ACCT 749: Quizzes

Which of the following is not a key components of the definition of internal auditing

Answers:

Helping the organization accomplish its objectives.

Installing and managing effective accounting internal controls.

Evaluating and improving the effectiveness of risk management, control, and governance processes.

Assurance and consulting activity designed to add value and improve operations.

Selected Answer:

Installing and managing effective accounting internal controls.

What is the most accurate term for the procedures used by the board to oversee activities performed to achieve organizational objectives?

Governance

Control

Risk Management

Monitoring

Governance

Is the following definition of Governance true or false? Governance is the process conducted by the board of directors to authorize, direct, and oversee management toward the achievement of the organization's objectives.

True

Which of the following activities is outside the scope of internal auditing?

Evaluating risk exposure regarding compliance with policies, procedures, and contracts.

Safeguarding of assets.

Evaluating risk exposures regarding compliance with laws and regulations.

Ascertaining the extent to which management has established criteria to determine whether objectives have been accomplished.

Safeguarding of assets.

The purpose of the internal audit activity's evaluation of the effectiveness of existing risk management processes is to determine that

Management has planned and designed so as to provide reasonable assurance of the achieving objectives.

Management directs processes so as to provide reasonable assurance of the achieving objectives.

The organization's objectives will be achieved efficiently and economically.

The organization's objectives will be achieved in an accurate and timely manner and with minimal use of resources.

Management has planned and designed so as to provide reasonable assurance of the achieving objectives.

Which of the following goals sets risk management strategies at the optimum level?

Minimize costs

Maximize market share

Minimize losses

Maximize shareholder value

Maximize shareholder value

Which of following is not one of the three components of the internal auditing value proposition:

independence

assurance

insight

objectivity

Independence

Is the following definition of Assurance true or false? Assurance is subjective examination of evidence for the purpose of providing an independent assessment on risk management, control, or governance processes for the organization.

False

Which one is not the internal auditor's assurance responsibility to achieve organizations strategy, operational, financial, and compliance objectives

Assurance on Governance

Assurance on Risk

Assurance on Financial Statements

Assurance on Controls

Assurance on Financial Statements

Which one of the following is not a part of business objectives of COSO 2004

Strategic Objectives

Operations Objectives

Enforcing Objectives

Compliance Objectives

Enforcing Objectives

Which of the following is NOT an appropriate governance role for an organization's board of directors?

a.

Influencing the organization's risk-taking philosophy

b.

Evaluating and approving strategic objectives

c.

Providing assurance directly to third parties that the organization's governance processes are effective

d.

Establishing broad boundaries of conduct, outside of which the organizations should not operate

c.

Providing assurance directly to third parties that the organization's governance processes are effective

The internal audit activity should assess and make appropriate recommendations for improving the governance process in its accomplishment of the following objectives except.

a.

Promoting appropriate ethics and values within the organization

b.

Ensuring proper implementation of controls

c.

Communicating risk and control information to appropriate areas of the organization

d.

Coordinating the activities of and communicating information among the board, external and internal auditors, and management

Selected Answer:

b.

Ensuring proper implementation of controls

Governance is ultimately the responsibility of the board. The first of the board's responsibility is to identify the key stakeholders of an organization. A stakeholder is any party with a direct or indirect interest in an organization's activities and outcomes. The following list represents the stakeholders who are directly involved in the operation of the organization's business except.

Employees

Customers

Shareholders/investors

Vendors

Shareholders/investors

Because the various stakeholders will likely have different expectations, the outcomes each type of stakeholder deems unacceptable will vary as well. The board may need to consider the following types of outcomes except:

Financial

Ethical

Operational

Strategic

Ethical

The risk committee in an organization is responsible for determining that all key risks are identified, linked to risk management activities, and assigned to risk owners.

True

The responsibilities of the risk owners include the following except:

Evaluating whether the risk management activities are designed adequately to manage the related risks within the tolerable levels specified by the senior management.

Assessing the ongoing capabilities of the organization to execute those risk management activities.

Determine whether the risk management activities are currently operating as designed.

Ensuring effective organizational performance management and accountability.

Ensuring effective organizational performance management and accountability.

A series of business and related auditing failures led to the passage of the Sarbanes-Oxley Act (2002).

True

According to Title III-Corporate Responsibility, each member of the audit committee shall be a member of the board of directors and be independent. To be considered as independent, the committee member shall not accept any consulting, advisory, or other compensatory fee from the issuer.

True

According to Title III of SOX Act of 2002, the SEC requires that the principal executive officer or officers and the principal financial officer or officers (the signing officers) are responsible for establishing and maintaining internal controls; have designed such internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to such officers; have evaluated the effectiveness of the issuer's internal controls as of a date within 90 days prior to the report; have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date.

True

According to Title 404 of SOX 2002, SEC requires each annual report to contain an internal control report, which shall (a) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; (b) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting, and (c) assert that the financial statements are prepared in accordance with GAAP.

False

When assessing the risk associated with an activity, an internal auditor should

A.

Determine how the risk should best be managed.

B.

Provide assurance on the management of the risk

C.

Update the risk management process based on risk exposures.

D.

Design controls to mitigate the identified risks.

B.

Provide assurance on the management of the risk

The primary reason that a bank would maintain a separate compliance function is to

A.

Better manage perceived high risk.

B.

Strengthen control over the bank's investments.

C.

Ensure the independence of line and senior management.

D.

Better respond to shareholder expectations.

A.

Better manage perceived high risk.

Enterprise risk management

A.

Guarantees achievement of organizational objectives.

B.

Requires establishment of risk and control activities by internal auditors.

C.

Involves the identification of events with negative impacts on organizational objectives.

D.

Includes selection of the best risk response for the organization.

C.

Involves the identification of events with negative impacts on organizational objectives.

Which of the following represents the best statement of responsibilities for risk management?

Management/Internal Auditor/Board

A. Responsibility for risk/Oversight role/ Advisory role

B. Oversight role/Responsibility for risk/ Advisory role

C. Responsibility for risk/Advisory role / Oversight role

D. Oversight role /Advisory role/ Responsibility for risk

C

The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes. With respect to evaluating the adequacy of risk management processes, internal auditors most likely should

A.

Recognize that organizations should use similar techniques for managing risk.

B.

Determine that the key objectives of risk management processes are being met.

C.

Determine the level of risks acceptable to the organization.

D.

Treat the evaluation of risk management processes in the same manner as the risk analysis used to plan the engagements.

B.

Determine that the key objectives of risk management processes are being met.

Which of the following is not a responsibility of the Chief Audit Executive?

A.

To communicate the internal audit activity's plans and resource requirements to senior management and the board for review and approval.

B.

To coordinate with other internal and external providers of audit and consulting services to ensure proper coverage and minimize duplication.

C.

To oversee the establishment, administration, and assessment of the organization's system of risk management processes.

D.

To follow up on whether appropriate management actions have been taken on significant reported risks.

C.

To oversee the establishment, administration, and assessment of the organization's system of risk management processes.

Components of enterprise risk management (ERM) are integrated with the management process. Which of the following correctly states four of the eight components of ERM according to COSO's framework?

A.

Event identification, risk assessment, control activities, and objective setting.

B.

Internal environment, risk responses, monitoring, and risk minimization.

C.

External environment, information and communication, monitoring, and event identification.

D.

Objective setting, response to opportunities, risk assessment, and control activities.

A.

Event identification, risk assessment, control activities, and objective setting.

Which risk response reflects a change from acceptance to sharing?

A.

An insurance policy on a manufacturing plant was not renewed.

B.

Management purchased insurance on previously uninsured property.

C.

Management sold a manufacturing plant.

D.

After employees stole numerous inventory items, management implemented mandatory background checks on all employees.

B.

Management purchased insurance on previously uninsured property.

Which one of the following is not a part of ISO 31000 framework.

A.

Understand the organization and its context.

B.

Delegate accountability and authority.

C.

Allocate the necessary resources.

D.

Assess the risk.

D.

Assess the risk.

Which one of the following is not a part of ISO 3100 Process

A.

Establish the context, which focuses on understanding and agreeing on both the external and internal factors that will influence risk.

B.

Treat the risk.

C.

Monitor risk.

D.

Explicitly address uncertainty.

D.

Explicitly address uncertainty.

A primary purpose of establishing a code of conduct within a professional organization is to

A.

Reduce the likelihood that members of the profession will be sued for substandard work.

B.

Ensure that all members of the profession perform at approximately the same level of competence.

C.

Promote an ethical culture among professionals who serve others.

D.

Require members of the profession to exhibit loyalty in all matters pertaining to the affairs of their organization.

C.

Promote an ethical culture among professionals who serve others.

The IIA's Code of Ethics requires internal auditors to perform their work with

A.

Honesty, diligence, and responsibility.

B.

Timeliness, sobriety, and clarity.

C.

Knowledge, skills, and competence.

D.

Punctuality, objectivity, and responsibility.

A.

Honesty, diligence, and responsibility.

The Standards consists of three types of Standards. Which Standards apply to the characteristics of providers of internal auditing services?

A.

Implementation Standards.

B.

Performance Standards.

C.

Attribute Standards.

D.

Independence Standards.

C.

Attribute Standards.

Which Standards expand upon the other categories of Standards?

A.

Performance Standards.

B.

Attribute Standards.

C.

Implementation Standards.

D.

All of the choices are correct.

C.

Implementation Standards.

The purpose of the internal audit activity can be best described as

A.

Adding value to the organization.

B.

Providing additional assurance regarding fair presentation of financial statements.

C.

Expressing an opinion on the adequate design and functioning of the system of internal control.

D.

Assuring the absence of any fraud that would materially affect the financial statements.

A.

Adding value to the organization.

The chief audit executive (CAE) has been appointed to a committee to evaluate the appointment of the external auditors. The engagement partner for the external accounting firm wants the CAE to join her for a week of hunting at her private lodge. The CAE should

A.

Accept, assuming both their schedules allow it.

B.

Refuse on the grounds of conflict of interest.

C.

Accept as long as it is not charged to employer time.

D.

Ask the comptroller whether accepting the invitation is a violation of the organization's code of ethics.

B.

Refuse on the grounds of conflict of interest.

Which of the following permissible under The IIA's Code of Ethics?

A.

Disclosing confidential, engagement-related information that is potentially damaging to the organization in response to a court order.

B.

Using engagement-related information in a decision to buy an ownership interest in the employer organization.

C.

Accepting an unexpected gift from an employee whom the internal auditor has praised in a recent engagement communication.

D.

Not reporting significant observations and recommendations about illegal activity to the board because management has indicated it will address the issue.

A.

Disclosing confidential, engagement-related information that is potentially damaging to the organization in response to a court order.

The board of an organization has charged the chief audit executive (CAE) with upgrading the internal audit activity. The CAE's first task is to develop a charter. What item should be included in the statement of objectives?

A.

Report all engagement results to the board every quarter.

B.

Notify governmental regulatory agencies of unethical business practices by organization management.

C.

Evaluate the adequacy and effectiveness of the organization's controls.

D.

Submit budget variance reports to management every month.

C.

Evaluate the adequacy and effectiveness of the organization's controls.

Due professional care implies reasonable care and competence, not infallibility or extraordinary performance. Thus, which of the following is unnecessary?

A.

The conduct of examinations and verifications to a reasonable extent.

B.

The conduct of extensive examinations.

C.

The reasonable assurance that compliance does exist.

D.

The consideration of the possibility of material irregularities.

B.

The conduct of extensive examinations.

Following an external assessment of the internal audit activity, who is (are) responsible for communicating the results to the board?

A.

Internal auditors.

B.

Audit committee.

C.

Chief audit executive.

D.

External auditors.

Selected Answer:

C.

Chief audit executive.

Which of the following is not a business process?

Strategic planning.

Review and write-off of delinquent loans

Safeguarding of assets.

Remittance of payroll taxes to the respective tax authorities.

Safeguarding of assets.

Which of the following symbols represents a process in a process map?

Rectangle.

Diamond.

Arrow.

Oval.

Rectangle

The key objectives of a process can be determined by getting answers to the following questions except:

Why does the process exist?

How does this process contribute to the success of the organization's strategy?

What accomplishments tend to get employees involved in the process recognized by management or internal customers?

What else does the process do that is important to management?

What accomplishments tend to get employees involved in the process recognized by management or internal customers?

A business process is simply the set of connected activities linked with each other for the purpose of achieving an objective.

True

While Management and support processes do vary between organizations, they generally are necessary across all industries and support, but do not directly create, the value embedded in the organization's objectives.

True

According to COSO (Committee of Sponsoring Organization of the Treadway Commission) ERM objectives, the potential business risks are broken down into the following four categories: Strategic Risks, Operations Risks, Compliance Risks, and Reporting Risks. The Reporting Risks category has the following internal risk components except

Budgeting.

Performance measures.

Internal control.

Capital availability.

Capital availability.

A major upgrade to an important information system would most likely represent a high:

External risk factor.

Internal risk factor.

Other risk factor.

Likelihood of future systems problems.

Internal risk factor.

After business risks have been identified, they should be assessed in terms of their inherent:

Impact and likelihood.

Likelihood and probability.

Significance and severity.

Significance and control effectiveness.

Impact and likelihood.

Following are some of the steps used in determining the critical risk factors and processes to take actions as internal auditors under the Business Risk Assessment Approach using COSO Framework except.

Identify business risks using the Basic Business Risk Model.

Link critical risks to objectives.

Assign a score on a scale of 1-3 to each risk factor.

Map Risks to the business processes and identify processes and risks to audit or manage.

Assign a score on a scale of 1-3 to each risk factor.

Following are some of the steps used in determining the risk factors and processes to audit or manage as internal auditors under the Risk Factor Approach for assessing business risks except.

Identify risk factors using the Basic Business Risk Model.

Establish the relative weight for each factor on a scale 0-100, such that the total of all the factors' weight add to 100.

Use the Risk Assessment Model to determine the impact and likelihood of each risk factor.

Perform Risk/Control Analysis.

Use the Risk Assessment Model to determine the impact and likelihood of each risk factor.

The requirement that purchases be made from suppliers on an approved vendor list is an example of a:

Preventive control.

Detective control.

Compensating control.

Monitoring control.

Preventive control.

An effective system of internal controls is most likely to detect a fraud perpetrated by a:

Group of employees in collusion.

Single employee.

Group of managers in collusion.

Single manager.

Single employee.

Appropriate internal control for a multinational corporation's branch office that has a department responsible for the transfer of money requires that:

The individual who initiates wire transfers does not reconcile the bank statement.

The branch manager must receive all wire transfers.

Foreign currency rates must be computed separately by two different employees.

Corporate management approves the hiring of employees in this department.

The individual who initiates wire transfers does not reconcile the bank statement.

The policies and procedures helping to ensure that management directives are executed and actions are taken to address risks to achievements of objectives describes

Risk assessment.

Control environment.

Control activities

Monitoring.

Control activities

An organization's directors, management, external auditors, and internal auditors all play important roles in creating a proper control environment. Senior management is primarily responsible for

Establishing a proper organizational culture and specifying a system of internal control.

Designing and operating a control system that provides reasonable assurance that established objectives and goals will be achieved.

Ensuring that external and internal auditors adequately monitor the control environment.

Implementing and monitoring controls designed by the board of directors.

Establishing a proper organizational culture and specifying a system of internal control.

Which of the following represents the complete set of internal control components according to COSO framework:

Operations, Reporting, Risk assessment, Control activities, and Monitoring activities.

Reporting, Control environment, Risk assessment, Control activities, and Monitoring activities.

Operations, Compliance, Risk assessment, Control activities, and Monitoring activities.

Control environment, Risk assessment, Control activities, Information & Communication, and Monitoring activities.

Control environment, Risk assessment, Control activities, Information & Communication, and Monitoring activities.

Proper segregation of functional responsibilities in an effective system of internal control calls for separation of the functions of

Authorization, execution, and payment.

Authorization, recording, and custody.

Custody, execution, and reporting.

Authorization, payment, and recording.

Authorization, recording, and custody.

According to the PCAOB, who is responsible for the reliability of the internal controls over financial reporting process of an entity?

The entity's CEO and/or CFO.

The entity's board of directors.

An internal auditor.

The external auditor.

The entity's CEO and/or CFO.

Process level control is an activity that operates within a specific process for the purpose of achieving process-level objectives. Which of the following is not an example of the process level control.

Reconciliation of key accounts.

Process employee supervision and performance evaluations.

Authorizations.

Monitoring/oversight of specific transactions.

Authorizations.

In the interest of reliable financial reporting, management makes assertions regarding the recognition, measurement, presentation, and disclosure of accounts, transactions, events included in the entity's financial statements. Which of the following is not one of the five basic financial statement assertions?

Existence or occurrence.

Completeness.

Classification.

Right and obligation.

Classification

The Internet firewall is designed to provide protection against:

Computer viruses.

Unauthorized access from outsiders.

Lightning strikes and power surges.

Arson.

Unauthorized access from outsiders.

Which of the following best illustrates the use of EDI?

Purchasing merchandise from a company's Internet site.

Computerized placement of a purchase order from a customer to its supplier.

Transfer of data from a desktop computer to a database server.

Withdrawing cash from an ATM.

Computerized placement of a purchase order from a customer to its supplier.

Which of the following issues would be of most concern to an auditor relating to an organization's Internet security policy?

Auditor documentation.

System efficiency.

Data integrity.

Rejected and suspense item controls.

Data integrity.

Passwords for personal computer software programs are designed to prevent

Inaccurate processing of data.

Unauthorized access to the computer.

Incomplete updating of data files.

Unauthorized use of the software.

Unauthorized use of the software.

The best preventive measure against a computer virus is to

Compare software in use with authorized versions of the software.

Executive virus exterminator programs periodically on the system.

Allow only authorized software from known sources to be used on the system.

Prepare and test a plan for recovering from the incidence of a virus.

Allow only authorized software from known sources to be used on the system.

The reliability and integrity of all critical information of an organization, regardless of the media is which the information is stored, is the responsibility of

Shareholders.

IT department.

Management

All employees

Management

Which of the following is part of the board's role in protecting against privacy threats?

Established a privacy framework.

Identifying the information gathered by the organization that is deemed personal or private.

Identifying the methods used to collect information.

Determining whether the use of the information collected is in accordance with its intended use and the laws.

Established a privacy framework.

Which of the following is considered to be a server in a local area network (LAN)?

The cabling that physically interconnects the nodes of the LAN.

A device that stores program and data files for users of the LAN.

A device that connects the LAN to other networks.

A workstation that is dedicated to a single user of the LAN.

A device that stores program and data files for users of the LAN.

Change control typically includes procedures for separate libraries for production programs and for test versions of programs. The reason for this practice is to

Promote efficiency of system development.

Segregate incompatible duties.

Facilitate user input on proposed changes.

Permit unrestricted access to programs.

Segregate incompatible duties.

A systems development approach used to quickly produce a model of user interfaces, user interactions with the system, and process logic is called

Neural Networking.

Prototyping.

Reengineering.

Application generation.

Prototyping

Which of the following is not a typical "rationalization" of a fraud perpetrator?

A. It's in the organization's best interest.

B. The company owes me because I'm underpaid.

C. I want to get back at my boss (revenge).

D. I'm smarter than the rest of them.

D. I'm smarter than the rest of them.

Which of the following is not something all levels of employees should do?

Answers:

A. Understand their role within the internal control framework.

B. Have a basic understanding of fraud and be aware of the red flags.

C. Report suspicions of incidences of fraud.

D. Investigate suspicious activities that they believe may be fraudulent.

Selected Answer:

D.

Investigate suspicious activities that they believe may be fraudulent.

In the course of their work, internal auditors must be alert for fraud and other forms of white-collar crime. The important characteristic that distinguishes fraud from other varieties of white-collar crime is that?

A. Fraud is characterized by deceit, concealment, or violation of trust.

B. Unlike other white-collar crimes, fraud is always perpetrated against an outside party.

C. White-collar crime is usually perpetrated for the benefit of an organization, but fraud benefits an individual.

D.White-collar crime is usually perpetrated by outsiders to the detriment of an organization, but fraud is perpetrated by insiders to benefit the organization.

Selected Answer:

A.

Fraud is characterized by deceit, concealment, or violation of trust.

In an organization with a separate division that is primarily responsible for the prevention of fraud, the internal audit activity is responsible for?

Answers:

Examining and evaluating the adequacy and effectiveness of that division's actions taken to prevent fraud.

Establishing and maintaining that division's system of internal control.

Planning that division's fraud prevention activities.

Controlling that division's fraud prevention activities.

Selected Answer:

Examining and evaluating the adequacy and effectiveness of that division's actions taken to prevent fraud.

Which of the following statements is (are) true regarding the prevention of fraud?

I. The primary means of preventing fraud is through internal control established and maintained by management.

II. Internal auditors are responsible for assisting in the prevention of fraud by examining and evaluating the adequacy of the internal control system.

III. Internal auditors should assess the operating effectiveness of fraud-related communication systems.

Answers:

I only.

I and II only.

II only.

I, II, and III.

Selected Answer:

I, II, and III.

Internal auditors have a responsibility for helping to deter fraud. Which of the following best describes how this responsibility is usually met?

Answers:

By coordinating with security personnel and law enforcement agencies in the investigation of possible frauds.

By testing for fraud in every engagement and following up as appropriate.

By assisting in the design of control systems to prevent fraud.

By evaluating the adequacy and effectiveness of controls in light of the potential exposure or risk.

Selected Answer:

By evaluating the adequacy and effectiveness of controls in light of the potential exposure or risk.

An internal auditor who suspects fraud should?

Answers:

Determine that a loss has been incurred.

Interview those who have been involved in the control of assets.

Identify the employees who could be implicated in the case.

Recommend an investigation if appropriate.

Selected Answer:

Recommend an investigation if appropriate.

Red flags are conditions that indicate a higher likelihood of fraud. Which of the following is not considered a red flag?

Answers:

Management has delegated the authority to make purchases under a certain value to subordinates.

An individual has held the same cash-handling job for an extended period without any rotation of duties.

An individual handling marketable securities is responsible for making the purchases, recording the purchases, and reporting any discrepancies and gains/losses to senior management.

The assignment of responsibility and accountability in the accounts receivable department is not clear.

Selected Answer:

Management has delegated the authority to make purchases under a certain value to subordinates.

Which of the following policies is most likely to result in an environment conductive to the occurrence of fraud?

Answers:

Budget preparation input by the employees who are responsible for meeting the budget.

Unreasonable sales and production goals.

The division's hiring process frequently results in the rejection of adequately trained applicants.

The application of some accounting controls on a sample basis.

Unreasonable sales and production goals.

The following are facts about a subsidiary?

1.The subsidiary has been in business for several years and enjoyed good profit margins although the general economy was in a recession, which affected competitors.

The working capital ratio has declined from a healthy 3:1 to 0.9:1

2.Turnover for the last several years has included three controllers, two supervisors of accounts receivable, four payables supervisors, and numerous staff in other financial positions.

3.Purchasing policy requires three bids. However, the supervisor of purchasing at the subsidiary has instituted a policy of sole-source procurement to reduce the number of suppliers.

4.When conducting a financial audit of the subsidiary, the internal auditor should?

Selected Answer:

Answers:

Most likely not detect 1.,2., or 3

Ignore 2. Since the economy had a downturn during this period.

Consider 3. To be normal turnover, but be concerned about 2. And 4. As warning signals of fraud.

Consider 1.,2.,3., and 4. As warning signals of fraud.

Consider 1.,2.,3., and 4. As warning signals of fraud.

Senior management has requested that the internal audit function perform an operational review of the telephone marketing operations of a major division and recommend procedures and policies for improving management control over the operation. The internal audit function should:

Answers:

A. Accept the audit engagement because independence would not be impaired.

B.Accept the engagement, but indicate to management that recommending controls would impair audit independence so that management knows that future audits of the area would be impaired.

C.Not accept the engagement because internal audit functions are presumed to have expertise on accounting controls, not marketing controls.

D.Not accept the engagement because recommending controls would impair future objectivity of the department regards this client.

Selected Answer:

A.

Accept the audit engagement because independence would not be impaired.

Which of the following is not a responsibility of the CAE?

Answers:

A.To communicate the internal audit function's plans and resource requirements to senior management and board for review and approval.

B.To oversee the establishment, administration, and assessment of the organization's system of internal controls and risk management processes.

C.To follow up on whether appropriate management actions have been taken on significant issues citied in internal audit reports.

D.To establish a risk-based plan to accomplish the objectives of the internal audit function consistent with the organization's goals.

Selected Answer:

B.

To oversee the establishment, administration, and assessment of the organization's system of internal controls and risk management processes.

The purpose of the internal audit activity's evaluation of the effectiveness of existing risk management processes is to determine that?

Answers:

A. Management has planned and designed so as to provide reasonable assurance of achieving objectives.

B. Management directs processes so as to provide reasonable assurance of achieving objectives.

C. The organization's objectives will be achieved efficiently and economically.

D.The organization's objectives will be achieved in an accurate and timely manner and with minimal use of resources.

B.

Management directs processes so as to provide reasonable assurance of achieving objectives.

What is the most accurate term for the procedures used by the board to oversee activities performed to achieve organizational objectives?

Answers:

A. Governance.

B. Control.

C. Risk management.

D. Monitoring.

Selected Answer:

A.

Governance.

Who has primary responsibility for providing information to the board on the professional and organizational benefits of coordinating internal audit activities with those of other providers of similar services?

Answers:

A. The external auditor.

B. The chief audit executive.

C. The chief executive officer.

D. Each assurance and consulting function.

Selected Answer:

B.

The chief audit executive.

To improve their efficiency, internal auditors may rely upon the work of external auditors if it is?

Answers:

A. Performed after the internal auditing work.

B. Primarily concerned with operational objectives and activities.

C. Coordinated with internal auditing work.

D. Conducted in accordance with the Code of ethics.

Selected Answer:

C.

Coordinated with internal auditing work.

If an organization has no formal risk management processes, the chief audit executive should?

Answers:

A. Establish risk management processes based on industry norms.

B. Formulate hypothetical results of possible consequences resulting from risks not being managed.

C. Inform regulators that the organization is guilty of an infraction.

D. Formally discuss with the directors their obligations for risk management processes.

Selected Answer:

D.

Formally discuss with the directors their obligations for risk management processes.

The chief audit executive should develop and maintain a quality assurance and improvement program that covers all aspects of the internal audit activity and continuously monitors its effectiveness. All of the following are included in a quality program except?

Answers:

A. Annual appraisals of individual internal auditors' performance.

B. Periodic internal assessment.

C. Supervision.

D. Periodic external assessments.

Selected Answer:

A.

Annual appraisals of individual internal auditors' performance.

As a part of a quality program, internal assessment teams most likely will examine which of the following to evaluate the quality of engagement planning and documentation for individual engagements?

Answers:

A. Written engagement work programs.

B. Project assignments documentation.

C. Weekly status reports.

D. The long-range engagement work schedule.

Selected Answer:

A.

Written engagement work programs.

An external assessment of an internal audit activity contains an expressed opinion. The opinion applies?

A. Only to the internal audit activity's conformance with the Standards.

B. Only to the effectiveness of the internal auditing coverage.

C. Only to the adequacy of internal control.

D. To the entire spectrum of assurance and consulting work.

Selected Answer:

D.

To the entire spectrum of assurance and consulting work.

Your audit objective is to determine the purchases of office supplies have been properly authorized. If purchases of office supplies are made through the purchasing department, which of the following procedures is most appropriate?

Answers:

A. Vouch purchase orders to approve purchase requisitions.

B. Trace approved purchases requisitions to purchase orders.

C. Inspect purchase requisitions for proper approval.

D. Vouch receiving reports to approved purchase orders.

Selected Answer:

A.

Vouch purchase orders to approve purchase requisitions.

An internal auditor is concerned that fraud, in the form of payments to fictitious vendors, may exist. Company purchasers, responsible for purchases of specific product lines, have been granted the authority to approve expenditures up to $10,000. Which of the following applications of generalized audit software would be most effective in addressing the auditor's concern?

Answers:

A. List all purchases over $10,000 to determine whether they were properly approved.

B. Take a random sample of all expenditures under $10,000 to determine whether they were properly approved.

C.List all major Vendors by product lines. Select a sample of major vendors and examine supporting documentation for goods or services received.

D.Lisa all major vendors by product line. Select a sample of major vendors and send negative confirmations to validate that they actually provided goods or services.

Selected Answer:

C.

List all major Vendors by product lines. Select a sample of major vendors and examine supporting documentation for goods or services received.

An internal auditor's working papers should support the observations, conclusions, and recommendations to be communicated. One of the purposes of this requirement is to?

A. Provide support for the internal audit activity's financial budge.

B. Facilitate quality assurance reviews.

C. Provide control over working papers.

D. Permit the audit committee to review observations, conclusions, and recommendations.

B.

Facilitate quality assurance reviews.

The internal auditor prepares working papers primarily for the benefit of?

Answers:

A. The external auditor.

B. The internal audit activity.

C. The engagement client.

D. Senior management.

Selected Answer:

B.

The internal audit activity.

Engagement working papers are indexed by means of reference numbers. The primary purpose of indexing is to?

A. Permit cross-referencing and simplify supervisory review.

B. Support the final engagement communication.

C. Eliminate the need for follow-up reviews.

D. Determine the working papers adequately support observations, conclusions, and recommendations.

Selected Answer:

A.

Permit cross-referencing and simplify supervisory review.

Which of the following conditions constitutes inappropriate working-paper preparation?

A. All forms and directives used by the engagement client are included in the working papers.

B. Flowcharts are included in the working papers.

C. Engagement observations are cross-referenced to supporting documentation.

D. Tick marks are explained in notes.

Selected Answer:

A.

All forms and directives used by the engagement client are included in the working papers.

Engagement information is usually considered relevant when it is?

Answers:

A. Derived through valid statistical sampling.

B. Objective and unbiased.

C. Factual, adequate, and convincing.

D. Consistent with the engagement objectives.

Selected Answer:

D.

Consistent with the engagement objectives.

Reliable information is?

Answers:

A. Supportive of the engagement observations and consistent with the engagement objectives.

B. Helpful in assisting the organization in meeting prescribed goals.

C.Factual, adequate, and convincing so that a prudent person would reach the same conclusion as the internal auditor.

D. Competent and the best attainable through the use of appropriate engagement techniques.

Selected Answer:

D.

Competent and the best attainable through the use of appropriate engagement techniques.

In an operational audit, the internal auditors discovered an increase in absenteeism. Accordingly, the chief audit executive decided to identify information about workforce morale. To achieve this engagement objective, the internal auditors must understand that?

Answers:

A. Morale cannot be reliably analyzed.

B. Only outcomes that are directly quantifiable can be reliably analyzed.

C. Reliable information may be obtained about morale factors such as job satisfaction.

D. Morale is always proportional to compensation.

Selected Answer:

C.

Reliable information may be obtained about morale factors such as job satisfaction.

What characteristic of information is satisfied by an original signed document?

Answers:

A. Sufficiency.

B. Reliability

C. Relevance.

D. Usefulness.

Selected Answer:

B.

Reliability