Professional Documents
Culture Documents
a public agency
Establish the basis for evaluating internal auditing
performance Acceptance of the gift violates The IIAs Code of Ethics
and is prohibited for a CIA.
Promote an ethical culture among professionals who
serve others Refuse on the grounds of conflict of interest
To outline criteria for professional behavior to maintain Should still include the finding in the final engagement
standards of integrity and objectivity. communication
Express standards of individual behavior for members of No. The internal auditor followed up the matter with
the organization appropriate personnel within the organization and
reached a conclusion that no fraud was involved.
Broad standards of conduct for the members of the
organization Objectively include the facts of the case in the
engagement communications
II only A has established objective criteria by which an
individuals actions can be evaluated I and II Violates The IIAs Code of Ethics because serving
on the board may be in conflict with the best interests
Provisions for disciplinary action in the event of
of the internal auditors employer
violations
Violates The IIAs Code of Ethics because the
Reflect only legal standards of conduct for individuals information gained while serving on the board of
and the organization directors of the local bank may influence
Subjectivity in presenting information, preparing recommendations regarding potential acquisitions
reports, and making analyses Internal auditor and part-time business insurance
Avoidance of conflict of interest broker
Describe behavior norms expected of internal auditors Accepting compensation from professional
organizations for consulting work
Apply and uphold the principles embodied in The IIAs
Code of Ethics Not accept the payment because such acceptance is in
conflict with the Code of Ethics.
Use individual judgment in the application of the
principles set forth in the Code Preparing the personal tax return, for a fee, for one of
the organizations division managers
None of the answers represent a violation of the Code
Not accept it if the gift is presumed to impair the
Take action consistent with the principles embodied in internal auditors judgment
The IIAs Code of Ethics
Report the override of control to the board
A report on each engagement
Gambling habit - Are not in violation of either The IIAs
Violated the Code of Ethics by knowingly becoming a Code of Ethics or the Standards
party to an illegal act
Inform appropriate organizational officials
In response to a subpoena, an auditor appeared in a
court of law and disclosed confidential, audit-related Assure the employee that you can maintain her
anonymity and listen to the information
information that could potentially damage the auditors
organization. Discuss the issue with management and take
appropriate action to ensure that the external auditors
Honesty, diligence, and responsibility are informed
Reporting apparent violations of antitrust statutes by Inform the external auditors of the misstatement
officers to government regulators
Has violated the Standards because the internal auditor
Not be unduly influenced by their own interests in should inform the appropriate authorities in the
forming judgments organization if fraud may be indicated
Acquaint the chief audit executive with the situation that would revolutionize the industry. Because of the
and ask to be assigned to another audit probable success of the new product, the product
manager suggested that the internal auditor buy an
Both a violation of The IIAs Code of Ethics AND a additional interest in the organization, which the
violation of the reporting requirements in the Standards internal auditor did
Failing to report to management information that Purchasing stock in a target entity after overhearing an
would be material to managements judgment executives discussion of a possible acquisition
Report the facts to the appropriate individuals within Yes. The internal auditor was not prudent in the use of
the organization information acquired in the course of his/her duties
Conducting an unrelated business outside of office Lack of competence in this area
hours
CPD - Both the International Standards for the
A control system that had been recommended by the Professional Practice of Internal Auditing and The IIAs
internal audit staff during the previous engagement was
Code of Ethics
found to be defective. The internal auditor reported the
defective function as an engagement client failure They should comply with the International Standards for
the Professional Practice of Internal Auditing.
Acceptance of airline tickets from an engagement client
The internal audit activity violated the Standards by not
A pen received from the sales manager of a subsidiary providing adequate supervision.
with the imprinted name of the organizations product
and a phone number. Auditor C is content as an internal auditor and has come
to look at it as a regular 9-to-5 job. Auditor C has not
Disclose material facts known to the internal auditor engaged in continuing professional education or other
that could distort the final engagement communication activities to improve effectiveness during the last 3
if not revealed years. However, Auditor C feels performance of quality
Accepting a moderate gift from a customer of his/her work is the same as before.
organization Comply with the International Standards for the
Reveal material facts that could distort communications Professional Practice of Internal Auditing.
if not revealed Performance with proficiency and due professional care
Knowing that management was aware of the situation, Sufficient, reliable, relevant, and useful information
an internal auditor purposely left a description of an
lends credibility to the opinion.
unlawful practice out of the final engagement
communication Accounts Payable - The internal audit activitys charter
The CEO accused the new auditor of not operating in Ascertain if the feasibility study addresses cost-benefit
relationships
the best interests of the organization.
The bonus is based on monetary amounts recovered or
I, II and III recommended future savings as a result of
engagements.
The CEO accused the new auditor of not operating in
the best interests of the organization. Continuation on an engagement at a division for which
(s)he will soon be responsible as the result of a
The majority of audit committee members come from
promotion.
within the organization.
Reports to the board but does not report fully about the
The internal audit activitys charter has not been
reason for corrective action taken.
approved by the board
Purchasing activity if a major supplier is owned by the
Request board approval of policies that include internal
internal auditors sister-inlaw.
audit activity relationships with the board
Telephone - Accept the engagement because objectivity
Not be independent because the CAE reports to the
will not be impaired
external auditors
Not to participate in the system development process -
The CAE will report to the audit committee
None of the answers are correct
Product development team leader
Assessing individual objectivity of internal auditors - the
Day to day operations - Administrative reporting chief audit executive
Chief executive officer and functionally to the board of As part of an evaluation team, review vendor
directors accounting software internal controls and rank
according to exposures.
Must be sufficient to permit the accomplishment of the
activitys responsibilities
CAE - Foster individual objectivity Proficiency - Internal audit procedures and techniques
CAE - Maintain individual objectivity Excluding - The ability to conduct training sessions in
quantitative methods
Internal auditors avoiding conflicts of interest
Understanding of management principles
Maintain
Proficient in - Internal auditing standards
Communicate the potential effects of the scope
limitation to the board I, II, IV Internal auditors should understand human
relations and be skilled in dealing with people.
A former purchasing assistant performs a review of
internal controls over purchasing 4 months after being Internal auditors should be able to recognize and
transferred to the internal auditing department. evaluate the materiality and significance of deviations
from good business practices.
The board reviews the engagement work schedule for
the year and deletes an engagement that the chief audit Internal auditors should be skilled in oral and written
executive thought was important to conduct. communication.
B. Nature of Limitation - Engagement client will not Communications skill except - The risk assessment used
provide access to records needed for approved work in selecting the area for investigation
schedule
Proficiency in applying internal auditing standards and
Internal Audit Action - Report to the board procedures without extensive recourse to technical
research and assistance
Until at least 1 year has elapsed
Provide staff with sufficient training to enhance
Suggest that the engagement be performed by another communication skills
member of the internal audit staff.
Positive perception consultative
Communicated, preferably in writing, to the board
Participation with engagement clients to improve
Notify the chief audit executive of the potential conflict methods
of interest
Responsible in determining level of education and
Report to the board scope of limitation experience of Audit staff Chief audit executive
Requiring internal auditors to report to the chief audit External service provider
executive any conflicts of interest or bias.
Healthcare - All of the answers are correct
Beachfront condo - Should reject the offer and report it
to the appropriate supervisor Offer the candidate a position if other staff members
possess sufficient knowledge in economics and
Inform audit management and ask for direction on information technology.
whether to accept the gift
Engage an engineering consultant to perform the
A. One internal auditor told the review team that, comparison
during an engagement to review the payroll function,
the payroll manager approached the auditor. The Could limit the range of services that could be
manager indicated the need for an accountant to performed due to the internal audit activitys narrow
prepare financial statements for the managers part- expertise and backgrounds
time business. The internal auditor agreed to perform
this work for a reduced fee during non-work hours May hire the engineer despite the lack of knowledge of
internal audit standards
XYZ Corp. - Assurance services
Least useful - Determining that all applicants have an
Ability to organize and express thoughts well accounting degree
Accept the audit engagement and begin immediately, Seek permission from the audit committee to obtain
since it is a high-risk area appropriate support from an HSE professional.
Yes. The actuary has skills not usually found among Annual appraisals of individual internal auditors
internal auditors to identify and quantify self-insurance performance
risks.
A.Adequacy of the oversight of the work of external
Other internal auditors possess sufficient knowledge of auditors
economics and information technology.
Quality Assurance and Improvement program CAE
Internal audit staff assessed annually
It is supported by the results of the quality program
Reliance on an outside service provider when
appropriate After an external review completed within the past 5
years
Contacting others familiar with the ESPs work
B,The results of external assessments are
D. Structure. It may more easily accommodate communicated upon their completion
engagement requirements in distant locations.
Supervision of an internal auditors work is performed
An engagement communication should never be viewed throughout each audit engagement.
as providing an infallible truth about a subject
Internal quality program reports to the - CAE
No, alertness to conditions most likely indicative of
irregularities was not shown Written engagement work programs
Adverse effects related to the item are likely to occur Provide independent assurance
Consider the relative materiality or significance of Not likely to evaluate -Detailed cost-benefit analysis of
matters to which assurance procedures are applied. the internal audit activity
Review every control feature pertaining to petty cash
To the entire spectrum of assurance and consulting
receipts
work
Consider the possibility of nonconformance or
irregularities at all times during an engagement. External assessments can provide senior management
and the board with independent assurance about the
Due professional Care - Consideration of the possibility quality of the internal audit activity.
of material irregularities during every engagement
Control
Because of a highly developed system of internal
control over the cash function, the final engagement Assignment of responsibility for deviations
communication assured senior management that no
irregularities existed. Standards are adopted, results are compared with the
I, III - Consider the probability of significant standards, and corrective actions are undertaken
noncompliance
Controlling cannot operate effectively without the tools
Weigh the cost of assurance against the benefit provided by planning
CIAs have formal requirements that must be met in Control is the result of proper planning, organizing, and
order to continue as CIAs directing by management
I,II,III - Needs and expectations of engagement clients
Management takes action to enhance the likelihood
Relative complexity and extent of work needed that established goals and objectives will be achieved.
Finished goods feedback control Requiring a specific mail clerk to list and restrictively
endorse each check
FS analysis feedback
Has custody of the check signature stamp machine
often difficult for internal auditors to evaluate because
of the lack of criteria or standards operating controls A security guard allows one of the warehouse
employees to remove assets from the premises without
Procedures providing for clear levels of purchase order authorization.
approvals based on the value of the requisition.
Preparing attendance data and preparing the payroll
Directing - Informing purchasing personnel of the future
need for long-lead-time products in ample time. The treasurers office prepares checks for suppliers
based on vouchers prepared by the accounts payable
Detective - Goods received are counted and compared department.
with quantities on purchase order and receiving reports.
Reviewing and canceling supporting documents when a
Sales invoice request - Active, detective control check is issued
The treasurer has the authority to sign checks but gives Credit memoranda being improperly recorded
the signature block to the assistant treasurer to run the Numerically sequence and independently account for all
check-signing machine. controlling documents (such as packing slips and
Using a master price list for marking the sale price shipping orders) when sales journal entries are recorded
Segregating the receiving function from the The personnel department authorizes the hiring and
authorization of parts purchases pay levels of all employees
Post the receipts to the accounts receivable subsidiary II & Iv Employees hired for sensitive positions are not
ledger cards subjected to background checks
Delinquent accounts are reviewed only by the sales Management has not taken corrective action to resolve
manager past engagement observations related to inventory
controls.
Vendors invoices are matched against purchase orders
and receiving reports before a liability is recorded Rotating buyer assignments periodically
Purchase requisitions, purchase orders, receiving The individual who initiates wire transfers not reconcile
reports, and vendor invoices the bank statement
Use and accountability of pre-numbered checks Develop a program that identifies procedures
performed on an individual in excess of expectations
Initiation of purchase of materials and supplies based on the age of the employee, whether a similar
Inventory control department procedure was performed recently, or the average cost
Accounts payable, receiving, and inventory control per claim.
departments A statement requiring board review of each transaction
Segregation of payroll preparation and maintenance of because of the risk involved in such transactions.
year-to-date records Use a lockbox to receive all donations
Safekeeping unclaimed checks - Cashier department Ensures the accuracy and completeness of data input
Approval of a sales credit memo because of a product Comparison of invoices with purchase orders or
return by the sales department with subsequent posting
contracts
to the customers account by the accounts receivable
department The initiation of a conflict-of-interest policy
Establishing a proper organizational culture and Final settlements are negotiated after claims are
specifying a system of internal control. developed and submitted
There is no receiving function located at individual Inform XYZ about its risk appetite regarding supply
stores failures
Required material specifications for all purchases Only storeroom personnel and line supervisors have
access to the raw materials storeroom.
Periodic internal review of the in-force list to evaluate
the adequacy of insurance coverage The employee could pledge organizational investments
as security for a short-term personal bank loan.
The research and development budget is properly
allocated between new products, product maintenance, Using predetermined totals to control posting routines
and cost reduction programs.
A plan of job classifications based on predefined
I only - Require managerial approval for materials to be evaluation criteria
declared scrap or obsolete
Supported by periodic appraisals
Require existing security guards to log the time of plant
departure and scrap yard arrival. The elapsed time Written policies requiring review of major
should be reviewed by a supervisor for fraud. funding/repayment proposals by the board.
Regular reconciliation of physical inventories to COSO framework - All of the answers are correct
accounting records
Elements of control environment all answers are
Match the back order file to goods received daily correct
Not component of COCO model Control environment Responsibility for risk, Advisory role, Oversight role
(RAO)
I only - A bonus system should be considered part of the
control environment of an organization and should be Determine whether the treasurer is getting higher or
considered in formulating a report on internal control. lower rates of return on investments than are
treasurers in comparable organizations.
Establishing a proper organizational culture and
specifying a system of internal control. Risk management processes
The cost of internal control should not exceed its Outside the scope of IA - Safeguarding of assets
benefits
Preferences of the independent auditor
Control self-assessment is not an approach to audit soft
controls Managing the identified risks
Management prepares a detailed analysis of gross Codified in the charters of the internal audit activity and
margin per store and investigates any store that shows the board
a significantly lower gross margin. Control process.B. Risk management
Monitoring performance I, II, III, and IV -Monitoring activities.I. Evaluating the risk
Integrity and ethical values, assignment of authority, management process as part of the engagement plan.II.
Participating on oversight committees, monitoring of
and human resource policies
activities, and status reporting. III. Managing and
Monitors risk as part of the enterprise risk management coordinating the process
team
Determine that the key objectives of risk management
Involves the identification of events with negative processes are being met
impacts on organizational objectives
Formally discuss with the directors their obligations for
Avoiding risk management processes.
Risk risk that is not managed The use of derivatives by the organization
Event identification, risk assessment, control activities, To oversee the establishment, administration, and
and objective setting assessment of the organizations system of risk
management processes.
COCO
Fraud is characterized by deceit, concealment, or
Increasing the net present value of investments violation of trust
The risk when management has not taken action to Embezzlement
reduce the impact or likelihood of an adverse event.
I, II, and III - Determining whether objectives have been
Nonretention of customers accomplishedI. Using the criteria in their evaluationII.
Management purchased insurance on previously Working with management to develop appropriate
uninsured property control evaluation criteriaIII
In practice, management has primary responsibility False representation or concealment of a material fact
Provide assurance on the management of the risk Examining and evaluating the adequacy and
effectiveness of that divisions actions taken to prevent
Better manage perceived high risks fraud.
By evaluating the adequacy and effectiveness of Rapid turnover of the organizations financial executives
controls in light of the potential exposure or risk
Financial pressures on the organization
Evaluating the adequacy of controls to prevent fraud
Debit expenses and credit the asset
Examining and evaluating the adequacy and the
effectiveness of control, commensurate with the extent Population
of the potential exposure or risk in the various segments Extent to which the individual values of the items in the
of the organizations operations population are spread about the mean
Ensuring that fraud will not occur VARIABILITY standard Deviation
Evaluate the system of internal control true population value confidence Level
Recommend an investigation if appropriate True population mean lies within the specified
Recognize and question changes that occur in confidence interval
organizations The experience and knowledge of the auditor
Expand activities to determine whether an investigation Provides a quantitative measure of sampling risk
is warranted
Quantify sampling risk
Recommend an investigation
Population estimates with measurable reliability can be
Evaluate fraud indicators and decide whether further made
action is necessary
Reliable and objective
Decide whether to recommend an investigation
Failing to give each item in the population an equal
The internal auditor should have sufficient knowledge chance of selection
to identify the indicators of fraud but is not expected to
be an expert. Item in the population has an equal chance of being
selected
Management has delegated the authority to make
purchases under a certain value to subordinates. Is likely to result in an unbiased sample
Unreasonable sales and production goals For very large populations, the absolute size of the
sample has more impact on the precision of its results
The red flags literature is not well enough established to than does its size relative to its population.
have a positive impact on internal auditing.
Can be identified with a unique number
Cash receipts, net of the amounts used to pay petty
cash-type expenditures, are deposited in the bank daily. 11-60
Be living beyond their obvious means of support The auditor should first determine how similar the new
process is to the old process before deciding what to
Regular comparison of actual results with budgets do.
The use of blanket purchase orders Precision difference between Expected error rate and
Analytical procedures revealed an extraordinary maximum tolerable error
increase in account balances Precision estimate of the population characteristic is
Total asset turnover expected to fall
Takes no vacations and has refused promotion to vice Expected occurrence rate
president of finance Decrease if the internal auditor increases the tolerable
Items for cycle count are selected by stockroom rate of deviation
personnel
Attribute Sampling The population is expected to contain few differences
between the recorded amount and the actual amount.
Confidence direct
Mean-per-unit
Precision inverse
Using multiple random starts
Variable sampling increase confidence, increase same
size inverse The population is arranged randomly with respect to
the audit objective
Variability- standard deviation
3000 time cards for signature Interval sampling
Planned precision
Difference or ratio estimation
Increasing the confidence level to 95% and decreasing
the tolerable control failure rate to 3% will increase Accounts Receivable attribute sampling
audit effectiveness.
Obtain evidence on the proper sales cut-off by sampling
Actual size of the sample selected items from the monthly sales journal to determine if the
items were recorded in the correct time period.
A 95% probability that the actual rate of occurrence in
the population is less than the critical rate if no Use stratified sampling where the strata are defined by
exceptions are found. marital and family status, age, and salaried/hourly
status.
Stop-or-go sampling - Total expected sample size will
always be smaller Identify atleast one irregularity - Discovery sampling
Stop-or-go sampling may reduce the size of the sample Use generalized audit software to read the total loan
that needs to be taken from a population, thus reducing file, age the file by last payment due, and extract a
sampling costs. statistical sample stratified by the current and aged
population. Examine each loan selected for proper
Sample size will increase collateralization and aging.
Variable testing - Acceptable risk level An understanding of the details contained in the
Stratified sampling - Reduction in sample size processing task
Stratified variables sampling - Monetary values D.Take a discovery sample of employee claims that
were submitted through dentist offices, and confirm the
Whether the sample is designed to estimate a mean or type of service performed by the dentist through direct
a proportion correspondence with the employee who had the service
performed.
A number of nonproportional differences between
carrying amounts and audited amounts exist. Discovery sampling to select a sample of vouchers
processed by the department during the past year.
Subsidiary ledger book balances for some inventory
items are unknown Discovery 100%
Each account is of equal importance Sample so that the probability of a given inventory item
being selected is proportional to its book value
The auditor expects to find that a large percentage of
items sampled have misstatements. Engagement - Evaluating the adequacy and
effectiveness of controls
Results in a smaller sample size than classical variables
sampling for larger numbers of misstatements. An analysis of quality control documents