CIA Test #1

Ace your homework & exams now with Quizwiz!

what is most used to supplement an internal quality assessment review?

CAE reviews feedback from engagement clients

the CAE suspects fraud by senior management. who should be notified?

Chairperson of the audit committee

A quality assurance and improvement program should be developed by the organization's ________.

Chief Audit Executive

Coordination of internal auditing can reduce the overall costs. Who is responsible for actual coordination of internal and external audit efforts?

Chief Audit Executive

Internal Quality Assessment Reviews primarily serve the needs of which individual or group?

Chief Audit Executive

Auditors regularly evaluate controls and control procedures. Which describes the concept of control as recognized by internal auditors?

Control procedures should be designed from the "bottom up" to ensure attention to detail.

In beginning an engagement, an internal auditor reviews written procedures that detail segregations of responsibility adopted by management to strengthen internal controls. these written procedures are what attribute?

Criteria

according to the standards, audit findings are the result of

comparing what should be with what is and analyzing the impact

what standard of evidence is satisfied by an original signed document?

competence

When determining the number and experience level of an internal audit staff to be assigned to an engagement, the CAE should consider

complexity of the engagement, available internal audit activity resources, training needs of the internal auditors,

What are the objectives of the COSO risk model?

compliance, financial, operational and strategic

under the IIA code of ethics, an entity that provides internal auditing services is specifically required to

comply with the standards for the professional practice of internal auditing

the most appropriate use of an oral engagement communication is to communicate

conditions that demand immediate action

According to the standards, due professional care call for

consideration of the possibility of material irregularities during every audit assignment

the director of internal auditing is responsible for establishing a program to develop the human resources of the internal auditing department. According to the standards, this program should include

continuing education opportunities and performance appraisals

which component of the COSO model is the most important?

control environment

to be sufficient, audit evidence should be

convincing enough for a prudent person to reach the same conclusion as the auditor

What attributes should observations and recommendations be based on?

criteria, condition, cause and effect

Formal internal assessments can be supplemented by

customer feedback

an annual summary activity report of completed engagement work submitted to senior management and the board by the CAE should

describe the extent to which the internal audit activity has completed its engagement work schedule

According to the standards, the normal course of work for an internal audit is to

provide independent appraisal; provide examination; provide consulting activities as a service to the organization

recommendations should be included in audit reports to

provide management with options for addressing audit findings

the primary purpose of a quality program is to

provide reasonable assurance that internal auditing work conforms with the standards, code of ethics, and other applicable standards

what are the minimum requirements for an engagement final communication?

purpose of the engagement; engagement scope; results of the engagement

what should be included in the final communication?

purpose, scope and results

what are elements of the coordination process with the external auditor?

quality assessment review

the cause can best be described as

reason for the difference between the expected and actual conditions

the primary reason for having written normal audit reports is to

record findings and recommended courses of action

Management can best strengthen internal control over the custody of inventory stored in an off-site warehouse by implementing

regular reconciliation of physical inventories to accounting records

When faced with an imposed scope limitation, the CAE should

communicate the potential side effects of the scope limitation to the audit committee of the board of directors

According to the Standards, an internal auditing department's activity report should

compare audits completed with audits planned

TRUE OR FALSE. Engagement working papers are the property of internal audit

FALSE.

True or False. External auditors must assess the competence and objectivity of internal auditors.

FALSE.

Breaches of the Code of Ethics will be evaluated and administered according to the

Institute's Bylaws and Administrative Guidelines

The Code of Ethics applies to who?

Internal Audit Individuals and Entities

Internal auditing is a dynamic profession. What describes the scope of internal audit as it is developed to date?

Internal auditing has evolved to evaluating all risk management, control and governance systems.

Internal auditors regularly evaluate controls. What describes the concept of control as recognized by internal auditors?

Management takes action to enhance the likelihood that established goals and objectives will be achieved.

According to the standards, the internal audit activity's goals should specify

Measurement criteria and target dates for completion

In assessing the independence and objectivity of the outside service provider, what should be considered by the CAE?

Other services provided by the outside service provider; financial interests in the organization; personal or professional affiliation within the organization

The Code of Ethics includes what two essential components?

Principles and Rules

What would cause an internal auditor to question the adequacy of internal controls in a purchasing function?

Receiving reports are forwarded to purchasing where they are matched to purchase orders and sent to accounts payable

While planning an engagement, an internal auditor established engagement objectives to describe what is to be accomplished. What is a key issue in developing engagement objectives?

Risks associated with the activities to be reviewed.

TRUE OR FALSE. Engagement procedures should be selected in advance and expanded or altered as warranted.

TRUE

TRUE OR FALSE. Engagement proceeds are the mains to attain engagement objectives.

TRUE

TRUE OR FALSE. The charter should be consistent with the standards and approved by the board.

TRUE.

A charter is being drafted for a newly formed internal audit activity. What describes the most appropriate organizational status that should be incorporated into the charter?

The CAE should report functionally to board of directors and administratively to the CEO.

In determining the resources necessary to perform the engagement, what is important?

The number and experience level of the internal audit staff; knowledge, skills and other competencies of the internal audit staff; consideration of the use of external resources; training needs of internal auditors since each engagement serves as a basis for meeting development needs of the internal audit activity

What are the four elements necessary to protect attorney-client privilege?

a communication; a communication between privileged persons; a communication made in confidence; communication for the purpose of seeking, obtaining or providing legal assistance for the client

According to the standards, the CAE should report to

a level within the organization that allows the internal audit activity to accomplish its responsibility

an internal auditor's responsibility regarding control over audit working papers is best typified by

a posture of restricting access to only those who have legitimate power.

describe a preliminary survey?

a process used to become familiar with activities and risks in order to identify areas for engagement emphasis

what is appropriate evidence of supervisor review of engagement working papers?

a supervisor's initials on each working paper; an engagement working paper review checklist; a memorandum specifying the nature, extent and results of the supervisory review of working papers

An element of authority that should be included in the charter of the internal audit activity is

access to records, personnel and physical properties relevant to the performance of the engagements

what are the attributes of communication?

accurate, objective, clear, concise, constructive, complete and timely

In planning the engagement, internal auditors should consider

activity objectives; significant risks to the activity; adequacy and effectiveness of control systems; opportunities for making significant improvement

what structure best depicts the internal audit organizational guidelines contained in the standards?

administratively to the CEO, functionally to the board of directors

Objectivity for internal auditors is achieved through

an independent mental attitude while performing the audit

According to the Standards, a report issued by an internal auditor should contain an expression of opinion when

an opinion will improve communications with the reader of the report

Internal audit "Practice Advisories"

are non-mandatory

the internal auditor's role in follow-up is to

ascertain that appropriate action is taken on reported audit findings

During the risk management process, if requested by management or the audit committee, it is the auditor's responsibility to formulate an opinion on whether the organization's risk management process is sufficient to protect the organization's

assets, reputations, ongoing operations

when should a signed report be issued?

at the conclusion of an engagement

Coordination activities between internal auditors and external auditors include

audit coverage; access to audit programs; access to working papers; exchange of audit reports; exchange of management letters; common understanding of audit terminology

due professional care requires that the auditor's opinions be

based on sufficient factual evidence that warrants the expression of opinions

Due professional care requires that the internal auditor

be alert to conditions where irregularities may occur

According to the Code of Ethics, principles are ______ than rules.

broader

internal auditing has a responsibility for helping to deter fraud. how is this responsibility generally met?

by evaluating the adequacy and effectiveness of controls in light of the potential exposure to risk

the standards require the performance of periodic internal reviews by members of the internal auditing staff. the function is designed primarily to serve the needs of the

chief audit executive

what is related to the follow up process?

determination that corrective action was taken; determine sufficiency of actions taken on external audit recommendations; determine if senior management has accepted the risk of not taking action; ascertain actions taken on engagement observatiosn

the primary purpose of an internal auditing supervisor's review of working papers is to

determine that audit findings are adequately supported

when actions have not been taken by management on reported engagement observations, conclusions and recommendations, the internal auditor should

determine whether management or the board has assumed the risk for not taking corrective action

the internal auditor's responsibility for the prevention of fraud includes

determining if the organizational environment fosters control consciousness; being aware of activities in which fraud is likely to occur; evaluating the effectiveness of actions taken by management to deter fraud

supervision of an internal audit engagement should include

determining that engagement working papers adequately support engagement observations

If there is fraud in the marketing department, what is in the scope of the auditor's responsibility?

determining the effects of the wrongdoing; discussing the wrongdoing with the appropriate level of management; including the wrongdoing in a report that will go to the audit committee

If the CAE believes that the residual risks that management has accepted is too high, what is the best course of action for the CAE?

discuss the issue with management and report to board if not resolved

Internal auditing work papers should be

disposed of in accordance with departmental policy

records of transactions would be classified as what type of audit evidence?

documentary audit evidence

Standardized working papers are often used because they allow working papers to be prepared more

efficiently

Directors, management, external auditors, and internal auditors all play important roles in creating proper control processes. Senior management is primarily responsible for

establishing and maintaining an organizational culture

According to the standards, audit planning should be documented and the planning process should include

establishing audit objectives and scope of work; obtaining background information about the activities to be audited; determining how, when, and to whome the audit will be communicated

Field work is a systematic process of objectivity gather informations about an entity's operations, evaluating it, and determining whether those operations meet acceptable standards. What is part of the work performed during field work?

expanding or altering engagement proceeds if circumstances warrant; applying the engagement work program to accomplish engagement objectives; creating working papers that document the engagement

To properly evaluate the operations of an internal auditing department, a quality assurance program should include

external reviews at least once every five years by qualified persons who are independent of the organization

what are advantages of issuing an interim report?

final report writing time can be minimized; an interim report allows information requiring immediate attention to be communicated; an interim report can be conducted on an informal basis and may be communicated only verbally

which elements of the COSO risk model are controllable?

financial and compliance

the primary objective of standardized working papers is

for efficiency

what factors are generally associated with management fraud?

generous performance based reward systems; a domineering management; a management preoccupation with increased financial performance

internal auditors have a responsibility to exercise "due professional care" with respect to fraud detection. This includes

having sufficient knowledge of fraud to identify the indicators that fraud may have been committed; being alert to opportunities that could allow fraud; evaluating the need for additional investigation

Once the internal auditor becomes reasonably certain that a defalcation is taking place, what should the auditor do next?

immediately report the matter to the appropriate level of management

exit conferences serve to ensure the accuracy f the information used by an internal auditor. A secondary benefit is to

improve relations with auditees

A preliminary report is issued following the detection phase of a fraud investigation. such a report should

include the internal auditor's conclusion as to whether sufficient information exists to conduct an investigation

According to the IIA, internal auditors should abide by and uphold what standards?

integrity, confidentiality, objectivity, competency

The principles of the code of ethics include

integrity, objectivity, confidentiality and competency

The Code of Ethics Principles include

integrity, objectivity, confidentiality, and competency

All internal auditors should be proficient with respect to

internal auditing procedures and techniques

the standards require that the CAE establish and maintain a quality assurance program to evaluate the operations of the internal auditing department. ______ are elements of a quality assurance program

internal reviews of audit work; supervision of audit work; external reviews to assess compliance with the standards

what are examples of detrimental fraud?

kickbacks by purchasing; false claims by vendors; embezzlement

A retention policy for working papers would be devised after consultation with

legal counsel

after completing an investigation, internal auditing has concluded that an employee has stolen a material amount of cash receipts. a draft of the proposed report on this find should be reviewed by

legal counsel

According to the practice advisory, internal auditors are responsible for continuing their education in order to

maintain their proficiency

The purpose of the internal audit's evaluation of the effectiveness of existing risk management processes is to determine that

management directs processes so as to provide reasonable assurance of achieving objectives and goals

When assessing the competency of the outside service provider, what is considered by the CAE?

professional membership, reputation, experience, education and training

the best descriptions of the principle purpose for retaining working papers is to

provide a support for the audit review

the purpose of the exit conference is to

meet with the customer to discuss the audit draft report to ensure that there has been no misunderstanding or misinterpretation of the facts

according to the standards, audit workpapers should be reviewed to ensure that

no issues are open at the conclusion of fieldwork

when an internal auditor identifies multiple factors that have been linked with possible fraudulent conditions and suspects that fraud has taken place, the auditor should

notify the appropriate authorities within the company and recommend an investigation

what is the appropriate content of working papers?

objectives, procedures, facts, conclusions and recommendations

According to the standards, internal assessment should include

ongoing review of the performance of the internal audit activity

Prior to issuing a final communication on a fraud investigation, the internal auditor should submit a proposed draft for review by the

organization's legal counsel

The CAE should develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity and continuously monitors its effectiveness. _______ are included in a quality program

periodic internal assessment; supervision; periodic external assessment

after an internal auditor writes a report describing deficiency findings, the next step is to review the report in draft form with the

personnel responsible for the operations under audit.

Analytical audit procedures would be most useful in which phase of the audit process?

planning

the most appropriate use of analytics would be in

planning

What should working papers document?

planning, risk assessment, evaluation of the adequacy and effectiveness of internal control

What areas should the internal auditor should evaluate to determine the effectiveness of the ethical culture?

positive personnel practices; reference and background checks; regular surveys of employees, suppliers and customers; clear delegation of responsibilities

to comply with the proficiency standard, the internal auditing department must

possess or obtain the knowledge, skills and other competencies needed to perform all or part of the engagement

which element of the professional practices framework is not mandatory?

practice advisories

the best control over the work on which audit opinions is

supervisory review of all audit work

According to the Implementation Standards based on the results of the risk assessment, internal auditors should evaluate internal controls regarding the:

reliability and integrity of financial and operational information; effectiveness and efficiency of operations; safeguarding of assets; compliance with laws, regulations, and contracts

oral reports on significant matters

require the same level of factual support as written reports; can be used when timeliness is a factor; need careful organization; can still make use of visual data

Review notes in working papers should be

retained or discarded as appropriate

one purpose of the exit conference is for the internal auditor to

review and verify the appropriateness of audit report based up auditee input

What should be included as part of the supervision?

review of planning, examination, evaluation, communication and follow-up phases of the audit; staff training, development, performance evaluation and expense control; approval of the audit program; ensuring that engagement objectives are met

According to the standards, the board and the management should receive periodic reports of the results of risk management processes. The corporate processes of the organization should provide communications relative to

risks, risk strategies, and controls

a working paper is complete when it

satisfies the audit objective for which it is developed

when determined the retention period for the working papers of a contract engagement, it is best to

seek the assistance of the legal department to assure compliance with contract provisions

one of the primary roles of an engagement work program is to

serve as a tool for planning and conducting engagement work

the proper organizational role of internal auditing is to

serve as an independent, objective assurance and consulting activity that adds value to operations

Internal auditors may provide consulting services that add value and improve an organization's operations. The performance of these services

should be consistent with the internal audit activity's empowerment reflected in the charter

According to the standards, the organizational status of the internal auditing department

should be sufficient to permit the accomplishment of its audit responsibilities

the organizational status of the internal audit activity

should be sufficient to permit the accomplishment of its responsibilities

what is the most appropriate method of reporting disagreement between the internal auditor and the engagement client concerning engagement observations and recommendation?

state both positions and identify the reasons for the disagreement

What are the attributes of information to be gathered?

sufficient, competent, relevant and useful

internal auditors should gather information that is

sufficient, competent, relevant, and useful

final engagement communications should be distributed to those members of the organization whoa re able to ensure that engagement results are given due consideration. for higher level members of the organization, that requirement can usually be satisfied with

summary reports

What is the most fundamental element of a quality assessment program?

supervision

the most fundamental element of a quality assessment program is

supervision

A quality assessment program includes ________.

supervision, internal assessments, and external assessments

the primary objective in the preparation of working papers is to

support the audit report

According to the standards, a written report should be issued after an audit examination is complete. The report should be approved by

the CAE or designee

the person responsible for engagement communication distribution should be

the CAE or designee

Independence of the internal auditing department could be compromised if

the CAE reports directly to the head of the accounting division

Risk assessment is a systematic process for assessing and integrating professional judgements about probable adverse conditions or events. What is the appropriate action for the CAE to take?

the CAE should generally assign engagement priorities to activities with higher risks

The work program should be approved in writing by the CAE or designee prior to

the commencement of audit work and any adjustments approved promptly

internal auditing is responsible for reporting fraud to senior management or the board when

the incidence of fraud is of material amount and has been established for reasonable certainty

The external quality assessment report should be addressed to

the individual who requests the assessment

the internal auditor prepares working papers primarily for the benefit of

the internal auditing department

What is the responsibility of the internal auditor with respect to fraud?

the internal auditor should have sufficient knowledge to identify the indicators of fraud but is not expected to be expert

In planning an engagement, internal auditors should consider

the objectives of the activity being reviewed and the means by which activity controls performance; the adequacy and effectiveness of the activity's risk management and control systems compared to a relevant control framework model

Describe criteria.

the standard of performance, or what should be

Recommendations in engagement communications, may or may not, actually be implemented. Internal auditing's role in follow-up is

they should follow up to ascertain that appropriate action is taken on engagement recommendations

the purpose of the internal audit activity

to add value and improve an organization's operations

What is the most appropriate use of an oral audit report?

to communicate conditions that demand immediate action before a written report can be prepared

what are primary objectives of a closing/exit conference?

to resolve conflicts; to discuss the engagement observations and recommendations; to identify management's actions and responses to the engagement observations and recommendations

when reviewing working papers, an internal auditing supervisor will primarily be concerned with determining whether the

working papers adequately support the engagement observations, conclusions and recommendations


Related study sets

Chapter 8 - Portable Fire Extinguishers

View Set

BIOCHEM I MCAT SELF PREP plus KA notes from Biochem passages

View Set

NCLEX - Penicillins and Cephalosporins

View Set