Test 1 acc590 IA
During an audit, an employee with whom you have developed a good working relationship informs you that she has some information about top management which would be damaging to the organization and may concern illegal activities. The employee does not want her name associated with the release of the information. Which of the following actions would be considered inconsistent with the IIA Code of Ethics and Standards? a. Suggest the person consider talking to legal counsel. b. Inform the employee of other methods of communicating this type of information. c. Inform the individual that you will attempt to keep the source of the information confidential and will look into the matter further. d. Assure the employee that you can maintain her anonymity and listen to the information. e. Suggest that she talk with the organization's compliance officer.
D. Assure the employee that you can maintain her anonymity and listen to the information.
The policies and procedures helping to ensure the management directives are executed and actions are taken to address risks to achievement of objectives are part of which component of the COSO model?
D. Control activities
As part of a company-sponsored award program, an internal auditor was offered an award of significant monetary value by a division in recognition of the cost savings that resulted from the auditor's recommendations. According to the International Professional Practices Framework, what is the most appropriate action for the auditor to take? a. Accept the gift since the engagement is already concluded and the report issued. b. Accept the award under the condition that any proceeds go to charity. c. Accept the gift on condition it is spread across all the members of the audit team. d. Inform audit management and ask for direction on whether to accept the gift. e. Decline the gift and advise the division manager's superior.
D. Inform audit management and ask for direction on whether to accept the gift
An internal auditor engages in the preparation of income tax forms during the tax season. For which of the following activities would the auditor most likely be considered in violation of the IIA's Code of Ethics? a. Teaching an evening tax class, for a fee, at the local junior college. b. Writing a tax guide that is intended for publication and sale to the general public. c. Appearing on a radio show on the local public broadcasting station to discuss retirement planning and tax issues. d. Preparing the personal tax return, for a fee, for one of the company's divisional managers. e. On the weekends, work on an hourly basis for a friend who has a small CPA firm
D. Preparing the personal tax return, for a fee, for one of the company's divisional managers.
Which of the following most completely describes the appropriate content of a workpaper? a. Audit objectives, procedures, and conclusions. b. Purpose, criteria, condition, effects, and recommendations. c. Audit subject, purpose, sampling information, and analysis. d. Purpose, procedures, facts, and conclusions/recommendations. e. Date, client, title, preparer's and reviewer's initials.
D. Purpose, procedures, facts, and conclusions/recommendations.
List three Core Principles and identify if they apply to the internal audit function, the individual internal audit professional, or both.
1. Demonstrate competence and due professional care 2. Is objective and free from undue influence 3. Communicates effectively These all apply to both the internal audit function and the individual internal audit profession
List the three specific responsibilities you will have if you carry out your role as CAE in accordance with the Standards.
1. Establish risked based plans to determine the priorities of the internal audit function 2. Communicate IA function's plans yo senior management + board for review and approval 3. Establish policies and procedures to guide the internal audit function
What are four specific points that should be addressed in the internal audit charter? (There are more than four.)
1. Establishes the internal audit activity position w/in the organization 2. Authorizes access to records, personal and physical properties 3. Defines the scope of IA activities 4. The type of assurance and consulting services
Name and describe two specific monitoring activities
1. Internal/External Audits 2. Customer Satisfaction Surveys
For each line provide an example of a function that would be consider to be a part of that line.
1. Line management/operation management 2. Financial control 3. Internal Audit
The chief audit executive (CAE) has been appointed to a committee to evaluate the appointment of the external auditors. The engagement partner for the external audit firm invites the CAE to join him for a week of hunting at his private lodge. The CAE should: a. Decline the invitation on the grounds it is a conflict of interest. b. Ask the CFO whether accepting the invitation is a violation of the organization's code of ethics. c. Accpet as long as the time is taken as vacation time and not work time. d. Accept with the understanding that the CAE will pay his share of the expenses. e. Accept assuming both their schedules allow it.
A
Which of the following statements is an engagement objective? a. Evaluate whether cash receipts are adequately safeguarded. b. Observe the deposit of the day's cash receipts c. Confirm the cash balance with the bank. d. Analyze the pattern of any cash shortages. e. Recompute each month's bank reconciliation.
A
The 2013 revision of the COSO Internal Control Framework: a. Added seventeen principles to the five components of the earlier model. b. Added the three lines of defense to the five components of the model. c. Integrated the COSO ERM Framework into the Internal Control Framework. d. Requires that organizations have a whistleblower hotline. e. Extended the definition of internal control to go beyond controls over financial reporting.
A. Added 17 principles to the five components on the earlier model
An internal auditing department plans to begin an audit of manufacturing operations in the Automotive Products Division. One of the audit objectives is to determine whether fixed assets employed in manufacturing are properly reflected in the accounting records. In meeting this objective, which of the following audit approaches is likely to be most effective? a. Inspecting fixed assets used in the manufacturing process and tracing to the asset subsidiary ledger. b. Selecting items from asset subsidiary ledger and recalculating depreciation. c. Interviewing members of the accounting department. d. Examining documentation concerning the cost of fixed assets used in the manufacturing process. e. Scanning the asset subsidiary ledger for credit entries.
A. Inspecting fixed assets used in the manufacturing process and tracing to the asset subsidiary ledger.
Residual risk is best defined as:
A. The portion of inherent risk that remains after management executes its risk responses.
Evaluate each of the following requests made by the manager of the data-processing within the context of The IIA's International Professional Practices Framework. A. The request that the internal auditor be responsible for examining suppliers invoices prior to payment B. The request that the internal auditor make suggestions during the development of the system C. The request that the internal auditor assist in the installation of the systems and approve the system after making a final review.
A. This would not be recommended since the internal auditor should not be responsible for previous activity. This would impair objectivity - if assume operating responsibility for areas they audit B. This is okay because the IA is allowed to take suggestions. This would not impair objectivity, allowed to make suggestions and recommendations. C. This would impair objectivity, involvement in the installation of system and providing a final approval involve operating responsibilities that internal auditors must avoid
Which of the following best describes the most important objective of an internal audit charter?
A. To establish the purpose, authority, and responsibility of the internal auditing department
Which of the following best describes the most important objective of an internal audit charter? a. To establish the purpose, authority, and responsibility of the internal auditing department. b. To help establish criteria by which the work of each audit team may be evaluated. c. To provide new members of the audit staff with a clear indication of their job duties. d. To better inform operating management as to what auditors will be doing during an audit. e. To establish the audit committee's role in overseeing the internal audit department
A. To establish the purpose, authority, and responsibility of the internal auditing department.
b) What is the role of monitoring in the COSO internal control model?
Actions taken by management and others to assess the quality of internal control system performance over time
How does COSO define risk?
The possibility that events will occur and affect the achievement of strategy and business objectives.
We looked at three "approach" internal auditors use to assess risk in their organizations. Pick two of the approaches and describe how risks are assessed using that approach and give one advantage of using that approach. Approach 2
Audit Universe - break the organization into auditable units. Develop a set of risk factors and develop a scale for weighing those factors. Assess each unit and rank, those with the highest score would be audited first. Advantage: includes risk below strategic levels
Explain how you will handle the potential conflict your role as the director of taxation might have with your new role as CAE.
Audit engagements of the tax function should be performed by someone other than the internal audit function and managed by a member of senior management. Discuss decisions with CFO and audit committee.
Which of the following control activates address the risk of "Failure to ensure new hires are qualified?" I. Verify applicant's education. II. Thorough documentation of hiring process. III. Verify applicant's skill set. IV. Development and periodic review of appropriate performance reports. V. Job descriptions clearly state required knowledge and skills for the positions. a. III only. b. I, III, and V only, c. II and IV. d. III, and IV only. e. I, II, III, IV, and V.
B
Which of the following situations is a violation of the IIA's Code of Ethics? a. An internal auditor shared an analytic audit technique with internal auditors from another organization. b. Knowing that management was aware of the situation, an internal auditor purposely left a description of an unlawful practice out of the final report. c. Based upon knowledge of the probable success of the employer's business, an internal auditor invested in a mutual fund that specialization in the same industry. d. An auditor discusses a significant issue with the vice president to whom the auditee reports prior to drafting the audit report. e. An internal auditor, with the knowledge and consent of management, accepted an award from a customer of the organization for suggestions the auditor had made to improve the supply chain process. The awards was plaque and a gift certificate to a restaurant valued at $100.
B
An internal auditing department plans to begin an audit of manufacturing operations in the Automotive Products Division. One of the objectives is to determine whether all legal and regulatory requirements concerning employee safety are being properly implemented. In meeting this objective, which of the following audit approaches is likely to be most effective?
B. Examining documentation concerning the design of the relevant systems and observing operations for compliance.
Which of the following statements about the differences between the assurance and the consulting roles of the Internal Auditor are correct? I. Internal Audit's involvement in a consulting engagement is generally at request of management. II. During consulting engagements the auditor is able to implement improvements in ERM. III. During consulting engagements, internal auditors can only recommend improvements and management is free to accept or reject the auditors' proposals. IV. Unlike assurance activities, consulting does not have to be defined in the internal audit charter. a. I and II only. b. I and III only. c. II and IV only. d. II and III only. e. III and IV only.
B. I and III only
Which of the following statements about the differences between the assurance and the consulting roles of the internal auditor are correct? I. Internal Auditor's involvement in a consulting engagement is generally at request of management II. During consulting engagements the auditor is able to implement improvements in ERM. III. During consulting engagements, internal auditors can only recommend improvements and management is free to accept or reject the auditors' proposals. IV. Unlike assurance activities, consulting does not have to be defined in the internal audit charter
B. I and III only
In the case of an efficient system of internal control, in which quadrant would you expect to find the lowest investment in controls? a. I b. II c. III d. IV e. The investment would be equal in each of the four quadrants
C
Your organization has selected you to develop an internal audit activity. Your approach will most likely be to hire a. Degreed accountants because most internal audit work is accounting related. b. Inexperienced personnel and train them the way the organization wants them trained. c. Internal auditors who collectively have the knowledge and skills needed to perform the responsibilities of the internal audit function. d. People with at least three years audit experience with a CPA firm. e. Internal auditors, each of whom possesses all the knowledge and skills to handle all engagements
C
An internal auditor assigned to audit a vendor;s compliance with product quality standards is the brother of the vendor's controller. The auditor should:
C. Notify the CAE of the potential conflict of interest
According to The International Standards for the Professional Practice of Internal Auditing, how is the independence of the internal audit function achieved?
C. Organizational status and objectivity
Which of the following is a Core Principles for the Professional Practice of Internal Auditing? The Internal audit activity: a. Maintains confidentiality. b. Promotes an ethical culture in the internal auditing profession. c. Provides risk-based assurance. d. Adopts audit methodology consistent with its external auditors. e. Exhibits professional skepticism.
C. Provides risk-based assurance
Describe what your primary role will be as a company's CAE.
CAE is the top position with in the organization responsible for internal audit activities. Responsible for overseeing the service contract and the overall quality assurance of those activities
Internal control is one risk response an organization can use to management risk; give an example of another risk response the organization could take and describe how it "manages risk."
Can avoid the risk. Cutting off the process entirely.
According to the COSO control framework, a precondition to risk assessment is: a. Establishing control procedures or activities. b. Establishing a monitoring mechanism. c. Establishing an internal audit function. d. Establishing objectives or goals. e. Establishing performance measures.
D
Which of the following is the best reason for the chief audit executive to consider the organization's strategic plan in developing the annual audit plan? a. To emphasize the importance of the internal audit function to the organization. b. To ensure that the internal audit plan will be approved by senior management. c. To make recommendations to improve the strategic plan. d. To ensure that the internal audit plan supports the overall business objectives. e. To provide assurance that the strategic plan is consistent with organization's values.
D
A company has a Chief Privacy Officer (CPO) who develops policies and conducts training to help the company comply with privacy laws and regulations. In addition to the CPO, the function has a staff of four people. Two of these staff members cycle to each location to review compliance with record retention policies and to make sure any sensitive data is appropriately secure. This is an example of:
D. The second line of defense
Which of the following conditions constitutes inappropriate working paper preparation? a. Engagement observations are cross-referenced to supporting documents. b. Drafts of the final engagement communication are included in the working papers. c. Flowcharts are included in the working papers. d. Tick marks are explained in the notes. e. All forms and directives used by the engagement client are included in the working papers. `
E
Who is responsible for coordination of internal and external audit work? a. The CFO. b. The external audit engagement partner. c. The chair of the audit committee. d. The CEO. e. The CAE.
E
In which of the following situations does the internal auditor potentially lack objectivity? a. An auditor discusses a significant issue with the vice president to whom the auditee reports prior to drafting the audit report. b. An auditor reviews the procedures for a new electronic data interchange (EDI) connection to a major customer before it is implemented. c. An auditor recommends standards of control and performance measures for a contract with a service organization for the processing of payroll and employee benefits. d. A payroll accounting employee assists an auditor in verifying the physical inventory of small motors. e. A former purchasing assistant performs a review of internal controls over purchasing seven months after being transferred to the internal auditing department
E. A former purchasing assistant performs a review of internal controls over purchasing seven months after being transferred to the internal auditing department
To be sufficient, audit evidence should be:
E. Convincing enough for a prudent person to reach the same conclusion as the auditor.
Which of the following is a Core Principles for the Professional Practice of Internal Auditing? The internal audit activity:
E. Demonstrates quality and continuous improvement
In an organization that has implemented ERM, what are the typical roles and responsibilities of The Internal Audit Function
Evaluates the effectiveness and recommends improvements to the ERM. Scope encompasses: governance, risk management, and control systems.
What is the role of the Implementation Guides in the IPPF?
Implementation Guides are recommended guidance but are non-mandatory. They address Getting Started, Considerations for Implementation, and Considerations for Demonstrating Conformance.
The IIA Standards require an internal audit function to have an internal audit charter. What is the purpose of the internal audit charter?
The charter is a formal document that defines the agreed upon purpose, authority, and responsibility of the internal audit function.
The IIA recently issued a new mission statement for the internal audit profession: To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. One of the purposes of this statement is to make clear to stakeholders internal audit's role. b. Contrast this Mission Statement with the Definition of Internal Auditing. What, if anything, does the mission statement add?
Mission puts emphasis on maintaining (protecting) organizational value as well as adding.
To whom should you, as the company's CAE, report?
Must report to a level with in the organization that allows the internal audit activity to fulfill its responsibilities. Report to the audit committee and the CFO
In an organization that has implemented ERM, what are the typical roles and responsibilities of Chief Risk Officer
Operates in a staff function, working with other managers to establish ERM in their areas of responsibility.
We looked at three "approach" internal auditors use to assess risk in their organizations. Pick two of the approaches and describe how risks are assessed using that approach and give one advantage of using that approach. Approach 1
Strategic - determine overall strategic objectives and determine the risk for each. Link strategic risk to processes and the process w/the most number of links would be where to allocate audit resources. Advantage - IA focused on the organization's strategic risk
The International Professional Practices Framework (IPPF) divides the standards for the practices of internal auditing into two types: (1) attribute standards and (2) performance standards. Explain the difference between these two types of standards?
The Attribute Standards address the characteristics of organizations and individuals performing internal audit activities (3 points). The Performance Standards describe the nature of internal audit activities and provide quality criteria against which the performance of these services can be measured (3 points)
Who is responsible for developing the internal audit charter? Besides that responsible person, who else should be involved in determining the charter's content?
The CAE is responsible for developing the charter. Senior management and the audit committee (board).
The IPPF includes 10 core principles. What is the role of the "Core Principles" in IIA's professional practices framework?
The Core Principles, taken as a whole, articulate internal audit effectiveness. For an internal audit function to be considered effective, all Principles should be present and operating effectively.
What benefit does the application of this model bring to an organization?
The Three Lines of Defense model fits into the overall risk management framework by organizing the assurance providers by providing role clarification and allows for the rational design of monitoring activities across the organization
Explain how the three lines of defense models fit into the organization's overall risk management framework.
The Three Lines of Defense model provides a simple and effective way to enhance communications on risk management and control by clarifying essential roles and duties.
Explain the "three lines of defense" model.
The Three Lines of Defense model provides a simple and effective way to enhance communications on risk management and control by clarifying essential roles and duties.
Explain the "three lines of defense" model. How does this model fit into the organization's overall risk management framework?
The Three Lines of Defense model provides a simple and effective way to enhance communications on risk management and control by clarifying essential roles and duties.
What is residual risk?
The risk remaining after management has taken explicit or targeted action to alter the risks severity (impact, likelihood or both)
The IIA recently issued a new mission statement for the internal audit profession: To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. One of the purposes of this statement is to make clear to stakeholders internal audit's role. a. Who are internal audit stakeholders? (1) Answer in general as to what makes someone an internal audit stakeholder. (2) List three specific stakeholders.
audit committee, board, executive management, CFO/controller, vendors, regulators, customers, external auditor, operating/line management
In an organization that has implemented ERM, what are the typical roles and responsibilities of The Board of Directors
to provide oversight and direction to management. Helps management establish governance models
V. a) An organization has a number of response it can take with regard to an organizational risks. Name and describe two possible responses.
• Avoid - eliminate the process causing the risk • Transfer - to insurance or via a hedge