Internal Auditing Test 1
Which method of evaluating internal controls during the preliminary survey provides the internal auditor with the best visual grasp of a system and a means for analyzing complex operations?
A flowcharting approach
The purpose, authority, and responsibility of the internal audit activity are formally defined in
A formal, written charter
Which of the following actions could be constructed as a violation of The IIA's Code of Ethics?
Failing to report to management information that would be material to management's judgement
Under the COSO's ERM framework, which of the following most accurately describes risk management responsibilities?
In practice, management has primary responsibility
What action does The IIA's Code of Ethics suggest for an internal auditor in such a case?
Inform appropriate organizational officials
The most appropriate way for the CAE to deal with this problem is to
Inform the IIA's Board of Directors and take the personnel action required by organizational policy
According to The IIA Code of Ethics, which of the following are four principles relevant to the professional care that internal auditors should apply in their practice of internal auditing?
Integrity, objectivity, confidentiality, and competency
The initiation of the purchase of materials and supplies would be the responsibility of the
Inventory control department
Enterprise risk management
Involves the identification of events with negative impacts on organizational objectives
Which of the following describes a control weakness?
Purchasing procedures are well designed and are followed unless otherwise directed by the purchasing supervisor
Which of the following is a factor affecting risk?
Rapid growth New personnel New or revamped information systems All of the answers are correct
Which of the following is most likely to be considered an indication of possible fraud?
Rapid turnover of the organization's financial executives
If internal control is well designed, two tasks that should be performed by different persons are
Recording of cash receipts and preparation of bank reconciliations
Which of the following factors have generally NOT been associated with management fraud?
Regular comparison of actual results with budgets
If the committee meets and approves the grants before such issuance, the internal auditor should
Report the override of control to the board
In which of the following scenarios does the auditor most likely have organizational independence but lack objectivity?
Reports to the board but does not report fully about the reason for corrective action taken
In this case, the internal auditor should recommend
The initiation of a conflict-of-interest- policy
What is the responsibility of the internal auditor with respect to fraud?
The internal auditor should have sufficient knowledge to identify the indicators of fraud but is not expected to be an expert
This scope limitation, along with its potential effect, must be communicated to which one of the following?
The organization's board of directors
One payroll engagement objective is to determine whether segregation of duties is proper. Which of the following activities is incompatible?
Preparing attendance data and preparing the payroll
A primary purpose of establishing a code of conduct within a professional organization is to
Promote an ethical culture among professionals who serve others
Quality program assessments may be performed internally or externally. A distinguishing feature of an external assessment is its objective to
Provide independent assurance
The internal audit activity collectively must process or obtain certain competencies. Internal audit staff should be competent in
The use of the International Professional Practices Framework
Which of the following is a control deficiency in this situation?
There is no receiving function located at individual stores
The combination of responsibilities that would NOT be considered a violation of segregation of functional responsibilities is
Timekeeping and preparation of payroll journal entries
Which of the following best describes the purpose of the internal audit activity?
To add value and improve an organization's operations
An unexpected decrease in which of the following ratios could indicate that fictitious inventory has been recorded?
Total asset turnover
Which of the following statements is correct regarding corporate compensation systems and related bonuses?
1 A bonus system should be considered part of the control environment of an organization and should be considered in formulating a report on internal control 1 only
Assurance engagements must be performed with proficiency and due professional care. Accordingly, the Standard require internal auditors to
1 Consider the probability of significant noncompliance 3 Weigh the cost of assurance against the benefits 1 and 3 only
During a consulting engagement, an internal auditor should exercise due professional care by considering which of the following?
1 Needs and expectations of engagement clients 2 Relative complexity and extent of work needed 3 Cost of the consulting engagement 1, 2, and 3
The components of ERM should be present and function effectively. What does "present and functioning effectively" mean?
1 No material weaknesses exist 2 Risk is within the risk appetite Both 1 and 2
To reduce the risk associated with this process, an organization should employ which of the following procedures?
1 Require managerial approval for materials to be declared scrap or obsolete 1 only
If the internal audit activity of a nonpublic company does not have the skills to perform a particular task, an external service provider (ESP) could be brought in from
1 The organization's external audit firm 2 an external consulting firm 4 a college or university
Which of the following activities will most likely NOT adversely affect internal auditor's ethical behavior?
Accepting compensation from professional organizations for consulting work
An element of authority that must be included in the charter of the internal audit activity is
Access to records, personnel, and physical properties relevant to the performance of engagements
The purpose of the internal audit activity can be best described as
Adding value to the organization
The internal auditor's actions
Are not in violation of either The IIA's Code of Ethics or the Standards
The COSO model for internal control lists five specific areas encompassed by the control environment component. Which of the following are elements of the control environment?
Assignment of authority and responsibility Organizational structure Integrity and ethical values All of the answers are correct
Which of the following is NOT appropriate for inclusion in the internal audit charter?
Authorization of the board to approve the charter
Many organizations use electronic funds transfer to pay their suppliers instead of issuing checks. Regarding the risks associated with issuing checks, which of the following risk management techniques does this represent?
Avoiding
Number 7, "John's family observed that he was often argumentative...," is an example of a
Behavioral symptom
The primary reason that a bank would maintain a separate compliance function is to
Better manage perceived high risks
The interpretation related to quality assurance given by the Standards is that
External assessments can provide senior management and the board with independent assurance about the quality of the internal audit activity
Which of the following control models is fully incorporated into the broader integrated framework of enterprise risk management (ERM)?
COSO
If employee paychecks are distributed by hand to employees, which one of the following departments should be responsible for the safekeeping of unclaimed paychecks?
Cashier department
According to COSO, the use of ongoing and separate evaluations to identify and address changes in internal control effectiveness can best be accomplished in which of the following stages of the monitoring-for-change continuum?
Change identification
Which of the following members of an organization has ultimate ownership responsibility of the enterprise risk management, provides leadership and direction to senior managers, and monitors the entity's overall risk activities in relation to its risk appetite?
Chief executive officer
The reporting structure that is most likely to allow the internal audit activity to accomplish its responsibilities is to report administratively to the
Chief executive officer and functionally to the board of directors
The nature of the scope limitation needs to be
Communicated, preferably in writing, to the board
Under the IIA's Code of Ethics, an entity that provides internal auditing services is specifically required to
Comply with the International Standards for the Professional Practice of Internal Auditing
With regard to the exercise of due professional care, an internal auditor should
Consider the relative materiality or significance of matters to which assurance procedures are applied
The internal auditor's proper response is to
Consider the specific circumstances before deciding whether to disclose the reasons for the information request
Due professional care calls for
Consideration of the possibility of material irregularities during every engagement
Objectivity is most likely impaired by an internal auditor's
Continuation on an engagement at a division for which (s)he will soon be responsible as the result of a promotion
Which of the following statements best describes the relationship between planning and controlling?
Controlling cannot operate effectively without the tools provided by planning
One of the disadvantages of imposing this requirement is that the policy
Could limit the range of services that could be performed due to the internal audit activity's narrow expertise and backgrounds
Internal auditors should review the means of physically safeguarding assets from losses arising from
Exposure to the elements
Which of the following fraudulent entries is most likely to be made to conceal the theft of an asset?
Debit expenses and credit the asset
Which of the following actions should the chief audit executive take?
Decide whether to recommend an investigation
The diamond-shaped symbol is commonly used in flowcharting to show or represent a
Decision point, conditional testing, or branching
According to COSO, which of the following is the most effective method to transmit a message of ethical behavior throughout an organization?
Demonstrating appropriate behavior by example
Which of the following would NOT be an appropriate responsibility for an internal audit activity?
Designing and implementing appropriate controls
External assessment of an internal audit activity is NOT likely to evaluate
Detailed cost-benefit analysis of the internal audit activity
Which of the following would NOT be required as part of such an engagement?
Determine whether the chief financial officer is getting higher or lower rates of return on investments than are chief financial officers in comparable organizations
Reasonable assurance should be obtained as to each prospective internal auditor's qualifications and proficiency. Which of the following is the LEAST useful application of this principle?
Determining that all applicants have an accounting degree
Controls that are designed to provide management with assurance of the realization of specified minimum gross margins on sales are
Directive controls
The chief audit executive should
Engage an engineering consultant to perform the comparison
The reconciliation of the summary report to the day's material request forms by the parts room supervisor
Ensures the accuracy and completeness of data input
The internal auditors' responsibility regarding fraud includes all of the following EXCEPT
Ensuring that fraud will not occur
A major reason for establishing an internal audit activity is to
Evaluate and improve the effectiveness of control processes
The internal audit activity's responsibility for preventing fraud is to
Evaluate the system of internal control
An internal auditor must exercise due professional care in performing engagements. Due professional care includes
Evaluating established operating standards and determining whether those standards are adequate
Which of the following describes one of the responsibilities of the internal auditor for the deterrence of fraud in an organization?
Evaluating the adequacy of controls to prevent fraud
A key feature that distinguishes fraud from other types of crime or impropriety is that fraud always involves the
False representation or concealment of a material fact
As part of a total quality control program, a firm not only inspects finished goods but also monitors product returns and customer complaints. Which type of control best describes these efforts?
Feedback control
What type of control was involved?
Feedforward
An organization's policies and procedures are part of its overall system of internal controls. The control function performed by policies and procedures is
Feedforward control
Select the type of control provided when the internal audit activity conducts a systems development analysis.
Feedforward control
The CAE bears the responsibility to do which of the following?
Foster individual objectivity
In which of the following situations does the internal auditor potentially lack objectivity?
Four months after being transferred to the internal audit activity, a former purchasing assistant performs a review of internal controls over purchasing
Which of the following describes the chief audit executive's optimal reporting line to enhance the independence of the internal audit activity?
Functional reporting to the audit committee
The purposes of the Standards include all of the following EXCEPT
Guiding the ethical conduct of internal auditors
In documenting the procedures used by several interacting departments the internal auditor will most likely use a(n)
Horizontal (or systems) flowchart
The opportunity for control-raised problems including fraud has been increased in the stockroom because
Items for cycle count are selected by stockroom personnel
Which of the following represents the best statement of responsibilities for risk management?
Management- Responsibility for risk Internal Auditing- Advisory role Board- Oversight role
Within the COSO Internal Control - Integrated Framework, which of the following components is designed to ensure that internal controls continue to operate effectively?
Monitoring
Which of the following disclosures made by the internal auditor to the new organization would constitute a violation of The IIA's Code of Ethics?
None of the answers represent a violation of the Code.
Which of the following best describes the action prescribed by The IIA's Code of Ethics?
Not accept it if the gift is presumed to impair the internal auditor's judgement
In applying the Rules of Conduct set forth in The IIA's Code of Ethics, internal auditors are expected to
Not be unduly influenced by their own interests in forming judgements
An internal auditor noted that several shipments were not billed. To prevent recurrence of such non billing, the organization should
Numerically sequence and independently account for all controlling documents (such as packing slips and shipping orders) when sales journal entries are recorded
Which action is most appropriate?
Offer the candidate a position if other staff members possess sufficient knowledge in economics and information technology
Which of the following activities could affect the quality assurance review team's evaluation of the objectivity of the internal auditors?
One internal auditor told the review team that, during an engagement to review the payroll function, the payroll manager approached the auditor. The manager indicated the need for an accountant to prepare financial statements for the manager's part-time business. The internal auditor agreed to perform this work for a reduced fee during non-work hours.
Consequently, all internal auditors should be competent with regard to
Operating within the organization's framework for governance, risk management, and control
Number 2, "Randy was always handling the most urgent...," is an example of a(n)
Opportunity to commit
According to the International Professional Practices Framework, the independence of the internal audit activity is achieved through
Organizational status and objectivity
Which of the following are elements of the control environment?
Organizational structure Assignment of authority and responsibility Integrity and ethical values All of the answers are correct
A possible error that this system could allow is
Overpayment for partial deliveries
The chief audit executive (CAE) is best defined as the
Person responsible for the internal audit function
The most appropriate method to prevent fraud or theft during the frequent movement of trailers loaded with valuable metal scrap from the manufacturing plant to the organization's scrap yard about 10 miles away would be to
Require existing security guards to log the time of plant departure and scrap yard arrival. The elapsed time should be reviewed by a supervisor for fraud
Which of the following is a directive control?
Requiring all members of the internal audit activity to be CIAs
Which policy best promotes independence?
Requiring internal auditors to report to the chief audit executive any conflicts of interest or bias
According to The IIA's Code of Ethics, the principle of integrity requires internal auditors to do which of the following?
Respect and contribute to the legitimate and ethical objectives of the organization
Which one of the following is NOT included in the internal audit charter?
Risk assessment of the internal audit activity
Which of the following is the most accurate term for a process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organization's objectives?
Risk management
According to COSO, this decision represents which of the following responses to the risk?
Risk reduction
What is residual risk?
Risk that is not managed
Which of the following activities is outside the scope of internal auditing?
Safeguarding of assets
The CAE must
Seek permission from the audit committee to obtain appropriate support from an HSE professional
The proper organizational role of internal auditing is to
Serve as an independent, objective assurance and consulting activity that adds value to operations
Which of the following ensures that all inventory shipments are billed to customers?
Shipping documents are renumbered and are independently accounted for and matched with sales invoices
If the officer makes good on the promise, the internal auditor
Should still include the finding in the final engagement communication
Number 3, "Difficulties with personal financial problems," is an example of a(n)
Situational pressure
Controls provide assurance to management that desired actions will be accomplished when objectives are established in writing and
Standards are adopted, results are compared with the standards, and corrective actions are undertaken
A typical code of ethical conduct for financial managers or management accountants in an organization requires all of the following EXCEPT
Subjectivity in presenting information, preparing reports, and making analyses
In this situation, typical indicators of the suspected fraud include all of the following except
Submitting gasoline and repair bills that are higher than company average
In this circumstance, the employee should
Suggest that the engagement be performed by another member of the internal audit staff
Which of the following is an indicator of increased risk of fraud? The chief financial officer
Takes no vacations and has refused promotion to vice president of finance
Which action is NOT consistent with functional reporting?
The CAE should meet with the board, with management present, to reinforce the independence of the internal audit activity
Which of the following is NOT considered a scope limitation?
The board reviews the engagement work schedule for the year and deletes an engagement that the chief audit executive thought was important to conduct
The bonus may impair the CAE's objectivity if
The bonus is based on monetary amounts recovered or recommended future savings as a result of engagements
Assessing individual objectivity of internal auditors is the responsibility of
The chief audit executive
Ordinarily, those conducting internal quality program assessments report to
The chief audit executive
Which of the following control procedures provides the greatest assurance that all donations to a not-for-profit organization are immediately deposited in its account?
Use a lockbox to receive all donations
Which of the following areas could be viewed as an internal control weakness of the above organization?
Write-offs of delinquent accounts
Has a violation of The IIA's Code of Ethics occurred?
Yes. The internal auditor was not prudent in the use of information acquired in the course of his or her duties