurred this year with the amounts incurred on a trend line for the past five years. c. Take an attribute sample of employee wage expenses incurred by the out-sourcing company and trace to the proper account classification. d. Take a sample of all debits to the account and investigate by examining source documents to determine the nature and authority of the expenditure.
d. Take a sample of all debits to the account and investigate by examining source documents to determine the nature and authority of the expenditure.
37. An internal auditor is assigned to conduct an audit of security of a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in the decisions. In determining the scope of the audit, which of the following items should be considered outside the scope of the security audit? a. Investigation of the physical security over access to the components of the LAN. b. The ability of the LAN application to identify data items at the field or record level and implement user access security at that level. c. Interviews with users to determine their assessment of the level of security in the system and the vulnerability of the system to compromise. d. The level of security of other LANS in the company which also utilize sensitive data.
d. The level of security of other LANS in the company which also utilize sensitive data.
21. The auditor is interested in the increase in net income for the year and investigates the cost of materials assigned to home production during the year and compares it to changes in the building materials price index. The auditor finds that building material costs are significantly less than what would habe been predicted by the change in the building materials price index. Which of the following would be the least likely explanation of this preliminary finding? a. The organization has overstated end of year inventory of building materials. b. Workers take materials from central stores without recording the issue. c. The organization has been more efficient in its use of building materials during the year. d. The organization had overstated its beginning of the year inventory, but the amounts were corrected when the new subsidiary was acquired during the year.
d. The organization had overstated its beginning of the year inventory, but the amounts were corrected when the new subsidiary was acquired during the year.
64. An internal audit director for a large manufacturing company is considering revising the department's audit charter with respect to the minimum educational and experience qualifications required. The audit director wants to require all staff auditors to possess specialized training in accounting and a professional auditing certification such as the Certified Internal Auditor (CIA) or the Chartered Accountant (CA). One of the disadvantages of imposing this requirement would be: a. The policy might negatively affect the department's ability to perform quality examinations of the company's financial and accounting systems. b. The policy would not promote the professionalism of the department. c. The policy would prevent the department from using outside consultants when the department did not have the skills and knowledge required in certain audit situations. d. The policy could limit the range of activities which could be audited by the department due to the department's narrow expertise and backgrounds.
d. The policy could limit the range of activities which could be audited by the department due to the department's narrow expertise and backgrounds.
50. Auditors have been advised to look at "red flags" to determine whether management is involved in a fraud. Which of the following does not represent a difficulty in using the "red flags" as fraud indicators? a. Many common red flags are also associated with situations where no fraud exists. b. Some red flags are difficult to quantify or to evaluate. c. Red flag information is not gathered as a normal part of an audit engagement. d. The red flags literature is not well enough established to have a positive impact on auditing.
d. The red flags literature is not well enough established to have a positive impact on auditing.
69. An inexperienced internal auditor notified the senior auditor of a significant variance from the auditee's budget. The senior told the new auditor not to worry as the senior had heard that there had been an unauthorized work stoppage that probably accounted for the difference. Which of the following statements is most appropriate? a. The new auditor should have investigated the matter fully and not bothered the senior. b. The senior used proper judgment in curtailing what could have been a wasteful investigation. c. The senior should have halted the audit until the variance was fully explained. d. The senior should have aided the new auditor in formulating a plan for accumulating appropriate evidence.
d. The senior should have aided the new auditor in formulating a plan for accumulating appropriate evidence.
12. A control deficiency associated with the above scenario is: a. The store manager can require items to be closed out, thus affecting the potential performance evaluation of individual product managers. b. The product manager negotiates the purchase price and sets the selling price. c. Evaluating product managers by total gross profit generated by product line will lead to dysfunctional behavior. d. There is no receiving function located at individual stores.
d. There is no receiving function located at individual stores.
3. To address management's concern that a division might not be adequately investing short-term funds, management has developed a model that estimates minimum daily cash balances for each division. To determine whether a specific division is failing to maximize its invested cash, management should implement a control procedure that compares: a. Interest income per division with industry averages for similar companies. b. Interest income for each division with the other three divisions. c. Daily cash receipts and interest income across divisions to identify any division with a variance of 5 percent or more. d. Total daily cash balances at each division and interest income based on its model of minimum cash balances.
d. Total daily cash balances at each division and interest income based on its model of minimum cash balances.
11. An auditor becomes concerned that fraud, in the form of payments to bogus companies, may exist. Buyers, who are responsible for all purchases for specific product lines, are able to approve expenditures up to $50,000 without any other approval. Which of the following audit procedures would be most effective in addressing the auditor's concerns? a. Use generalized audit software to list all purchases over $50,000 to determine whether they were properly approved. b. Develop a "snapshot" technique to trace all transactions by suspected buyers. c. Use generalized audit software to take a random sample of all expenditures under $50,000 to determine whether they were properly approved. d. Use generalized audit software to list all major vendors by product line; select a sample of paid invoices to new vendors and examine evidence which shows that services or goods were received.
d. Use generalized audit software to list all major vendors by product line; select a sample of paid invoices to new vendors and examine evidence which shows that services or goods were received.
30. The auditor wants to determine the extent to which items are not matched at year-end and investigate the potential cause of the non-matching items. Which one of the following audit procedures would be most effective in determining the items to investigate? a. Submit test data to identify attributes of non-matching items. Follow up by investigating the attributes identified. b. Use generalized audit software to read the purchase order file for the year. Select a statistical sample of purchase orders and trace to applicable receiving and vendor invoice files. c. Use SCARF to identify unusual items. Take an attribute sample and trace to the underlying paper documents. d. Use generalized audit software to read the electronically marked unmatched items.
d. Use generalized audit software to read the electronically marked unmatched items.
35. In order to test whether data currently within the automated system are correct, the auditor should: a. Use test data and determine whether all the data entered are captured correctly in the updated database. b. Take a sample of data to be entered for a few days and trace the data to the updated database to determine the correctness of the updates. c. Use generalized audit software to provide a print-out of all employees with invalid job descriptions. Investigate the causes f of the problems. d. Use generalized audit software to select a sample of employees from the database, and verify the data fields.
d. Use generalized audit software to select a sample of employees from the database, and verify the data fields.
17. The director of internal auditing set up a computerized spreadsheet to facilitate the risk assessment process involving a number of different divisions in the organization. The spreadsheet included the following factors: • pressure on divisional management to meet profit goals, • complexity of operations, • competence of divisional personnel, • the dollar amount of subjectively influenced accounts in the division, such as accounts where management's judgment can affect the expense. Example: post-retirement benefits. The director used a group meeting of audit managers to reach a consensus on the competence of divisional personnel. Other factors were assessed as high, medium, or low by either the director or an audit manager who had audited the division. The director assigned a weight ranging from 0.5 to 1.0 to each factor, and then computed a composite risk score. Which of the following statements is correct regarding the risk assessment process? a. The risk analysis would not be appropriate because it mixes both quantitative and qualitative factors, thereby making expected values calculation impossible. b. Assessing factors at discrete levels such as high, medium, and low is inappropriate for the risk assessment process because the ratings are not quantifiable. c. The weighting is subjective and should have been determined through a process such as multiple regression analysis. d. Using a subjective group consensus to assess personnel competence is appropriate.
d. Using a subjective group consensus to assess personnel competence is appropriate.
69. Which of these statements should be in the effect section of the finding? a. II only. b. III only. c. V only. d. VI only.
d. VI only