Which of the following best describes an internal auditors purpose in reviewing the organizations existing governance, risk management, and control processes? Show To provide reasonable assurance that the processes will be the organizations objectives and goals to be met efficiently and economically. The requirement that purchases be made from suppliers on an approved vendor list is an example of a: An effective system of internal controls is most likely to detect a fraud perpetrated by a: The control that would most likely ensure that payroll checks are written only for authorized amounts is to: Require supervisory approval of employee timecards An internal auditor plans to conduct an audit of the adequacy of controls over investments in new financial instruments. Which of the following would not be required as part of such an engagement? Determine whether the treasure is getting higher/lower RoR on investments than treasurers in comparable orginizations Appropriate internal control for a MNC's branch office that has a department responsible for the transfer of money requires that: The individual who initiates wire transfers does not reconcile the bank statement Who has primary responsibility for the monitoring component of internal control? The organizations management Reasonable assurance, as it pertains to internal control, means that: Inherent limitations of internal control preclude a system of internal control from providing absolute assurance that objectives will be achieved Which of the following best exemplifies a control activity referred to as independent verification? Reconciliation of bank accounts by someone who DOES NOT handle cash or record cash transactions. The risk assessment component of internal control involves the: Organizations identification and analysis of the risks that threaten the achievement of its objectives The software that manages the inter-connectivity of the system hardware devices is the: Operating system software An internet firewall is designed to provide protection against: Unauthorized access from outsiders Which of the following best illustrates the use of EDI?
Computerized placement of a purchase order from a customer to its supplier The possibility of someone maliciously shutting down an information system is most directly an element of: An organizations IT governance committee has several important responsibilities. Which of the follow is not normally such a responsibility? DESIGNING IT application- based controls If a sales transaction record was rejected during input because the customer account number entered was not listed in the customer master file, the error was most likely detected by a : The purpose of a logical security controls is to: Which of the following statements regarding an internal audit functions continuous auditing responsibilities is/are true? I. The internal audit function is responsible for assessing the effectiveness of mgmts continuous monitoring activities II. In areas of the organization in which management has implemented effective monitoring activities, the internal audit function can conduct less stringent continuous assessments of risks and controls. Predication is a technical term that refers to: The ability of a fraud examiner to commence an investigation if a form of evidence exists that fraud has occurred. What fraud schemes were reported to be most common in the ACFE's 2012 Report to the Nation? Misappropriation of assets by employees Which of the following is not a typical "rationalization" of a fraud perpetrator? I'm smarter than the rest of them Which of the following is not something all levels of employees should do? Investigate suspicious activities that they believe may be fraudulent An organization that manufactures and sells computers is trying to boost sales between now and the end of the year. It decides to offer its sales representatives a bonus based on the number of units they deliver to customers before the end of the year. The price of all computers is determined by the vp of sales and cannot be changed by sales reps. Which of the following presents the greatest reason a sales rep may commit fraud with this incentive program? Customers have the right to return a laptop for up to 90 days after purchase How should an organization handle an anonymous accusation from an employee that a supervisor in the organization has manipulated time reports? Assess the facts provided by the anonymous party against pre-established criteria to determine whether a formal investigation is warranted Which of the following is an example of misappropriation of assets? A small amount of petty cash is stolen. Which of the following is NOT an example of a fraud prevention program element? Analyzing cash disbursements to determine whether any duplicate payments have been made Which of the following types of companies would most likely need the strongest anti-fraud controls? A payroll clerk increased the hourly pay rate of a friend and shared the resulting over payment with the friend. Which of the following controls would have best served to prevent this fraud? Limiting the ability to make changes in payroll system personnel information to authorized HR department supervisors The internal audit functions responsibilities with respect to fraud are limited to: Being aware of fraud indicators, including those relating to financial reporting fraud, but not necessarily possessing the expertise of a fraud investigation specialists From an organizations standpoint, because internal auditors are seen to be "internal control experts", they are also: The best resource for audit committees, management, and others to consult in - house when setting up anti-fraud programs and controls, even if they may not have any fraud investigation experience Per IIA Standards, internal audit functions must establish: Both internal and external quality assurance and improvement program assesments Senior management has requested that the internal audit function perform an operational review of the telephone marketing operations of a major division and recommend procedures and policies for improving management control over the operation. The internal audit function should: Accept the audit engagement because independence would not be impaired Who is ultimately responsible for determining that the objectives for an internal audit engagement have been met> Which of the following is the best reason for the CAE to consider the organizations strategic plan in developing the annual internal audit plan? To ensure that the internal audit plan supports the overall business objectives The Standards requires policies and procedures to guide the internal audit staff. Which of the following statements is false with respect to this requirement? All internal audit functions should have a detailed policies and procedures manual When conducting a consulting engagement to improve the efficiency and quality of a production process, the audit team is faced with a scope limitation because several months of the production data have been lost or incomplete. Faced with this scope limitation, the CAE should: Discuss the problem with the customer and together evaluate whether the engagement should be continued Which of the following is not a responsibility for the CAE? To oversee the establishment, administration, and assessment of the organizations system of internal controls and risk managment processes. The standards requires the CAE to share information and coordinate activities with other internal and external providers of a Requiring the independent outside auditor to have the CAE's approval of their annual audit plan for conducting the financial statement audit. 5 Key principles for managing fraud Reporting, Investigation, & Resolution professional skepticism means that internal auditors beginning an assurance engagement should neither assume client personnel are honest nor assume they are dishonest which of the following statements regarding audit evidence would be the least appropriate for an internal auditor to make? I do not preform procedures that provide persuasive evidence because I must obtain convincing evidence. audit evidence is generally considered sufficient when there is enough of it tonsupport well founded conclusions documentary evidence is one of the principle types of corroborating evidence. which of the following is most reliable a vendors invoice obtained from the accounts payable department which of the following statements regarding observation as an audit procedure is/are correct I. observation is limited because individuals may react differently being watched which of the following is the least reasonable explanation for the changes observed by the auditor in the accounts receivable sales returned for credit were overstated in years 2 and 3 if purchases of office supplies are made thru the purchasing dep, which of the following is procedures is the most appropriat vouch purchase orders to approved purchase requisitions which of the following procedures would detect a manager falsifying receiving reports and invoices perform ratio and trend analysis. compare the cost of raw materials purchased wjth the cost of goods produced. which audit software would be most effective in detecting fraud using fictitious vendors? lost all major vendors by product line. select a sample of major vendors and examine supporting documentation for goods or services rendered. which of the following most completely describes the appropriate content of internal audit assurance engagment working papers objectives, procedures,facts, conclusions. and recommendations internal audit engagement teams prepare working papers primarily for the benefit of the the primary reason for an internal auditor to use statistical sampling rather than nonstatistical sampling is to: allow the auditor to quantify and therefore control the risk of making an incorrect decision based on sample evidence which of the following is an element of sampling risk as opposed to an element of nonsampling risk? determining a sample size that is too small for which of the following would an internal auditor most likely use attribute sampling? inspectj g employee timecards for proper approval changing the expected pop deviation rate from 1-2 % and the tolerable deviation rate from 7-6 % would cause the sample size 2 an IA selects a smaple of sales invoices and matches them to shipping documents. this addresses what assertion? all billed sales are for goods shipped to customers to determine whether checks have proper support. the IA should begin testing procedures by selecting items from the pop of: an IA should consider the qualitative aspects of deviations. which of the following situations should cause the most concern? the deciations found mat have been caused intentionally pps sampling plan; changing the tolerable misstatement from200k-100k &the acceptance rate from10-5% would cause sampling size which of the following would be the LEAST valid reason fir deciding to use pps sampling rather than classical variables samp using pps sampling eliminates the need for profession judgment in determining the appropriate sample size and evaluating the sample results the taks preformed during an interna audit assurance engagment should address the following questions, in this specific order what results are being achieved while planning an assurance engagement, the IA obtains knowledge avout the auditees operations to among other things: develop an understanding of the auditees objectices risks and controls which of the following statements does not illustrate the concept of inherent business risk a broken lock on a security gate which of the following statements concerning the analysis of causes and effects is false? analyzing causes and effects of a particular risk should only be performed after the in internal auditor has first obtained evidence that a problem has occured. internal auditors ontaim an understanding of controls and preform tests of controls to: evaluate the design adequacy and operating effectiveness of the controls if an IAs evaluation of internal cobtrol design indiciates that the cobtrols are designed adequately, the next step would be test the operating effectiveness of the controls which of the following would be the least desiravle criterion against which to judge xurrent operations the operations of the treasury function as documented during the last audit. due professional care requirez that internal audit opinions be: based on sufficient appropriate evidence WotF statements best describes an intern audit functions responsibility for assurance engagment followup activities the ia function ahould determine that correctivw action has been taken and is achieving the desired results or that senior management has assumed the risk associated with not taking corrective action on reported observations which of the following would be classifed as a consulting engagement? facilitating senior mgmts assessment of risks threatening the organization. WotF is not likely to ve an assurance engagment objective? guarantee the accuracy of recorded inventory balances a process objective atatubg "all contrscts nyst ve approved before being consummated" is an example of what type of objective analytical procedures can ve applied during which phase of an assurance engagement WotF doc will likely be of greates assistance to the ia in their assesment of process design adequacy detailed flowcharts depicting the flow of the process whoch of the following controls is not likely to be an entity level control all cash disbursement transactions must be approved before thet are paid which of the following is not typically a key element of flowchartsor narrative memoranda overall process objectives WotF external risks is least likely to impact the accuracy of financial reporting? competitor pressures cause the org to oursue new sales channels WotF groups risk tolerqnce levels are least relevant when conducting an assurance engagement WotF controls is likely to be least relevant when evaluating the design adequacy of a cash collections process? documenting the rationale for selecting the bank account unti which the deposit will be made the ia determines that the process ia not deisgned adequately to reduce the risks to an acceptable level. now what? test compensating controls in other processes to see if the impact of the design inadequacy s reduced to an acceptable level. of an ia identifies an exception while testing, which if the following may be appropriate? all of the above ( test additional items, gain an understanding of the root cause, draft an observation) WotF is an appropriate conclusion that can be drawn when the ia identifies an observation from testing controls? certain risks are not effectively mitigated once an observation is identified by the internal auditor, it should be: documented in the working papers reccomendations should be included in final audit communications to: provide mgmt with options for addressing audit observations according to the ippf an engagement final communication should include, at min, which of the following? purpose of the engagament WotF would NOT be considered a primary objective if a closing or exit conference? to identify concerns for future audit engagements during a review of purchasing operations, procedures did not agree with stated company provedures, but were beneficial... report the change and suggest that the change in procedures be documented. a formal engagement communication must: report significant observations WotF does the CAE need to cinsider when determining the extent of the followup required? significance of the reported observation and degree of effort and cost needed for the correctice action company policy involving travel and and travel advances. the audit finding known as "effect" is: employees accumulate large, unneeded advances ia reports can be structured to motivate mgmt to correct deficiencies. WotF report writing techniques is most effective suggest practical improvements to address the identified observations the primary purpose of issuing an interim report during an internal audit is to: provide auditee mgmt the opportunity to act on cettain observations immediately WotF would be a typical consulting engagement activity preformed by the ia function? reviewing and commenting on a draft of a new ethixs policy created by the company WotF is not a required consideration regarding proficiency and due prof care when choosing to preform a consulting engagement potential impact on the independent outside auditors financial statement audit snr mgmt of an org has requested the ia function help educate employees about internal control concepts. this is an ex of: a training consulting engagement it would be appropriate for the ia function to preform which of the following? review a new it application before implementation WotF is notnlikely to be a step during a consulting engagement? expressing a conclusion on thw design adequacy and operating effectiveness of a process the coo has requested the ia function advise her regarding anrw plan being developed. WotF shod the cae decline to do? determining the appropriate bonus formula for inclusion in the plan when conducting a consulting engagment the ia team is faced with several months of kissing data. facing this scope, the cae: should discuss the problem with the customer and together evaluate whether the engagement should be continued the audit committe has requested that the ia function assist with the annual risk assessmemt process. what type of engagement a facilitative consulting engagement the cae should inform the cfo that the overall responability of ia is to: serve as an independent assurance and consulting activity designed to add value and improve the companys operations WotF is not true about business objectives business objectives are mgmts means of employing resources and assigning responsibilities within the context of ia, assurance servies are best defined as objectice examinations. of evidence for the prupose of providing independent assessments ia must have competent interpersonal skills. WotF does not represent an attrivute of interpersonal skills? whilenplanning an internalnaudit, the ia obtains knowledge about the auditee to, among other things develop an understanding of the auditees objectices and risks a primary purpose of the standards is to: establish a basis for evaluating internal audit performance WotF are "mandatory guidance" in the iias ippf the code of ethics an ia provides income tax services during the tax season. WotF activities would he be in violation of the iias code of ethics preparing, for a fee, a divison managers personal tax return ia auditing a div which the cfo is a friend. he learns friend is being replaced. he relays to friend. which principle violate WotF is not something an ia is required to consider in determining the exercise of due care in a treasury dept the independent outside auditors have requested to see the engagement report and working oapers in WotF situations does the ia potentially lack objectivity? a former purchasing ass performs a review of internal controls over purchasing four months after being transferred to the ia dept WotF is/are components of the standards statements according to the stabdards, WotF mjst the ia mng think about when considering due care while planning an assurance engagment the cost assurance in relationship to potential benefits which of the following types of ippf guidance requires an exposre to the various iia national institutes prior to its issuanc WotF are rquired of the ia function per the standars assess whther the info tech governance of the org sustains and supports the orgs startegies and objectives WotF is not an appropriate governance role for an orgs board of directors providing assurance directly to third parties that the orgs governance processes are effective WotF are typically governance responsibilities of anr mgmt delegating
risk tolerance levels to risk managers what type of stakeholder is an industey association who is responsible for establishing the strategic objectives of an org who is ultimately responsible for identifying new or emerging key risk areas that should be covered by the orgs governance the ia function should not oversee the orgs governance and risk mgmt processes WotF would not be considered a first line of defense in the Three Lines of Defense model a divisional controller conducts a peer review of compliance witb financial control standards according to COSO ERM allnof the following are elements of an orga internal environment except WotF external events will.most likely inpact a defense contractor the relies on large gov contracts for its success WotF is not an example of a risk sharing strategy selling a nonstrategic business unit WotF may create the greatest risk if this org makes business decisions based on the info contained on this website accuracy and reliability of the info WotF risk mgmt activities is out og sequenxe in terms of timing? determine key org objectives who is responsible for implementing ERM WotF is jot a potential value driver for implementing ERM financial results will improve in the short run WotF is the best reason for the CAE to consider the orgs strategic plan in developing the annual internal audit plan to ensure that the ia plan supports the overall business objectives when snr mgmt accepts a level of residual risk that the cae believes js unacceptable to the org, the cae should discuess the matter with knowledgeable members of snr mgmt and if not resolved take it to the audit committe WotF would not be relevant with respect to protectingthe ia function independence and the objectivity of its internal audito the ia function ibtains assistance from am outside consuktant in the conduct of the formal risk assessment session WotF will likely have the greatest impact on the scope and approach of the internal audit engagement? a new system was implemented during the year, which changed how the transactions are processed a manufacturing company has identified a risknof employees not conducting quality control procedures. which objective? a risk that a new competitor will significantly reduce the narket share of an orgs product likely relates to which objective WotF is true regarding business process outsourcing mgmts controls to ensure the outsourcing provider meets contractual performance requirements should be tested by the ia function in assessing org risk ina man org, WotF would have the greatest long range impact on the org ias often prepare process maps and reference portions of these maps to narrative descriptions. this is an appropriate procedu to obtain the understanding necessary to test the process if a risk appears in the bottom right of quadrant II in the above tosk control map, it means that the controls may be excessive relative to the risk if a risk appears in the middle of quadrant IV in the above tosk control map, it means that; there is an appropriate balance between risk and control WotF circumstances would concern the internal auditor the most? a risk in the upper left corner of quadrant III WotF are business processes strategic planning WotF symbols in a process map will most likely contain a question after business risks have been identified, they should be assessed in terms of their inherent in a risk process matrix, a process that helps to manage a risk indirectly wouls be shown to have a major upgrade to an important info sysytem would most likely represent a high What are the criteria used in the conduct of an audit?Audit criteria are a key contributor to the strength of an audit and its potential impact. Audit procedures focus on determining whether criteria are met or not met. Suitable criteria are clear, concise, relevant, reliable, neutral, understandable, and complete.
What are the 5 elements of audit finding?There are five elements of a finding:. Condition: What is the problem/issue? What is happening?. Cause: Why did the condition happen?. Criteria: How do we, as auditors, know this is a problem? What should be?. Effect: Why does this condition matter? What is the impact?. Recommendation: How do we solve the condition?. What are 2 key criteria of audit?Selecting Audit Criteria. Oversight roles and responsibilities.. Independence.. Skills and knowledge.. Sufficient and appropriate information.. Risk management.. Performance monitoring.. Compliance.. Corrective actions.. What are the criteria for an audit of a company's financial statements?When auditing historical financial statements, an auditor must have a thorough understanding of the client and its environment. This knowledge should include the client's regulatory and operating environment, business strategies and processes, and measurement of indicators.
|