Which of the following best describes a list of audit criteria in the audit of the treasury function

Which of the following best describes an internal auditors purpose in reviewing the organizations existing governance, risk management, and control processes?

To provide reasonable assurance that the processes will be the organizations objectives and goals to be met efficiently and economically.

The requirement that purchases be made from suppliers on an approved vendor list is an example of a:

An effective system of internal controls is most likely to detect a fraud perpetrated by a:

The control that would most likely ensure that payroll checks are written only for authorized amounts is to:

Require supervisory approval of employee timecards

An internal auditor plans to conduct an audit of the adequacy of controls over investments in new financial instruments. Which of the following would not be required as part of such an engagement?

Determine whether the treasure is getting higher/lower RoR on investments than treasurers in comparable orginizations

Appropriate internal control for a MNC's branch office that has a department responsible for the transfer of money requires that:

The individual who initiates wire transfers does not reconcile the bank statement

Who has primary responsibility for the monitoring component of internal control?

The organizations management

Reasonable assurance, as it pertains to internal control, means that:

Inherent limitations of internal control preclude a system of internal control from providing absolute assurance that objectives will be achieved

Which of the following best exemplifies a control activity referred to as independent verification?

Reconciliation of bank accounts by someone who DOES NOT handle cash or record cash transactions.

The risk assessment component of internal control involves the:

Organizations identification and analysis of the risks that threaten the achievement of its objectives

The software that manages the inter-connectivity of the system hardware devices is the:

Operating system software

An internet firewall is designed to provide protection against:

Unauthorized access from outsiders

Which of the following best illustrates the use of EDI?

Computerized placement of a purchase order from a customer to its supplier

The possibility of someone maliciously shutting down an information system is most directly an element of:

An organizations IT governance committee has several important responsibilities. Which of the follow is not normally such a responsibility? 

DESIGNING IT application- based controls

If a sales transaction record was rejected during input because the customer account number entered was not listed in the customer master file, the error was most likely detected by a : 

The purpose of a logical security controls is to:

Which of the following statements regarding an internal audit functions continuous auditing responsibilities is/are true?

I. The internal audit function is responsible for assessing the effectiveness of mgmts continuous monitoring activities II. In areas of the organization in which management has implemented effective monitoring activities, the internal audit function can conduct less stringent continuous assessments of risks and controls.

Predication is a technical term that refers to:

The ability of a fraud examiner to commence an investigation if a form of evidence exists that fraud has occurred. 

What fraud schemes were reported to be most common in the ACFE's 2012 Report to the Nation?

Misappropriation of assets by employees

Which of the following is not a typical "rationalization" of a fraud perpetrator?

I'm smarter than the rest of them

Which of the following is not something all levels of employees should do?

Investigate suspicious activities that they believe may be fraudulent

An organization that manufactures and sells computers is trying to boost sales between now and the end of the year. It decides to offer its sales representatives a bonus based on the number of units they deliver to customers before the end of the year. The price of all computers is determined by the vp of sales and cannot be changed by sales reps. Which of the following presents the greatest reason a sales rep may commit fraud with this incentive program?

Customers have the right to return a laptop for up to 90 days after purchase

How should an organization handle an anonymous accusation from an employee that a supervisor in the organization has manipulated time reports?

Assess the facts provided by the anonymous party against pre-established criteria to determine whether a formal investigation is warranted 

Which of the following is an example of misappropriation of assets?

A small amount of petty cash is stolen.

Which of the following is NOT an example of a fraud prevention program element?

Analyzing cash disbursements to determine whether any duplicate payments have been made

Which of the following types of companies would most likely need the strongest anti-fraud controls? 

A payroll clerk increased the hourly pay rate of a friend and shared the resulting over payment with the friend. Which of the following controls would have best served to prevent this fraud? 

Limiting the ability to make changes in payroll system personnel information to authorized HR department supervisors

The internal audit functions responsibilities with respect to fraud are limited to:

Being aware of fraud indicators, including those relating to financial reporting fraud, but not necessarily possessing the expertise of a fraud investigation specialists

From an organizations standpoint, because internal auditors are seen to be "internal control experts", they are also: 

The best resource for audit committees, management, and others to consult in - house when setting up anti-fraud programs and controls, even if they may not have any fraud investigation experience 

Per IIA Standards, internal audit functions must establish:

Both internal and external quality assurance and improvement program assesments

Senior management has requested that the internal audit function perform an operational review of the telephone marketing operations of a major division and recommend procedures and policies for improving management control over the operation. The internal audit function should:

Accept the audit engagement because independence would not be impaired

Who is ultimately responsible for determining that the objectives for an internal audit engagement have been met>

Which of the following is the best reason for the CAE to consider the organizations strategic plan in developing the annual internal audit plan?

To ensure that the internal audit plan supports the overall business objectives

The Standards requires policies and procedures to guide the internal audit staff. Which of the following statements is false with respect to this requirement?

All internal audit functions should have a detailed policies and procedures manual

When conducting a consulting engagement to improve the efficiency and quality of a production process, the audit team is faced with a scope limitation because several months of the production data have been lost or incomplete. Faced with this scope limitation, the CAE should: 

Discuss the problem with the customer and together evaluate whether the engagement should be continued

Which of the following is not a responsibility for the CAE?

To oversee the establishment, administration, and assessment of the organizations system of internal controls and risk managment processes. 

The standards requires the CAE to share information and coordinate activities with other internal and external providers of a

Requiring the independent outside auditor to have the CAE's approval of their annual audit plan for conducting the financial statement audit.

5 Key principles for managing fraud

Reporting, Investigation, & Resolution

professional skepticism means that internal auditors beginning an assurance engagement should

neither assume client personnel are honest nor assume they are dishonest

which of the following statements regarding audit evidence would be the least appropriate for an internal auditor to make?

I do not preform procedures that provide persuasive evidence because I must obtain convincing evidence.

audit evidence is generally considered sufficient when

there is enough of it tonsupport well founded conclusions

documentary evidence is one of the principle types of corroborating evidence. which of the following is most reliable

a vendors invoice obtained from the accounts payable department

which of the following statements regarding observation as an audit procedure is/are correct

I. observation is limited because individuals may react differently being watched
III. observation provides evidence about whether certain controls are operating as designed.

which of the following is the least reasonable explanation for the changes observed by the auditor in the accounts receivable

sales returned for credit were overstated in years 2 and 3

if purchases of office supplies are made thru the purchasing dep, which of the following is procedures is the most appropriat

vouch purchase orders to approved purchase requisitions

which of the following procedures would detect a manager falsifying receiving reports and invoices

perform ratio and trend analysis. compare the cost of raw materials purchased wjth the cost of goods produced.

which audit software would be most effective in detecting fraud using fictitious vendors?

lost all major vendors by product line. select a sample of major vendors and examine supporting documentation for goods or services rendered.

which of the following most completely describes the appropriate content of internal audit assurance engagment working papers

objectives, procedures,facts, conclusions. and recommendations

internal audit engagement teams prepare working papers primarily for the benefit of the

the primary reason for an internal auditor to use statistical sampling rather than nonstatistical sampling is to:

allow the auditor to quantify and therefore control the risk of making an incorrect decision based on sample evidence

which of the following is an element of sampling risk as opposed to an element of nonsampling risk?

determining a sample size that is too small

for which of the following would an internal auditor most likely use attribute sampling?

inspectj g employee timecards for proper approval

changing the expected pop deviation rate from 1-2 % and the tolerable deviation rate from 7-6 % would cause the sample size 2

an IA selects a smaple of sales invoices and matches them to shipping documents. this addresses what assertion?

all billed sales are for goods shipped to customers

to determine whether checks have proper support. the IA should begin testing procedures by selecting items from the pop of:

an IA should consider the qualitative aspects of deviations. which of the following situations should cause the most concern?

the deciations found mat have been caused intentionally

pps sampling plan; changing the tolerable misstatement from200k-100k &the acceptance rate from10-5% would cause sampling size

which of the following would be the LEAST valid reason fir deciding to use pps sampling rather than classical variables samp

using pps sampling eliminates the need for profession judgment in determining the appropriate sample size and evaluating the sample results

the taks preformed during an interna audit assurance engagment should address the following questions, in this specific order

what results are being achieved
what are the reasons for the results
how can preformance be improved

while planning an assurance engagement, the IA obtains knowledge avout the auditees operations to among other things:

develop an understanding of the auditees objectices risks and controls

which of the following statements does not illustrate the concept of inherent business risk

a broken lock on a security gate

which of the following statements concerning the analysis of causes and effects is false?

analyzing causes and effects of a particular risk should only be performed after the in internal auditor has first obtained evidence that a problem has occured.

internal auditors ontaim an understanding of controls and preform tests of controls to:

evaluate the design adequacy and operating effectiveness of the controls

if an IAs evaluation of internal cobtrol design indiciates that the cobtrols are designed adequately,  the next step would be

test the operating effectiveness of the controls

which of the following would be the least desiravle criterion against which to judge xurrent operations

the operations of the treasury function as documented during the last audit.

due professional care requirez that internal audit opinions be:

based on sufficient appropriate evidence

WotF statements best describes an intern audit functions responsibility for assurance engagment followup activities

the ia function ahould determine that correctivw action has been taken and is achieving the desired results or that senior management has assumed the risk associated with not taking corrective action on reported observations

which of the following would be classifed as a consulting engagement?

facilitating senior mgmts assessment of risks threatening the organization.

WotF is not likely to ve an assurance engagment objective?

guarantee the accuracy of recorded inventory balances

a process objective atatubg "all contrscts nyst ve approved before being consummated" is an example of what type of objective

analytical procedures can ve applied during which phase of an assurance engagement

WotF doc will likely be of greates assistance to the ia in their assesment of process design adequacy

detailed flowcharts depicting the flow of the process

whoch of the following controls is not likely to be an entity level control

all cash disbursement transactions must be approved before thet are paid

which of the following is not typically a key element of flowchartsor narrative memoranda

overall process objectives

WotF external risks is least likely to impact the accuracy of financial reporting?

competitor pressures cause the org to oursue new sales channels

WotF groups risk tolerqnce levels are least relevant when conducting an assurance engagement

WotF controls is likely to be least relevant when evaluating the design adequacy of a cash collections process?

documenting the rationale for selecting the bank account unti which the deposit will be made

the ia determines that the process ia not deisgned adequately to reduce the risks to an acceptable level. now what?

test compensating controls in other processes to see if the impact of the design inadequacy s reduced to an acceptable level.

of an ia identifies an exception while testing,  which if the following may be appropriate?

all of the above ( test additional items, gain an understanding of the root cause, draft an observation)

WotF is an appropriate conclusion that can be drawn when the ia identifies an observation from testing controls?

certain risks are not effectively mitigated

once an observation is identified by the internal auditor, it should be:

documented in the working papers

reccomendations should be included in final audit communications to:

provide mgmt with options for addressing audit observations

according to the ippf an engagement final communication should include, at min, which of the following?

purpose of the engagament
engagement scope
results of the engagement

WotF would NOT be considered a primary objective if a closing or exit conference?

to identify concerns for future audit engagements

during a review of purchasing operations, procedures did not agree with stated company provedures, but were beneficial...

report the change and suggest that the change in procedures be documented.

a formal engagement communication must:

report significant observations

WotF does the CAE need to cinsider when determining the extent of the followup required?

significance of the reported observation and degree of effort and cost needed for the correctice action

company policy involving travel and and travel advances. the audit finding known as "effect" is:

employees accumulate large, unneeded advances

ia reports can be structured to motivate mgmt to correct deficiencies.  WotF report writing techniques is most effective

suggest practical improvements to address the identified observations

the primary purpose of issuing an interim report during an internal audit is to:

provide auditee mgmt the opportunity to act on cettain observations immediately

WotF would be a typical consulting engagement activity preformed by the ia function?

reviewing and commenting on a draft of a new ethixs policy created by the company

WotF is not a required consideration regarding proficiency and due prof care when choosing to preform a consulting engagement

potential impact on the independent outside auditors financial statement audit

snr mgmt of an org has requested the ia function help educate employees about internal control concepts.  this is an ex of:

a training consulting engagement

it would be appropriate for the ia function to preform which of the following?

review a new it application before implementation

WotF is notnlikely to be a step during a consulting engagement?

expressing a conclusion on thw design adequacy and operating effectiveness of a process

the coo has requested the ia function advise her regarding anrw plan being developed.  WotF shod the cae decline to do?

determining the appropriate bonus formula for inclusion in the plan

when conducting a consulting engagment the ia team is faced with several months of kissing data. facing this scope, the cae:

should discuss the problem with the customer and together evaluate whether the engagement should be continued

the audit committe has requested that the ia function assist with the annual risk assessmemt process. what type of engagement

a facilitative consulting engagement

the cae should inform the cfo that the overall responability of ia is to:

serve as an independent assurance and consulting activity designed to add value and improve the companys operations

WotF is not true about business objectives

business objectives are mgmts means of employing resources and assigning responsibilities

within the context of ia, assurance servies are best defined as

objectice examinations. of evidence for the prupose of providing independent assessments

ia must have competent interpersonal skills. WotF does not represent an attrivute of interpersonal skills?

whilenplanning an internalnaudit, the ia obtains knowledge about the auditee to, among other things

develop an understanding of the auditees objectices and risks

a primary purpose of the standards is to:

establish a basis for evaluating internal audit performance

WotF are "mandatory guidance" in the iias ippf

the code of ethics
the definition of internal auditing
the standards

an ia provides income tax services during the tax season. WotF activities would he be in violation of the iias code of ethics

preparing, for a fee, a divison managers personal tax return

ia auditing a div which the cfo is a friend. he learns friend is being replaced. he relays to friend. which principle violate

WotF is not something an ia is required to consider in determining the exercise of due care in a treasury dept

the independent outside auditors have requested to see the engagement report and working oapers

in WotF situations does the ia potentially lack objectivity?

a former purchasing ass performs a review of internal controls over purchasing four months after being transferred to the ia dept

WotF is/are components of the standards

statements
interpretations
gloassary

according to the stabdards, WotF mjst the ia mng think about when considering due care while planning an assurance engagment

the cost assurance in relationship to potential benefits

which of the following types of ippf guidance requires an exposre to the various iia national institutes prior to its issuanc

WotF are rquired of the ia function per the standars

assess whther the info tech governance of the org sustains and supports the orgs startegies and objectives

WotF is not an appropriate governance role for an orgs board of directors

providing assurance directly to third parties that the orgs governance processes are effective

WotF are typically governance responsibilities of anr mgmt

delegating risk tolerance levels to risk managers
&
ensuring that sufficient info is gathered to support reporting to the board

what type of stakeholder is an industey association

who is responsible for establishing the strategic objectives of an org

who is ultimately responsible for identifying new or emerging key risk areas that should be covered by the orgs governance

the ia function should not

oversee the orgs governance and risk mgmt processes

WotF would not be considered a first line of defense in the Three Lines of Defense model

a divisional controller conducts a peer review of compliance witb financial control standards

according to COSO ERM allnof the following are elements of an orga internal environment except

WotF external events will.most likely inpact a defense contractor the relies on large gov contracts for its success

WotF is not an example of a risk sharing strategy

selling a nonstrategic business unit

WotF may create the greatest risk if this org makes business decisions based on the info contained on this website

accuracy and reliability of the info

WotF risk mgmt activities is out og sequenxe in terms of timing?

determine key org objectives

who is responsible for implementing  ERM

WotF is jot a potential value driver for implementing ERM

financial results will improve in the short run

WotF is the best reason for the CAE to consider the orgs strategic plan in developing the annual internal audit plan

to ensure that the ia plan supports the overall business objectives

when snr mgmt accepts a level of residual risk that the cae believes js unacceptable to the org, the cae should

discuess the matter with knowledgeable members of snr mgmt and if not resolved take it to the audit committe

WotF would not be relevant with respect to protectingthe ia function independence and the objectivity of its internal audito

the ia function ibtains assistance from am outside consuktant in the conduct of the formal risk assessment session

WotF will likely have the greatest impact on the scope and approach of the internal audit engagement?

a new system was implemented during the year, which changed how the transactions are processed

a manufacturing company has identified a risknof employees not conducting quality control procedures. which objective?

a risk that a new competitor will significantly reduce the narket share of an orgs product likely relates to which objective

WotF is true regarding business process outsourcing

mgmts controls to ensure the outsourcing provider meets contractual performance requirements should be tested by the ia function

in assessing org risk ina man org, WotF would have the greatest long range impact on the org

ias often prepare process maps and reference portions of these maps to narrative descriptions. this is an appropriate procedu

to obtain the understanding necessary to test the process

if a risk appears in the bottom right of quadrant II in the above tosk control map, it means that

the controls may be excessive relative to the risk

if a risk appears in the middle of quadrant IV in the above tosk control map, it means that;

there is an appropriate balance between risk and control

WotF circumstances would concern the internal auditor the most?

a risk in the upper left corner of quadrant III

WotF are business processes

strategic planning
review and write off of delinquent loans
remittance of pay taxes to the respective tax authorities

WotF symbols in a process map will most likely contain a question

after business risks have been identified,  they should be assessed in terms of their inherent

in a risk process matrix, a process that helps to manage a risk indirectly wouls be shown to have

a major upgrade to an important info sysytem would most likely represent a high

What are the criteria used in the conduct of an audit?

What are the 5 elements of audit finding?

What are 2 key criteria of audit?

What are the criteria for an audit of a company's financial statements?