ACC 413 QUESTIONS & ANSWERS LATEST UPDATE | EXAM 2

ACC 413 QUESTIONS & ANSWERS LATEST UPDATE | EXAM 2 ACC 413 QUESTIONS & ANSWERS LATEST UPDATE | EXAM 2 Bold = possibly the answer Green = confirmed answer Red = what I think is incorrect Use ctrl+f to find a question ABC utility company sells electricity to residential customers and is a member of an industry association that provides guidance to electric utilities, lobbies on behalf of the industry, and facilitates sharing among its members. From ABC's perspective, what type of stakeholder is this industry association? a. Directly involved in the operation of the company. b. Interested in the success of the company. c. Influences the company. d. Not a stakeholder. Internal audit activities may involve which of the following? a. Assurance services. b. Consulting services. c. Both assurance and consulting services. d. Neither assurance nor consulting services. Risk management processes most likely are not A. Quantitative or subjective B. Embedded in business units or centralized C. Formalized even in small organizations D. Formal or informal. Which of the following would constitute a violation of the Code of Ethics? a. Discussing your organization's data processing control system at a trade convention. b. Purchasing stock in a target after overhearing an organization executive discussing a possible acquisition. c. Deleting sensitive information from a report at the request of senior management. d. Investigating executive expense reports based on rumors of padding. In a broad sense, society benefits from internal auditing because internal auditing: a. Enforces corporate compliance with the standards of public policy b. Promotes the efficient and effective use of resources. c. Evaluates financial data against professional standards d. Reviews systems established to ensure compliance with corporate policy. Under what circumstances would an internal auditor be required to forfeit the CIA designation? a. Upon leaving the internal auditing profession. b. After action by The IIA's International Ethics Committee c. When found by the IIA's Board of Directors to be in violation of the Code of Ethics. d. Upon commission of a felony or other action resulting in serious criminal charges. According to the Standards, internal auditors should possess the knowledge, skills, and discipline essential to the performance of internal auditing. This means that all internal auditors should be proficient in applying: a. Internal auditing standards b. Quantitative methods c. Management principles d. Structured systems analysis The proper organizational role of internal auditing is to a. Perform studies to assist in the attainment of more efficient operations. b. Assist the external auditor in order to reduce external audit fees. c. Serve as the investigative arm of the board. d. Serve as an independent, objective assurance and consulting activity that adds value to operations. Which of the following activities would NOT be presumed to impair the independence of an internal auditor? 1. Recommending standards of control for a new computer application ensure that proper controls are installed. 2. Drafting procedures for running a new computer application to ensure that proper controls are installed. 3. Performing reviews of procedures for a new computer application before it is installed. a. I only b. II only c. III only d. I and III only As used by the internal auditing profession, the Standards refers to all of the following except: a. Criteria by which the operations of an internal audit department are evaluated and measured. b. Criteria which dictate the minimum level of ethical actions to be taken by internal auditors. c. Statements intended to represent the practice of internal auditing as it should be. d. Criteria that are applicable to all types of internal audit departments. According to the Standards, an internal auditor's role with respect to operating objectives and goals includes: a. Approving the operating objectives or goals to be met. b. Determining whether underlying assumptions are appropriate. c. Developing and implementing control procedures. d. Accomplishing desired operating program results. Assurance, Insight, and Objectivity comprise: a. The mission of internal auditing. b. The three lines of defense model. c. The objectives of internal auditing. d. The value proposition Who is responsible for establishing the strategic objectives of an organization? a. The board of directors b. Senior management c. Consensus among all levels of management d. The board and senior management jointly. The purpose of governmental effectiveness or program results auditing is to determine if desired results of a program are being achieved. The first step in conducting such an audit should be to: a. Evaluate the system used to measure results. b. Determine the time frame to be audited. c. Collect quantifiable data on the program's success or failure. d. Identify the legislative intent of the program being audited According to the Standards, who is responsible for coordinating internal and external audit efforts? A. Chief audit executive B. External auditors C. Audit committee of the board of directors D. Chief financial officer. Which of the following are required of the internal audit function per the Standards? A. Evaluate annually the effectiveness of the audit committee. B. Issue annually an overall opinion on the adequacy of the organization's system of internal controls. C. Obtain an annual representation from management acknowledging management's responsibility for the design and implementation of internal controls to prevent illegal acts. D. Assess whether the information technology governance of the organization sustains and supports the organization's strategies and objectives. According to the Standards, the independence of internal auditors is achieved through: a. Staffing and supervision b. Continuing education and due professional care c. Human relations and communications d. Organizational status and objectivity The board's expectations of the internal audit activity regarding the risk management process is: a. Noted in the work programs for formal consulting engagements. b. Included in the business continuity plan c. Codified in the charters of the internal audit activity and the board. d. Reviewed by the internal auditors immediately following a disaster. The role of internal auditing in enterprise-wide risk management (ERM) most likely includes a. Providing consulting services when the organization's risk maturity is low. b. Determining risk appetite. c. Operating the risk management framework. d. Making decisions on risk responses. Which of the following is most likely an internal audit role in a less structured governance process? a. Designing specific governance processes. b. Playing a consulting role in optimizing governance practices and structure. c. Providing advice about basic risks to the organization. d. Evaluating the effectiveness of specific governance processes. Which of the following are elements included in the control environment? a. Organizational structure, management philosophy, and planning. b. Integrity and ethical values, assignment of authority and human resource policies. c. Competence of personnel, backup facilities, laws, and regulations. d. Risk assessment, assignment of responsibility, and human resource practices. The policies and procedures helping to ensure that management directives are executed and actions are taken to address risks to achievement of objectives describes a. Risk assessments. b. Control environments. c. Control activities. d. Monitoring. Which of the following threatens the independence of an internal auditor who had participated in the initial establishment of a risk management process? a. Developing assessments and reports on the risk management process. b. Managing the identified risks c. Evaluating the adequacy and effectiveness of management's risk processes d. Recommending controls to address the risks identified Which of the following members of an organization has ultimate ownership responsibility of the ERM, provides leadership and direction to senior managers, and monitors the entity's overall risk activities in relation to its risk appetite? a. Chief Risk Officer b. Chief Executive Officer c. Internal auditors d. Chief Financial Officer All of the following are primary objectives of the overall management process except: a. Improving the effectiveness of governance, risk management, and control processes. b. Compliance with laws, regulations, ethical and business norms, and contracts. c. Identification of risk exposures and use of effective strategies to control them. d. Safeguarding of the organization's assets. Which of the following are components of the Definition of Internal Auditing? a. Independence and objectivity. b. A systematic and disciplined approach. c. Helping the organization accomplish its objectives. d. All of the above According to the Standards, the primary purpose for internal auditing's evaluation of the adequacy of an organization's system of internal control is to determine: a. If controls are designed to insure that the organization's objectives will be met. b. The nature, extent and timing of audit tests. c. The extent of compliance with internal controls. d. If the application of due professional care will be sufficient to detect all material irregularities. Which of the following is/are components of the Standards as found in the "Red Book?" I. Statements II. Interpretations III. The glossary a. I only. b. I and II. c. I and III. d. I, II, and III. Which if the following could be an organization factor that might adversely affect the ethical behavior of the CAE? a. The CAE reports directly to an independent audit committee of the board of directors/ b. The CAE is not assigned any operational responsibilities c. A CAE may not be appointed or approved without concurrence of the board of directors. d. The CAE's annual bonuses are based on dollar recoveries or recommended future savings as a result of audits. Under what circumstances would an internal auditor be required to forfeit the CIA designation? a. Upon leaving the internal auditing profession. b. After action by The IIA's International Ethics Committee c. When found by the IIA's Board of Directors to be in violation of the Code of Ethics. d. Upon commission of a felony or other action resulting in serious criminal charges Which of the following actions would be a violation of auditor independence? a. Continuing on an audit assignment for a division for which the auditor will soon be responsible as the result of a promotion. b. Reducing the scope of an audit due to budget restrictions. c. Participating on a task force which recommends standards for control of a new distribution system. d. Reviewing a purchasing agent's contract drafts prior to their execution. One of the purposes of the Standards is to: a. Establish the certification criteria for a CIA. b. Specify the content of the internal auditing department's charter. c. Serve as a guide in determining the reliance that can be placed on the organization's system of internal control. d. Establish a basis for measuring and guiding internal audit reports A major reason for establishing an internal audit activity is to a. Ensure the reliability and integrity of financial and operational information. b. Safeguard resources entrusted to the organization. c. Evaluate and improve the effectiveness of control processes. d. Relieve overburdened management of the responsibility for establishing effective controls. The Standards requires that the CAE seek the approval of management and acceptance by the board of a formal written charter for the internal auditing department. The purpose of this charter is to: a. Protect the internal auditing department from undue outside influence. b. Establish the purpose, authority, and responsibility of the internal audit department c. Clearly define the relationship between internal and external auditing d. Establish the CAE's status as a staff executive. An audit of a foreign subsidiary disclosed payments to local government officials in return for orders. What action does the Code of Ethics suggest for internal auditors in such a case? a. Refrain from any action that might be detrimental to their employers. b. Report the incident to appropriate regulatory authorities. c. Inform appropriate organization officials. d. Report the practice to the Board of Directors of the IIA. In recent years, control self-assessment has become a valuable auditing tool, especially in terms of: a. Determining the accuracy and understandability of financial events as expressed in financial documents. b. Identifying workers who may have been involved in fraudulent activities. c. Uncovering problems in areas such as organizational morale and communication. d. Conducting employee performance appraisals. Internal Auditors must have competent interpersonal skills. Which of the following does not represent an attribute of interpersonal skills? a. Communication b. Leadership c. Project Management d. Team capabilities In the Standards from the International Professional Practices Framework of Internal Auditing, the word "shall/must" means a. Compliance is mandatory. b. Compliance is recommended c. Deviation from a requirements must be documented. d. Deviations may be made if necessary if requested by management. According to the Standards, which of the following must the internal audit manager think about when considering appropriate due care while planning an assurance engagement? a. The opportunity to cross train internal audit staff. b. The cost of assurance is relation to potential benefits. c. Job openings in the area that may be of interest to internal auditors assigned to the engagement. d. The potential to deliver consulting services to the auditee. The Mission of Internal Audit is to a. To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight. b. Add value and improve an organization's operations. c. Promote an ethical culture in the profession of internal auditing. d. Articulate internal audit effectiveness. Which of the following activities undertaken by the internal auditor might be in conflict with the standard of independence? A. Risk management consultant. B. Product development team leader. C. Ethics advocate. D. External audit liaison. Which of the following statements is not true regarding the efficient and economical achievement of the organization's objectives and goals? a. Economical performance accomplishes objectives and goals with minimal use of resources with no regard to risk exposure. b. Efficient performance accomplishes objectives and goals in a timely manner. c. Economical performance accomplishes objectives and goals with minimal use of resources commensurate with the risk of exposure. d. Efficient performance accomplishes objectives and goals in an accurate economical manner. Ensuring effective organizational performance management and accountability is most directly the proper function of a. Control. b. Governance. c. Risk Management. d. A quality assurance program. What action must the chief audit executive take when (s)he believes that senior management has accepted a level of residual risk that is unacceptable to the organization? a. Report the matter to the board for resolution b. Reported the matter to an external authority. c. Discuss the matter with external auditors. d. Discuss the matter with senior management. Upon obtaining factual documentation of unethical business conduct by the vice president in charge of internal auditing, the Chief Audit Executive should: a. Conduct an investigation to determine the extent of the vice president's involvement in the unethical acts. b. Confront the vice president with the fact before proceeding. c. Schedule an audit of the business function involved. d. Report the facts to the Chief Executive Officer and the audit committee. According to the Sawyer Why Internal Auditing? article the roots of auditing date back to a. 3,600 B.C. b. 1941 c. 1890 d. approximately 1480 AD An internal auditor engages in the preparation of income tax returns during the tax season. For which of the following activities might the auditor most likely be in violation of the Code of Ethics? a. Writing a tax guide that is intended for publication and sale to the general public. b. Preparing the personal tax return, for a fee, for one of the organization's division managers without the consent of senior management. c. Teaching an evening tax seminar, for a fee, at a local university d. Preparing tax returns for elderly citizens, regardless of their associations, as a public service The purposes of the Standards include all of the following except A. Establishing the basis for the measurement of internal audit performance. B. Guiding the ethical conduct of internal auditors. C. Stating basic principles that represent the practice of internal auditing. D. Fostering improved organizational processes and operations. To ensure that due professional care has been taken at all times during an engagement, the internal auditor should always: a. Ensure that all financial information related to the audit is examined for nonconformance and irregularities. b. Ensure that all audit tests are fully documented. c. Consider the possibility of or nonconformance and irregularities at all times during the engagement. d. Communicate any noncompliance or irregularity discovered during an engagement promptly to the audit committee. In recent years, control self-assessment has become a valuable auditing tool, especially in terms of: a. Determining the accuracy and understandability of financial events as expressed in financial documents. b. Identifying workers who may have been involved in fraudulent activities. c. Uncovering problems in areas such as organizational morale and communication. d. Conducting employee performance appraisals The function of internal auditing, as related to internal financial reports, would be to: a. Ensure compliance with reported procedures. b. Review the expenditure items and match each item with the expense incurred. c. Determine if there are any employees expending funds without authorization. d. Identify inadequate controls that increase the likelihood of unauthorized expenditures. One of the purposes of the International Standards for the Professional Practice of Internal Auditing as stated in the Introduction to the current version of the Standards is to A. Establish the independence of the internal audit activity and emphasize the objectivity of internal auditing. B. Encourage external auditors to make more extensive use of the work of internal auditors. C. Encourage the professionalization of internal auditing. D. Establish the basis for evaluating internal auditing performance. The purpose of governmental effectiveness or program results auditing is to determine if desired results of a program are being achieved. The first step in conducting such an audit should be to: a. Evaluate the system used to measure results. b. Determine the time frame to be audited. c. Collect quantifiable data on the program's success or failure. d. Identify the legislative intent of the program being audited. The actions taken to manage risk and increase the likelihood that established objectives and goals will be achieved are best described as a. Control. b. Compliance. c. Quality assurance. d. Supervision. In which of the following situations would an auditor potentially lack objectivity? a. An auditor reviews the procedures for a new electronic data interchange connection to a major customer before it is implemented. b. A former purchasing assistant performs a review of internal controls over purchasing four months after being transferred to the internal audit activity. c. An auditor recommends standards of control and performance measures for a contract with a service organization for the processing of payroll and employer benefits. d. A payroll accounting employee assists an auditor in verifying the physical inventory of small motors. Which organization is not referenced in the Risk: Key to Governance article? a. National Association of Corporate Directors (NACD) b. Australian Stock Exchange c. US Food and Drug Administration (FDA) d. S. C. Johnson and Sons Independent outside auditors provide financial reporting assurance services primarily for a. The benefit of third parties b. Management c. Board of Directors d. CEO The best description of the purpose of internal auditing is that it: a. Furnishes members of the organization with information needed to effectively discharge their responsibilities. b. Reviews the reliability and integrity of financial and operating information. c. Reviews the means of safeguarding assets and, as appropriate, verifies the existence of such assets. d. Appraises the economy and efficiency with which resources are employed. e. All of the other choices are correct. According to Jacka's article, what makes internal auditors unique is a. independence and objectivity b. ethics and diligence c. competence and fairness d. independence and audit knowledge During the audit of one of its organization's nuclear power plants, an internal auditing team discovered serious instances of violations of safety procedures. The Code of Ethics requires the audit team to: a. Present sufficient factual evidence without revealing confidential information that could be detrimental to their organization. b. Disclose all material evidence obtained by the audit team as of the date of the audit report. c. Report factual evidence gathered within established time and budget restraints. d. Reveal material facts known to the audit team that could distort the report if not disclosed. According to the International Professional Practices Framework of the IIA, which pronouncements represent mandatory guidance for implementing the Standards? a. Implementation Guidance b. Supplemental Guidance c. Performance Standards d. Internal Audit Textbooks According to the International Professional Practices Framework of the IIA, which pronouncements represent mandatory guidance for implementing the Standards? A. IIA publications. B. Core Principles. C. Implementation Guidance. D. Supplemental Guidance. According to the International Professional Practices Framework of the IIA, which pronouncements represent mandatory guidance for implementing the Standards? A. Practice Advisories. B. The Red Book. C. Supplemental Guidance. D. Performance Standards Which standards are applicable to organizations and individuals performing specific types of internal auditing services? a. Performance Standards b. Attribute Standards c. Implementation Standards d. All of the above standards Which organization is not referenced in the Risk: Key to Governance article? a. Committee of Sponsoring Organizations (COSO) b. Gap Kids c. Occupational Safety and Health Administration d. Exxon-Mobil The scope of internal auditing work encompasses a systematic, disciplined approach to evaluating and improving the adequacy and effectiveness of all the following processes except a. Governance. b. Control. c. Financial statements. d. Risk management. A basic principle of governance is a. Assessment of the governance process by an independent internal audit activity b. Holding the board, senior management, and internal audit activity accountable for its effectiveness. c. Exclusive use of external auditors to provide assurance about the governance process. d. Separation of the governance process from promoting an ethical culture in the organization. In enterprise-wide risk management (ERM), the internal audit activity's core assurance roles include a. Coordinating ERM. b. Evaluating the reporting of key risks. c. Championing establishment of ERM. d. Implementing. Which of the following activities is outside the scope of internal auditing? a. Assessing an operating department's effectiveness in achieving stated organizational goals. b. Safeguarding assets. c. Checking for compliance with laws and regulations. d. Evaluating established objectives and goals. The most accurate term for the procedures used by the representatives of the organization's stakeholders to provide oversight of processes administered by management is a. Risk management. b. Control. c. Governance. d. Monitoring. Which of the following statements is NOT true about business objectives? a. Business objectives represent targets of performance. b. Establishing meaningful business objectives is a prerequisite to effective internal control. c. Establishing business objectives is a key component of the management process. d. Business objectives are management's means of employing resources and assigning responsibilities. ERM is not expected to provide reasonable assurance of achieving which objectives? a. Strategic b. Reporting c. Internal control d. Compliance Directors, management, external auditors, and internal auditors all play important roles in creating proper control processes. Senior management is primarily responsible for a. Establishing and maintaining an organizational culture. b. Reviewing the reliability and integrity of financial and operational information. c. Ensuring that external and internal auditors oversee the administration of the system of risk management and control processes. d. Implementing and monitoring controls designed by the board of directors. An organization's new president meets the CAE for the first time and asks him or her to briefly describe the department's overall responsibility. The CAE states that internal audit's overall responsibility is to: a. Act as an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. b. Review the means of safeguarding assets, and, as appropriate, verify the existence of such assets. c. Ensure compliance with policies, plans, procedures, laws, and regulations that could have a significant impact on operations and reports. d. Review the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information Within the context of internal auditing, assurance services are best defined as: a. Objective examination of evidence for the purpose of providing independent assessments. B. Advisory services intended to add value and improve an organization's operations. C. Professional activities that measure and communicate financial and business data. D. Objective evaluations of compliance with policies, plans, procedures, laws, and regulations. An auditor discovers some material inefficiencies in a purchasing function. The purchasing manager happens to be the auditor's next-door neighbor and best friend. In accordance with the Code of Ethics, the auditor should: A. Objectively include the facts of the case in the audit report. B. Not report the incident because of loyalty to the friend. C. Include the facts of the case in a special report submitted only to the friend D. Not report the friend unless the activity is illegal An internal auditor who had been supervisor of the accounts payable section should not audit that section: A. Because there is no way to measure a reasonable period of time in which to establish independence. B. Until enough time has elapsed to allow the new supervisor to influence the system of controls over accounts payable. C. Until after the next annual review by the external auditors. D. Until it is clear that the new supervisor has assumed responsibility. Which of the items below would be a violation of the IIA's Code of Ethics? A. Certain facts evidenced in the auditor's working papers that helped to support the basic allegations made by the auditor as to a case of fraud were not included in the audit report. B. Evidence in the auditor's working papers that proved a criminal act was included in the auditor's report draft. The comments were later removed by audit management. C. To keep the audit effort within the budgeted time, the auditor was directed to and did curtail testing in an area that looked suspicious and later was proved to contain massive irregularities. D. A control system that had been recommended by the audit staff during the previous audit was found to be defective, The auditor reported the defective function as a client failure. Who is ultimately responsible for identifying new or emerging key risk areas that should be covered by the organization's governance process? A. The board of directors. B. Senior management. C. Risk owners. D. The internal audit function. An auditor often faces special problems when auditing a foreign subsidiary. Which of the following statements is FALSE with respect to the conduct of international audits? A. The IIA Standards do not apply outside of the U.S. B. The auditor should determine whether managers are in compliance with local laws. C. There may be justification for having different organization policies in force in foreign branches. D. It is preferable to have multilingual auditors conduct audits at branches in English-speaking nations. In the risk management process, management's view of the internal audit activity's role is likely to be determined by all of the following factors except A. Organizational culture. B. Preferences of the independent auditor. C. Ability of the internal audit staff. D. Local conditions and customs of the country. AVF Company's new CFO has asked the company's CAE to meet with him to discuss the role of the internal audit function. The CAE should inform the CFO that the overall responsibility of internal audit is to: A. Serve as an independent assurance and consulting activity designed to add value and improve the company's operations. B. Assess the company's methods for safeguarding its assets and, as appropriate, verify the existence of the assets. C. Review the integrity of financial and operating information and the methods used to accumulate and report information. D. Determine whether the company's system of internal controls provides reasonable assurance that information is effectively and efficiently communicated to management. When required to select adequate operating standards to evaluate an activity, the internal auditor should: A. Seek client agreement on a set of appropriate standards B. Conclude that internal control is not effective C. Choose the standards used in the last audit of the activity D. Develop an appropriate set of standards According to the standards, due professional care calls for: A. Detailed audits of all transactions related to a particular function B. Infallibility and extraordinarily performance when the system of internal controls is known to be weak C. Consideration of the possibility of material irregularities during every audit assignment D. Testing insufficient detail to give absolute assurance that noncompliance does not exist Which of the following types of IPPF guidance requires an exposure to the various IIA national institutes prior to it issuance 1. A new Practice advisory 2. A new standard 3. A new position paper 4. A new definition in the standards glossary A. III only B. II and IV C. II, III, IV D. I, II, III, IV Which of the following actions by an auditor would violate the Code of Ethics? A. An audit of an activity managed by the auditor's spouse. B. A material financial investment in the organization. C. Use of an organization car. D. A significant ownership interest in a non-related business. Internal auditing work encompasses all of the following processes except: A. Risk management B. Control C. Financial Statements D. Governance Which risk response reflects a change from acceptance to sharing? A. An insurance policy on a manufacturing plant was not renewed B. Management purchased insurance on previously uninsured property C. Management sold a manufacturing plant D. After employees stole numerous inventory items, management implemented mandatory background checks on all employees. ERM is NOT expected to provide reasonable assurance of achieving which objectives? A. Strategic and reporting. B. Operations and reporting. C. Strategic and operations. D. Compliance. An auditor, nearly finished with an engagement, discovers that the director of Marketing has a gambling habit. The gambling habit is not directly related to the existing engagement and there is pressure to complete the current engagement. The auditor notes the problem and forwards the information to the chief audit executive but performs no further follow-up. The auditor's actions would: A. Be in violation of the IIA Code of Ethics for withholding meaningful information. B. Be in violation of the Standards because the author did not properly follow up on a red flag that might indicate the existence of fraud. C. Not be in violation of either the IIA Code of Ethics or Standards. D. Be in violation of both the IIA Code of Ethics and the Standards. Audit committees are most likely to participate in the approval of A. Audit staff promotions and salary increases. B. The internal audit report observations and recommendations. C. Audit work schedules. D. The appointment of the Chief Audit Executive. Which of the following statements regarding corporate governance is not correct? A. Corporate control mechanisms include internal and external mechanisms. B. The compensation scheme for management is part of the corporate control mechanism. C. The dilution of shareholders' wealth resulting from employee stock options or employee stock bonuses is an accounting issue rather than a corporate governance issue. D. The internal auditor of a company has more responsibility than the board for the company's corporate governance. Governance is a A. Directive B. Procedure C. Process D. Method Risks are assessed in terms of: A. impact and behavior. B. cost and possibility. C. impact and likelihood. D. events and likelihood. When assessing the risk associated with an activity, an internal auditor should: A. Determine how the risk should best be managed. B. Provide assurance on the management of the risk. C. Update the risk management process based on risk exposure. D. Design controls to mitigate the identified risks. Which of the following is true regarding business process outsourcing? A .Outsourced processes should not be included in the audit universe. B. Outsourcing a core high-risk business process reduces the overall operational risks. C. The independent outside auditor is required to review all significant outsourced business processes. D. The internal audit function should review the contract to determine whether it will meet management's objectives before being signed. Internal Auditors often flowchart a control system and reference the flowchart to create a narrative description of certain activities. This is an appropriate procedure to: A. Determine the ability of the activities to produce reliable information. B. Determine if the system meets established management objectives. C. Document that the system meets international auditing standards. D. Obtain the understanding necessary to test the effectiveness of the system. Which of the following are business processes? I. Compliance with environmental regulations II. Review and write-off of delinquent loans III. Safeguarding of assets IV. Remittance of payroll taxes to the respective local and federal tax authorities A. II only. B. I and III only. C. II and IV only D. I, II, III, and IV In assessing organizational risk in a manufacturing firm, which of the following would have the most long-range impact on the organization? A. Product quality. B. Production scheduling. C. Advertising budget. D. Inventory policy. Risk is defined as: A. The magnitude of an adverse event. B. The possibility that an event will occur. C. The possibility that an event will occur and adversely affect the achievement of objectives. D. The possibility of dangerous activity. Which of the following questions is NOT particularly helpful in determining the key objectives of a process? A. Who created the process? B. How are people supposed to act relative to the process? C. How does the process support the organization's strategy? D. Why does the process exist? Flowcharting would most likely be used in the evaluation of controls in: A. An internal audit department with limited experience in the evaluation of internal control systems. B. A complex system. C. An application involving the joint efforts of both internal and external auditing. D. A simple but well documented system. Internal Auditors often flowchart a control system and reference the flowchart to create a narrative description of certain activities. This is an appropriate procedure to: A. Document that the system meets international auditing standards. B. Obtain the understanding necessary to test the effectiveness of the system. C. Determine if the system meets established management objectives. D. Determine the ability of the activities to produce reliable information. Of the techniques available to an auditor, which is the most valuable in providing a summary outline and overall description of the process of transactions in an information system? A. Software code comparison. B. Transaction Retrievals. C. Test decks D. Flowcharts. Which of the following is NOT included in a risk control matrix? A. Factor score. B. Activity within process. C. Impact rating. D. Risk Statement (events). Which of the following are appropriate organizational responses to a risk? A. Avoidance, Reduction, Mitigation, Acceptance. B. Avoidance, Reduction, Sharing, Acceptance. C. Avoidance, Mitigation, Sharing, Acceptance. D. Avoidance, Reduction, Ranking, Acceptance. An adequate system of internal control is most likely to detect an irregularity perpetrated by a: A. Group of managers in collusion B. Single employee C. Group of employees in collusion D. Single manager A casualty insurance policy is an example of a A. preventive control. B. detective control. C. directive control. D. corrective control. Which of the following describes a control weakness? A. Purchasing procedures are well designed and are followed unless otherwise directed by the purchasing supervisor. B. Pre-numbered blank purchase orders are secured within the purchasing department. C. Normal operational purchases fall in the range from $500 to $1,000 with two signatures required for purchases over $1,000. D. The purchasing agent invests in a publicly traded mutual fund that lists the stock of one of the organization's suppliers in its portfolio. Internal control cannot be designed to provide reasonable assurance regarding the achievement of objectives concerning A. Reducing the cost of an external audit. B. Elimination of all fraud. C. Availability of reliable data for decision-making purposes and protection of important documents and records. D. Compliance with the Foreign Corrupt Practices Act of 1977. Internal controls may be preventive, detective, or corrective. Which of the following is preventative? A. Requiring two persons to open mail. B. Reconciling the accounts receivable subsidiary file with the control account. C. Using batch totals. D. Preparing bank reconciliations. What is residual risk? A. Underlying risk in the environment. B. Risk that is under control. C. Risk that is not managed. D. Impact of risk. A bank reconciliation is an example of a A. Directive control. B. Detective control. C. Preventive control. D. Corrective control. According to the original COSO study, how many components comprise the internal control system? A. 3. B. 5. C. 9. D. 15. In an examination of receiving operations for a manufacturer of small appliances, an auditor will be most concerned with the risk that the function has: A. Failed to detect the receipt of substandard goods. B. Accepted goods in excess of current needs. C. Paid inflated prices for goods from related parties. D. Received goods that were not ordered. A recent inventory shortage at XYZ Corp., and unaffiliated supplier, contributed to production failures at OPS Corp. in the current period. To avoid future production failures because of supplier inventory shortages, the most appropriate method is for OPS to A. Establish an inventory control framework at XYZ. B. Increase the size of orders. C. Produce the inventory items instead of purchasing from suppliers. D. Inform XYZ about its risk appetite regarding supply failures. The internal audit activity's scope of responsibilities includes A. Eliminating Risk. B. Managing Risk. C. Evaluating Risk. D. Controlling Risk. Which of the following explanations suggests the least amount of relative risk stemming from a failure to compare a purchased order to an approved price list? A. A temporary employee processed the purchase order. B. The comparison is not required by company policy. C. The vendor is one used often by the company. D. The director of the purchasing department approved the purchase order. Appropriate internal control for a multinational corporation’s branch office that has a department responsible for the transfer of money requires that: A. The branch manager receives all wire transfers. B. Corporate management approves the hiring of monetary transfer unit employees. C. The individual who initiates the wire transfers does not reconcile the bank statement. D. Foreign currency rates be computed separately by two different employees. A physical inventory recount is an example of a A. Preventive control. B. Detective control. C. Corrective control. D. Monitoring control. A utility with a large investment in repair vehicles would most likely implement which internal control to reduce the risk of vehicle theft or loss? A. Review insurance coverage for adequacy. B. Systematically account for all repair work orders. C. Physically inventory vehicles and reconcile the results with the accounting records. D. Maintain vehicles in a secured location with release and return subject to approval by a custodian. Which of the following is a risk? A. A commitment to competence. B. A Code of Ethics. C. A personnel policy manual. D. A significant improvement in the competitor's products. The control that would most likely ensure that payroll checks are written only for authorized amounts is to: A. Conduct periodic floor verification of employees on the payroll. B. Periodically witness the distribution of payroll checks. C. Require the return of undelivered checks to the cashier. D. Require supervisory approval of employee time cards. The internal audit activity evaluates controls in response to risks in governance systems regarding A. Compliance with contracts. B. Strategic Planning. C. Formation of a governance committee of the board. D. Formation of an audit committee of the board. If internal control is well designed, two tasks that should be performed by different persons are A. Approval of bad debt write-offs, and reconciliation of the accounts payable subsidiary ledger and controlling account. B. Distribution of payroll checks and approval of sales of credit. C. Posting of amounts from both the cash receipts journal and cash payments journal to the general ledger. D. Recording of cash receipts and preparation of bank reconciliations. Which component is the foundation of all other components in the internal control structure? A. Control environment. B. Risk assessment. C. Control activities. D. Information and communication. Budgets are a necessary component of financial decision making because they help provide a(n) A. Efficient allocation of resources. B. Means to use all the firm's resources. C. Automatic corrective mechanisms for errors. D. Means to check managerial discretion. When assessing risk management processes, internal auditors consider researching and reviewing current developments, trends, and other appropriate sources of information to determine I. Risks that may affect the organization II. Exposures that my affect the organization III. Related control procedures to use A. I and II only. B. II and III only. C. III only. D. I, II, and III. Whether a deviation is an error or irregularity is determined by: A. the intent of the individual(s) involved B. whether the individual involved is a manager C. whether the process is manual or computerized D. the amount of the deviation What is inherent risk? A. Underlying risk in the environment. B. Risk that is not managed. C. Risk that is under control. D. Impact of risk. Flowcharting helps the internal auditor in which of the following ways? A. Supplies an understanding of the sequence of events and activities in the process. B. Provides a means of communication between the auditor and the client. C. Allows the auditor to project the effects of recommended changes on the existing system. D. All of the above. Of the techniques available to an auditor, which is the most valuable in providing a summary outline and overall description of the process of transactions in an information system? A. Flowcharts. B. Software code comparisons. C. Test decks. D. Transaction Retrievals. The primary responsibility for overseeing the establishment and administration of internal control rests with A. The external auditor. B. Senior management. C. The controller. D. The treasurer. Control Devices may be Quantitative Qualitative B. Yes No C. No Yes D. No No The internal auditor wants to make an initial risk assessment of the accounts payable department to determine what controls should be in place. Which of the following methods would NOT be used in that initial assessment? A. Flowcharting. B. Internal control questionnaires. C. A control matrix. D. SAS No. 47. Requiring two signatures on all checks written for more than $10,000 is an example of a: A. Detective control. B. Monitoring control. C. Corrective control. D. Preventive control. Which of the following best describes an internal auditor's purpose in reviewing the organization's existing risk management, control, and governance processes? A. To provide reasonable assurance that the processes will enable the organization's objectives and goals to be met efficiently and economically. B. To determine whether the processes ensure that the accounting records are correct and that financial statements are fairly stated. C. To help determine the nature, timing, and extent of tests necessary to achieve engagement objectives. D. To ensure that weaknesses in the internal control system are corrected. Which of the following is closely related to traditional risk management instead of ERM? A. Rapid response to opportunities. B. Organization-level view of risk. C. Emphasis on specific functions. D. Achieving financial goals. The work of the internal audit activity includes evaluating and contributing to the improvement of risk management systems. Risk is I. The negative effect of events certain to occur II. Measured in terms of impact III. Measured in terms of likelihood A. I only B. I and II only C. II and III only D. I, II, and III A corporate policy is an example of a A. directive control. B. detective control. C. corrective control. D. preventive control. The requirement that purchases be made from suppliers on an approved list is an example of a: A. Monitoring control B. Preventive control. C. Detective control. D. Corrective control. Control tools do not include A. Reconciliations. B. Checklists. C. Sharing of duties. D. Exception reports. Which of the following best describe the interrelated components of internal control? A. Organizational structure, management philosophy, and planning. B. Control environment, risk assessment, control activities, information and communication systems, and monitoring. C. Risk assessment, backup facilities, responsibility accounting, and natural laws. D. Legal environment of the firm, management philosophy, and organizational structure. An internal auditor plans to conduct an audit of the adequacy of controls over investments in new financial instruments. Which of the following would NOT be required as part of such an engagement? A. Determine the extent of management oversight over investments in sophisticated instruments. B. Determine if policies exist that describe the risks the treasurer may take and the types of instruments in which the treasurer may make investments. C. Determine the nature of controls established by the treasurer to monitor the risks in the investments. D. Determine whether the treasurer is getting higher or lower rates of return on investments than are treasurers in comparable organizations. Management can best strengthen internal control over the custody of inventory stored in an off- site warehouse by implementing A. Reconciliations of transfer slips to/from the warehouse with inventory records. B. Increases in insurance coverage. C. Regular reconciliation of physical inventories to accounting records. D. Regular confirmation of the amount on hand with the custodian of the warehouse. The internal auditing's role in the risk management process of an organization can change over time and may be found at some point along a continuum. Appropriate roles include I. Implementing risk responses II. Providing assurance on the risk management process III. Coaching management in responding to risks IV. Setting the risk appetite A. I only. B. II only. C. II and III only. D. I, II, III, IV. Which of the following are features of risk/control assessment? I. Identify business objectives II. Review the likelihood and significance (impact) III. Identify control(s) IV. Test effectiveness A. I and II only. B. II and III only. C. III only. D. I, II, III, and IV. The COSO study defines the objectives of internal control in three broad categories. It also discusses five components that make up the system of control. Which of the following is an objective? A. Effectiveness and efficiency of operations. B. Risk assessment. C. Control activities. D. Information and communication. According to the COSO study, a precondition to risk assessment is: A. Establishing an internal audit department. B. Establishing control procedures or activities. C. Establishing objectives. D. Establishing a monitoring method. Audit committees are most likely to participate in the approval of A.Audit staff promotions and salary increases. B. The internal audit report observations and recommendations. C. Audit work schedules. D. The appointment of the Chief Audit Executive. The best approach for making sure that only authorized employees receive computer output is: A. Place the output in bins early in the day rather than late in the day. B. Load the output in a file to print at local workstations. C. Hold the output in a secure area until it is picked up by authorized employees. D. Make printouts available only at specified times. When an auditor uses his or her own designed input data, the auditor is using: A. Test data. B. Parallel simulation. C. Code review. D.Mapping. Which of the following is an indication that a computer virus of this category is present? A.Frequent power surges that harm computer equipment. B. Unexplainable losses of or changes to data. C. Inadequate backup, recovery, and contingency plans. D. Numerous copyright violations due to unauthorized use of purchased software. A construction organization uses a spreadsheet program to prepare estimates for bids on new projects. The best approach for making sure that its spreadsheet calculations are correct is to: A.Protect all cells except those specifically intended for data entry. B. Inspect the documentation to verify the approach used by the model developer. C. Perform sensitivity analysis on the major output results. D. Map the spreadsheet model with spreadsheet analysis software. E. all of the above The auditor is concerned that retired employees are not receiving the correct benefits. Which of the following auditing procedures would be the least effective in addressing this concern? A. Take a sample of employees added to the retirement list for a specified time period, for example, a day or a week, and determine that they are scheduled for the appropriate benefits. B. Use an integrated test facility and submit transactions over a period of time to determine if the system is paying the appropriate benefits. C. Use generalized audit software to take a classical variables sample of retired employees on the database. Verify that all benefit payments are appropriate. D. Use generalized audit software to take a variables sample stratified on years since retirement and size of benefit payments. Verify that all benefit payments are appropriate. Your firm has recently converted its purchasing cycle from a manual process to an online computer system. Which of the following is a probable result associated with conversion to the new automatic system? A. Processing errors are increased. B. The nature of the firm's risk exposure is reduced. C.Processing time is increased. D.Traditional duties are less segregated. In order to test whether data currently within the automated system are correct, the auditor should: A. Use test data and determine whether all the data entered are captured correctly in the updated database. B. Take a sample of data to be entered for a few days and trace the data to the updated database to determine the correctness of the updates. C. Use generalized audit software to provide a printout of all employees with invalid job descriptions. Investigate the causes of the problems. D. Use generalized audit software to select a sample of employees from the database and verify the data fields. Which of the following is the least efficient and most error prone method for transferring large amounts of data from a mainframe to a desktop computer? A. Transfer by downloading. B. Transfer by usb drive. C. Transfer using voice-to-text software. D. Transfer from a tape drive through specialized software. An accounting clerk developed a scheme to input fraudulent invoices for nonexistent vendors. All the payments were sent to the same address. The auditor suspects a possible fraud. The most effective computer audit technique to investigate the fraud would be to: A. Use test data for multiple vendors and investigate unexpected results. B. Perform a complete audit of computer program changes. C. Use generalized audit software to compare addresses across multiple files and print out duplicates for investigation. D. Test application controls through an integrated test facility and investigate unexpected results. Using test data, an auditor has processed both normal and a typical transaction through a computerized payroll system to test calculation of regular and overtime hours. Sufficient competent evidence of controls exists if: A. No other tests are performed. B. Test data results are compared to predetermined expectations. C. Exceptions are mapped to identify the control logic executed. D.Test result data are tagged to instigate creation of an audit data file. Which of the following is not a tool that could be used by an internal auditor in performing substantive tests? A. Embedded audit module. B. Parallel simulation. C. Test data. D. None of the above. To determine whether there have been any unauthorized program changes since the last authorized program update, the best information systems audit technique is for the auditor to conduct a(n): A. Code comparison. B. Code review. C. Test data run. D. Analytical review. Your firm has recently converted its purchasing cycle from a manual to an online computer system. You have been placed in charge of the first post-implementation audit of the new system and have access to a generalized audit software package. One of your objectives is to determine whether all material liabilities for trade accounts payable have been recorded. Which of the following would most help you achieve this objective? A.A listing of all purchase transactions processed after the cutoff date. B.A listing of all accounts payable ledger accounts with a post office box given as the vendor mailing address. C.A listing of all duplicate: (1) purchase orders, (2) receiving reports, and (3) vendor invoices. D.A listing of all vendors with a debit balance in the accounts payable ledgers. Generalized audit software (GAS) is designed to allow auditors to: A. Monitor the execution of application programs. B. Process test data against master files that contain real and fictitious entities. C. Select sample data from files and check computations. D. Insert special audit routines into regular application programs. Which of the following database controls would be most effective in maintaining a segregation of duties appropriate to the users' reporting structure within an organization? A.Logical access controls. B.Software change control procedures. C.Dependency checks. D.Backup and recovery procedures. Which of the following is one purpose of an embedded audit module? A. Enable continuous monitoring of transaction processing. B. Identify program code that may have been inserted for unauthorized purposes. C. Verify the correctness of account balances on a master file. D. Review the contents of a specific portion of computer memory. Organizations now can use electronic transfers to conduct regular business transactions. Which of the following terms best describes a system where an agreement is made between two or more parties to electronically transfer purchase orders, sales orders, invoices, and/or other financial documents A.Electronic mail (e-mail). B.Electronic funds transfer (EFT). C.Electronic data interchange (EDI). D.Electronic data processing (EDP). Which of the following concepts distinguishes the retention of computerized audit working papers from the traditional hard copy form? A.Analyses, conclusions, and recommendations are filed on electronic media and are therefore subject to computer system controls and security procedures. B.Evidential support for all findings is copied and provided to local management during the closing conference and to each person receiving the final report. C.Computerized data files can be used in EDP audit procedures. D.Audit programs can be standardized to eliminate the need for a preliminary survey at each location. Enabling users to have different views of the same data is a function of: A.The operating system. B.A program library management system. C.The database management system. D.A utility program.*NC Which of the following is not a tool that could be used by an internal auditor in performing substantive tests? A. Embedded audit module. B. Parallel simulation. C. Test data. D. None of the above An internal auditor was assigned to confirm whether operating personnel had corrected several errors in transaction files that were discovered during a recent audit. Which of the following automated tools is the auditor most likely to use? A.Online inquiry. B.Parallel simulation. C.Mapping. D.Tracing. Which of the following personal computer applications would be least helpful in preparing audit working papers? A.Spreadsheet software. B.Word processing software. C.Utilities software. D.Database software. At the end of the day, an internal auditor uses the client's desktop computer and word processing program to draft a working paper that contains the day's findings. Which of the following would be the best thing to do before leaving the office? A. Print the working paper and save the file on a usb drive. B. Print the working paper and save the file on a hard disk. C. Print the working paper, save the file on the hard disk, and save a backup copy of the file on a usb drive. D. Save the file on the hard disk. Which of the following statements are correct regarding the Internet as a commercially viable network? I. Organizations must use firewalls if they wish to maintain security over internal data. II. Companies must apply to the Internet to gain permission to create a home page to engage in electronic commerce. III. Companies that wish to engage in electronic commerce on the Internet must meet required security standards established by the coalition of Internet providers. A.I only. B.II only. C.III only. D.I and III. Which of the following is a risk that is higher when an electronic funds transfer (EFT) system is used? A.Improper change control procedures. B.Unauthorized access and activity. C.Insufficient online edit checks. D.Inadequate backups and disaster recovery procedures Which of the following is not a benefit of using information technology in solving audit problems? A.It helps reduce audit risk. B. It improves the timeliness of the audit. C. It increases audit opportunities. D. It improves the auditor's judgment. Encryption protection is least likely to be used in which of the following situations? A. When transactions are transmitted over local area networks. B. When wire transfers are made between banks. C. When confidential data are sent by satellite transmission. D. When financial data are sent over dedicated, leased lines. The purpose of the International Standards for the Professional Practice of Internal Auditing include all of the following except A. Stating basic principles that represent the practice of internal auditing as it should be. B. Guiding the ethical conduct of internal auditors. C. Fostering improved organizational processes and operations. D. Establishing the basis for the measurement of internal audit performance. In a data center, many hardware controls assure the accuracy of data processed. One hardware control used to evaluate stored data by counting the number of on bits in each character and then determining whether the total obtained is odd or even is a A. Programmed check B. Header label check C. Check digit routine D. Parity check Shipments are made from the warehouse based on customer purchase orders. The matched shipping documents and purchase orders are then forwarded to the billing department for sales invoice preparation. The shipping documents are neither accounted for nor pre-numbered. Which of the following substantive tests should be extended as a result of this control weakness? A. Select sales invoices from the sales register and examine the related shipping documents. B. Trace quantities and prices on the sales invoices to the customer purchase order and test extensions and footings. C. Foot the sales register and trace the total to the general ledger. D. Select bills of lading from the warehouse and trace the shipments to the related sales invoices. Which of the following is the best explanation of the difference, if any, between engagement objectives and procedures? A. Procedures establish broad general goals; objectives specify the detailed work to be done. B. Objectives are tailor-made for each engagement; procedures are generic in application. C. Objectives define specific desired accomplishments; procedures provide the means of achieving objectives. D. Procedures and Objectives are essentially the same. When audit findings are challenged, the auditor's factual rebuttal is best facilitated by: A. Summaries in the audit program. B. Pro forma working papers. C. Cross-referencing the findings to the working papers. D. Explicit procedures in the audit program. An audit of an automated accounts receivable function for a single plant furniture manufacturing organization has just been completed. Significant findings include late posting of customers' payments, late mailing of monthly invoices, and erratic follow-up on past-due accounts. Which of the following managers should attend the exit conference for this audit? A. Head of the audit team, controller, and vice president of information systems. B. Head of the audit team, manager of the accounts receivable department, and manager of the data processing department.