You are on page 1of 262

Wiley CIA 2006 v1

Page 1 of 262

Question: V2C3-0001
An internal audit team recently completed an audit of the companys compliance with its lease-versus-purchase policy concerning company automobiles. The audit report noted that the basis for several decisions to lease rather than purchase automobiles had not been documented and was not auditable. The report contained a recommendation that operating management ensure that such lease agreements not be executed without proper documentation of the basis for the decision to lease rather than buy. The internal auditors are about to perform follow-up work on this audit report. The primary purpose for performing a follow-up review is to

Answers
A: Ensure timely consideration of the internal auditors' recommendations. B: Ascertain that appropriate action was taken on reported findings. C: Allow the internal auditors to evaluate the effectiveness of their recommendations. D: Document what management is doing in response to the audit report and close the audit file in a timely manner.

Answer Explanations
Answer (a) is incorrect because it is not the best answer. It implies that the auditors recommendations, not the findings, are the most important elements of the report. Answer (b) is the correct answer. This is what the IIA Standards require. Answer (c) is incorrect because it is not the best choice. This implies that the auditors recommendations, not findings, are primary. Answer (d) is incorrect because this implies that processes in the internal auditing activity are primary.

Question: V2C3-0002
An internal audit team recently completed an audit of the companys compliance with its lease-versus-purchase policy concerning company automobiles. The audit report noted that the basis for several decisions to lease rather than purchase automobiles had not been documented and was not auditable. The report contained a recommendation that operating management ensure that such lease agreements not be executed without proper documentation of the basis for the decision to lease rather than buy. The internal auditors are about to perform follow-up work on this audit report. Assume that senior management has decided to accept the risk involved in failure to document the basis for leaseversus-purchase decisions involving company automobiles. In such a case, what would be the auditors reporting obligation?

Answers
A: The auditors have no further reporting responsibility. B: Management's decision and the auditors' concern should be reported to the company's board of directors.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 2 of 262

C: The auditors should issue a follow-up report to management clearly stating the rationale for the recommendation that the basis for lease-versus-purchase decisions be properly documented. D: The auditors should inform the external auditor and any responsible regulatory agency that no action has been taken on the finding in question.

Answer Explanations
Answer (a) is the correct answer. When senior management has assumed such risk, reporting to the board is required only for significant findings. There is no indication that the failure to document several decisions is significant enough to report to the board. Answer (b) is incorrect because of explanation given in choice (a). Answer (c) is incorrect because senior management has already indicated that it understands and has accepted the related risk. Answer (d) is incorrect because reporting to anyone outside the organization is not required or appropriate.

Question: V2C3-0003
Auditors realize that at times corrective action is not taken even when agreed to by the appropriate parties. This should lead an internal auditor to

Answers
A: Decide the extent of necessary follow-up work. B: Allow management to decide when to follow-up, since it is management's ultimate responsibility. C: Decide to conduct follow-up work only if management requests the auditor's assistance. D: Write a follow-up audit report with all findings and their significance to the operations.

Answer Explanations
Answer (a) is the correct answer. The IIA Standards state that the director of internal auditing should determine the nature, timing, and extent of follow-up. Answer (b) is incorrect because the IIA Standards state that follow-up work is not managements responsibility. Answer (c) is incorrect because the IIA Standards state that follow-up work is not managements responsibility. Answer (d) is incorrect because the auditor has to provide an opinion as to the decision made with regard to lack of action.

Question: V2C3-0004
Follow-up activity may be required to ensure that corrective action has taken place for certain findings. The internal audit departments responsibility to perform follow-up activities as required should be defined in the

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 3 of 262

A: Internal auditing department's written charter. B: Mission statement of the audit committee. C: Engagement memo issued prior to each audit assignment. D: Purpose statement within applicable audit reports.

Answer Explanations
Answer (a) is the correct answer. Responsibility for follow-up should be defined in the internal auditing departments written charter. Answer (b) is incorrect. Follow-up is not specified in the content of the audit committees mission statement. Answer (c) is incorrect. This memo may contain a statement about responsibility for follow-up, but such a statement should be based on the wording and authority of the departmental charter. Answer (d) is incorrect. Follow-up authority and responsibility may be cited in applicable audit reports, but the definition should be first contained in the departmental charter.

Question: V2C3-0005
Given the acceptance of the cost savings audits and the scarcity of internal audit resources, the audit manager also decided that follow-up action was not needed. The manager reasoned that cost savings should be sufficient to motivate the auditee to implement the auditors recommendations. Therefore, follow-up was not scheduled as a regular part of the audit plan. Does the audit managers decision violate the IIA Standards?

Answers
A: No. The Standards do not specify whether follow-up is needed. B: Yes. The Standards require the auditors to determine whether the auditee has appropriately implemented all of the auditor's recommendations. C: Yes. Scarcity of resources is not a sufficient reason to omit follow-up action. D: No. When there is evidence of sufficient motivation by the auditee, there is no need for follow-up action.

Answer Explanations
Answer (a) is incorrect. Follow-up is required. Answer (b) is incorrect. Follow-up is to see that actions are taken, not just that the auditors recommendations have been implemented. Answer (c) is the correct answer. The IIA Standards require follow-up action. Lack of resources is not a sufficient reason. Answer (d) is incorrect. Follow-up is required.

Question: V2C3-0006
file://C:\Program Files\Wiley\CIAExam\Print.htm 1/20/2010

Wiley CIA 2006 v1

Page 4 of 262

Reporting to senior management and the board is an important part of the auditors obligation. Which of the following items is not required to be reported to senior management and/or the board?

Answers
A: Subsequent to the completion of an audit, but prior to the issuance of an audit report, the audit senior in charge of the audit was offered a permanent position in the auditee's department. B: An annual report summary of the department's audit work schedule and financial budget. C: Significant interim changes to the approved audit work schedule and financial budget. D: An audit plan was approved by senior management and the board. Subsequent to the approval, senior management informed the audit director not to perform an audit of a division because the division's activities were very sensitive.

Answer Explanations
Answer (a) is the correct answer. This would not have to be communicated. The audit work was done. The director of internal auditing would have to determine that there was no impairment of the independence of the seniors work. If there was none, the report could be issued without reporting the personnel change. Answer (b) is incorrect. This is a standard part of the required reporting to senior management and the board. Answer (c) is incorrect. This is a standard part of the required reporting to senior management and the board. Answer (d) is incorrect. Both senior management and the board had approved the audit plan. The change dictated by senior management should be reported to the board.

Question: V2C3-0007
During an audit of purchasing, internal auditors found several violations of company policy concerning competitive bidding. The same condition that had been reported in an audit report last year, and corrective action had not been taken. Which of the following best describes the appropriate action concerning this repeat finding?

Answers
A: The audit report should note that this same condition had been reported in the prior audit. B: During the exit interview, management should be made aware that a finding from the prior report had not been corrected. C: The director of internal auditing should determine whether management or the board has assumed the risk of not taking corrective action. D: The director of internal auditing should determine whether this condition should be reported to the independent auditor and any regulatory agency.

Answer Explanations
Answer (a) is incorrect because this action is insufficient. Answer (b) is incorrect because this action is insufficient.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 5 of 262

Answer (c) is the correct answer. This action meets the requirements of the IIA Standards. Answer (d) is incorrect because this action would be inappropriate.

Question: V2C3-0008
Which of the following audit committee activities would be of the greatest benefit to the internal auditing department?

Answers
A: Review and approval of audit programs. B: Assurance that the external auditor will rely on the work of the internal auditing department whenever possible. C: Review and endorsement of all internal audit reports prior to their release. D: Support for appropriate follow-up of recommendations made by the internal auditing department.

Answer Explanations
Answer (a) is incorrect. Review and approval of audit programs is the responsibility of internal audit supervision. Answer (b) is incorrect. External audits reliance on the work of internal auditing is the subject of an AICPA pronouncement. Answer (c) is incorrect. Review and approval of internal audit reports is the responsibility of the director of internal auditing or designee. Answer (d) is the correct answer. The audit committee can lend considerable weight to the recommendations of internal auditing.

Question: V2C3-0009
An internal auditor reported a suspected fraud to the director of internal auditing. The director turned the entire case over to the security department. Security failed to investigate or report the case to management. The perpetrator continued to defraud the organization until being accidentally discovered by a line manager two years later. Select the most appropriate action for the audit director.

Answers
A: The director's actions were correct. B: The director should have periodically checked the status of the case with security. C: The director should have conducted the investigation. D: The director should have discharged the perpetrator.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 6 of 262

Answer Explanations
Answer (a) is incorrect. According to the Standards, the director should have ensured that the internal auditing departments responsibilities were met. Answer (b) is the correct answer. The director should have periodically checked the status of the case with security. Follow-up is specified by the IIA Standards. Answer (c) is incorrect. A security department would generally have more expertise in the investigation of a fraud. Answer (d) is incorrect. The fraud was only suspected when reported to the director. Immediate discharge would have violated the suspects rights. In addition, the director would not normally have the authority to discharge an employee in an audited area.

Question: V2C3-0010
If an internal auditor finds that no corrective action has been taken on a prior audit finding that is still valid, the IIA Standards states that the internal auditor should

Answers
A: Restate the prior finding along with the findings of the current audit. B: Determine whether management or the board has assumed the risk of not taking corrective action. C: Seek the board's approval to initiate corrective action. D: Schedule a future audit of the specific area involved.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. As per the IIA Standards, and therefore, by definition, choices (a), (c), and (d) will be incorrect.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C3-0011
Internal auditing is responsible for reporting fraud to senior management or the board when

Answers
A: The incidence of fraud of a material amount has been established to a reasonable certainty. B: Suspicious activities have been reported to internal auditing.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 7 of 262

C: Irregular transactions have been identified and are under investigation. D: The review of all suspected fraud-related transactions is complete.

Answer Explanations
Answer (a) is the correct answer. If the incidence of significant fraud has been established with reasonable certainty, the auditor is responsible for reporting such to senior management or the board. Answer (b) is incorrect. No reporting is required when suspicious acts are reported to the auditor. Answer (c) is incorrect. Irregular transactions under investigation would not require reporting until the investigation phase is completed. Answer (d) is incorrect. Reporting should occur sooner. See choice (a).

Question: V2C3-0012
Why should organizations require auditees to promptly reply and outline the corrective action that has been implemented on reported deficiencies?

Answers
A: To close the open audit issues as soon as possible. B: To effect savings as early as possible. C: To indicate concurrence with the audit findings. D: To ensure that the auditor performance is evaluated.

Answer Explanations
Answer (a) is incorrect. This is a mechanical aspect of the audit reporting process. Answer (b) is the correct answer. The objective of the audit is to effect savings resulting from the auditees corrective action as early as possible so that the organization will benefit from the action taken. Answer (c) is incorrect. The auditee may not concur with the audit finding all the time. Answer (d) is incorrect. This is an administrative function of the audit department.

Question: V2C3-0013
Following a negative performance evaluation by a supervisor, a staff auditor went to the audit director to seek a change in the evaluation. The director was familiar with the auditors performance and agreed with the evaluation. The director agreed to meet and discuss the situation. Which of the following is the best course of action for the director to take?

Answers
A: Have the supervisor participate in the meeting, so that there is no misunderstanding about the facts.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 8 of 262

B: Have a human resources administrator present to ensure that improper statements are not made. C: Meet privately with the employee. Tell the employee of the director's agreement with the performance evaluation and express interest in any additional facts the employee may wish to present. D: Meet privately with the employee. Encourage discussion by asking for the employee's side of the issue and disclaiming any agreement with the supervisor.

Answer Explanations
Answer (a) is incorrect. The supervisor, as author of a critical performance review, will only add to the element of management intimidation. Answer (b) is incorrect. Again, the presence of a third party would inhibit the directors listening effectiveness. Unless the director thinks the auditors concerns are so serious that the human resources department must be informed, it is preferable to meet with the employee privately. Answer (c) is the correct answer. Private conversation signals to the employee that the director is interested in what he or she has to say and will not be measuring his or her words against those of another. However, the director must establish a position and show support for the supervisor. There may be more than one valid viewpoint, but that does not necessarily mean that the employees is valid. Answer (d) is incorrect. It is never appropriate to mislead an employee in order to obtain information or to determine the employees view on a matter.

Question: V2C3-0014
The requirements for staffing level, education and training, and audit research should be included in

Answers
A: The internal auditing department's charter. B: The internal auditing department's policies and procedures manual. C: The annual plan for the internal auditing department. D: Job descriptions for the various staff positions.

Answer Explanations
Answer (a) is incorrect. The charter outlines the purpose, authority, and responsibilities of the department, not the details related to staffing and such. Answer (b) is incorrect. The policies and procedures manual spells out how audits should be conducted. It does not cover areas such as staffing levels. Answer (c) is the correct answer. The annual plan should be comprised of both an audit schedule and a budget and, as such, should include all of these issues. Answer (d) is incorrect. Job descriptions do not reflect staffing level requirements.

Question: V2C3-0015
file://C:\Program Files\Wiley\CIAExam\Print.htm 1/20/2010

Wiley CIA 2006 v1

Page 9 of 262

Which of the following activities is not included in determining the audit schedule?

Answers
A: Developing audit programs. B: Assessing risk factors. C: Planning workload requirements. D: Identifying auditable locations.

Answer Explanations
Answer (a) is the correct answer. The development of audit programs occurs during the planning phase of an individual audit. It is not included within the scope of developing the audit schedule. Answer (b) is incorrect because it is considered to determine the audit schedule. Answer (c) is incorrect because it is considered to determine the audit schedule. Answer (d) is incorrect because it is considered to determine the audit schedule.

Question: V2C3-0016
The internal audit director of a multinational company must form an audit team to examine a newly acquired subsidiary in another country. Consideration should be given to which of the following factors? I. Local customs. II. Language skills of the auditor. III. Experience of the auditor. IV. Monetary exchange rate.

Answers
A: I, II, III. B: II, III, IV. C: I and III. D: I and II.

Answer Explanations
Answer (a) is the correct answer. In addition to language skills, local customs must be considered. For example, gender and ethnic compatibility may be important in some Middle Eastern countries because religious restrictions and incompatibilities are relevant. As always, experience levels are relevant in making audit assignments. Answer (b) is incorrect. The monetary exchange rate would not be a factor in determining the needed traits of the team members. Answer (c) is incorrect. It includes appropriate factors, but does not identify all the acceptable choices.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 10 of 262

Answer (d) is incorrect. It includes an incomplete answer. See choice (c).

Question: V2C3-0017
A quality assurance program of an internal audit department provides reasonable assurance that audit work conforms to applicable standards. Which of the following activities are designed to provide feedback on the effectiveness of an audit department? I. Proper supervision. II. Proper training. III. Internal reviews. IV. External reviews.

Answers
A: I, II, and III. B: II, III, and IV. C: I, III, and IV. D: I, II, III, and IV.

Answer Explanations
Answer (a) is incorrect. Proper training is an important component of maintaining a current staff, but does not provide feedback. Answer (b) is incorrect. Proper training is an important component of maintaining a current staff, but does not provide feedback. Answer (c) is the correct answer. The purpose of a quality assurance program is to evaluate the operations of the internal audit department. The IIA Standards note that a program should include supervision, internal reviews, and external reviews. Answer (d) is incorrect. Proper training is an important component of maintaining a current staff, but does not provide feedback.

Question: V2C3-0018
If the internal audit staff does not have the skills to perform a particular task, a specialist could be brought in from I. The organizations external audit firm. II. An outside consulting firm. III. The department currently being audited. IV. A college or university.

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 11 of 262

A: I and II. B: II and IV. C: I, II, and III. D: I, II, and IV.

Answer Explanations
Answer (a) is incorrect. It includes acceptable consultants, but does not identify all the acceptable choices. Answer (b) is incorrect. It includes acceptable consultants, but does not identify all the acceptable choices. Answer (c) is incorrect. A specialist from the same department is unacceptable since the person would not be independent or objective. Answer (d) is the correct answer. The key point is independence and objectivity. A specialist from the department currently being audited would not be independent due to a natural bias toward that department.

Question: V2C3-0019
The best rationale for rotating internal auditors so those different individuals are assigned to consecutive audits of a given auditee is to

Answers
A: Prevent burnout on the part of the internal auditor, which may lead to excessive turnover in the internal audit department. B: Promote rapid professional development on the part of internal auditors by exposing them to the full range of organizational activities. C: Increase the diligence exercised by internal auditors who know that the quality of their work will be apparent to the next set of internal auditors. D: Avoid the development of bias toward a given auditee.

Answer Explanations
Answer (a) is incorrect. It is a secondary reason. For example, auditor burnout can be reduced with less travel. Answer (b) is incorrect. It is a secondary reason. Professional development can be obtained in other ways, such as attending conferences, seminars, and taking the CIA exam. Answer (c) is incorrect. It is a secondary reason. This approach establishes a precedent or standard for others to follow. Answer (d) is the correct answer. This is the primary reason. The alternatives may be desirable, but they are not the basis for the rotation preference.

Question: V2C3-0020
file://C:\Program Files\Wiley\CIAExam\Print.htm 1/20/2010

Wiley CIA 2006 v1

Page 12 of 262

Which of the following activities does not constitute audit supervision?

Answers
A: Preparing a preliminary audit program. B: Providing appropriate instructions to the auditors. C: Reviewing audit workpapers. D: Seeing that audit objectives are achieved.

Answer Explanations
Answer (a) is the correct answer. This choice is a planning task. Answer (b) is incorrect because it is a supervisory task. Answer (c) is incorrect because it is a supervisory task. Answer (d) is incorrect because it is a supervisory task.

Question: V2C3-0021
The audit team leader is least likely to have a primary role in

Answers
A: Allocating budget audit hours among assigned staff. B: Updating the permanent files. C: Reviewing the working papers. D: Preparing the critique sheet for the audit.

Answer Explanations
Answer (a) is incorrect because it is a common team leader task. Answer (b) is the correct answer. This is a task most likely performed by the audit staff. Answer (c) is incorrect because it is a common team leader task. Answer (d) is incorrect because it is a common team leader task.

Question: V2C3-0022
In which of the following duties would the audit director least likely have a primary role?

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 13 of 262

Answers
A: Determine the need for expanded testing. B: Review the summary findings sheet. C: Select or approve team members. D: Organize and draft the audit report.

Answer Explanations
Answer (a) is incorrect because it is a common audit director task. Answer (b) is incorrect because it is a common audit director task. Answer (c) is incorrect because it is a common audit director task. Answer (d) is the correct answer. This is a task most likely performed by the team leader.

Question: V2C3-0023
An element of authority that should be included in the charter of the internal auditing department is

Answers
A: Identification of the operational departments which the audit department must audit. B: Identification of the types of disclosures which should be made to the audit committee. C: Access to records, personnel, and physical properties relevant to the performance of audits. D: Access to the external auditor's working papers.

Answer Explanations
Answer (a) is incorrect. The internal audit department should not specifically identify what activities will be audited. Answer (b) is incorrect. The auditor is obligated to make all needed disclosures to the audit committee. Answer (c) is the correct answer. The auditor must have access to all audit evidence in order to fulfill obligations and responsibilities. Answer (d) is incorrect. Access to the external auditors working papers cannot be guaranteed in the charter.

Question: V2C3-0024
Having been given the task of developing a performance appraisal system for evaluating the audit performance of a large internal auditing staff, you should

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 14 of 262

Answers
A: Provide for an explanation of the appraisal criteria methods at the time the appraisal results are discussed with the internal auditor. B: Provide general information concerning the frequency of evaluations and the way evaluations will be performed without specifying their timing and uses. C: Provide primarily for the evaluation of criteria such as diligence, initiative, and tact. D: Provide primarily for the evaluation of specific accomplishments directly related to the performance of the audit program.

Answer Explanations
Answer (a) is incorrect. The personnel whose performance is being appraised should be made aware of the criteria and methods at the time they begin the employment, not at the time of the performance review. Answer (b) is incorrect. The frequency and use of the evaluation are important criteria that should be clearly communicated. Answer (c) is incorrect. The criteria named are traits, not accomplishments. Although traits are important, a performance evaluation system for evaluating audit perfor-mance should primarily focus on specific accomplishments not traits. Answer (d) is the correct answer. The appraisal of audit performance should deal primarily with specific accomplishments related to audits. This provides a more objective appraisal than focusing on traits, which are largely subjective.

Question: V2C3-0025
The key factor to the success of an audit organizations human resources program is

Answers
A: An informal program for developing and counseling staff. B: A compensation plan based on years of experience. C: A well developed set of selection criteria. D: A program for recognizing the special interests of individual staff members.

Answer Explanations
Answer (a) is incorrect. The success of any training program will be heavily dependent on the attributes of those being trained. Answer (b) is incorrect. While compensation is an important factor in attracting and retaining staff, it is probably not the most important in staff development. Answer (c) is the correct answer. Selection of individuals with the attributes and education needed for internal auditing is essential if the staff is to develop properly. A well-developed set of selection criteria is important in any organization, whether it is audit or nonaudit function. Answer (d) is incorrect because such a program should be fair and equitable to all staff members.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 15 of 262

Question: V2C3-0026
Which of the following would be the best source of an internal audit directors information for planning staffing requirements?

Answers
A: Discussions of audit needs with executive management and the audit committee. B: Review of audit staff education and training records. C: Review audit staff size and composition of similar sized companies in the same industry. D: Interviews with existing audit staff.

Answer Explanations
Answer (a) is the correct answer. This is a good source of information concerning staff size or skill requirements. Answer (b) is incorrect. It is not the best choice since there is not obvious link with scheduled work. Answer (c) is incorrect. That would not account for the unique needs of a particular organization. Answer (d) is incorrect. It is not the best choice since there is not obvious link with scheduled work.

Question: V2C3-0027
Which of the following is most essential for guiding the audit staff in maintaining daily compliance with the departments standards of performance?

Answers
A: Quality control reviews. B: Position descriptions. C: Performance appraisals. D: Policies and procedures.

Answer Explanations
Answer (a) is incorrect. Quality control reviews would evaluate compliance and not serve as a daily guide to the audit staff. Answer (b) is incorrect. Position descriptions provide the purpose description and responsibilities of individual positions but are not effective in the day-to-day management of the function. Answer (c) is incorrect. Performance evaluations are a periodic function and will not be effective on a day-to-day basis. Answer (d) is the correct answer. Comprehensive policies and procedures provided by the director of internal audit

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 16 of 262

guide the audit staff on a daily basis to ensure compliance with departments standards of performance.

Question: V2C3-0028
You have been selected to develop an internal auditing department for your company. Your approach would most likely be to hire

Answers
A: Internal auditors each of whom possesses all the skills required to handle all audit assignments. B: Inexperienced personnel and train them the way the company wants them trained. C: Degreed accountants since most audit work is accounting related. D: Internal auditors who collectively have the knowledge and skills needed to complete all internal audit assignments.

Answer Explanations
Answer (a) is incorrect. The scope of internal auditing is so broad that it is not possible for one individual to have the requisite expertise in all areas. Answer (b) is incorrect. It is desirable to have various skill levels to match auditors appropriately with varying assignment complexities. It is also necessary to have experienced auditors available to train and supervise less experienced staff members. Answer (c) is incorrect. Many skills are needed in internal auditing. Computer skills are widely needed in companies that perform information technology audits. Many industries find it necessary to have the skills of engineers and other disciplines available on a regular basis. Answer (d) is the correct answer. Having a collective mix of knowledge and skills is an integral part of the IIA Standards. No internal audit department can have a credible program without this mix.

Question: V2C3-0029
The director of a newly formed internal auditing department is in the process of drafting a formal written charter for the department. Which one of the following items, related to the operational effectiveness of the internal audit department, should be included in the charter?

Answers
A: The frequency of the audits to be performed. B: The manner by which audit findings will be reported. C: The procedures which the internal auditors will employ in investigating and reporting fraud. D: The internal auditors' unlimited access to those records, personnel, and physical properties that are relevant to the performance of the audits.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 17 of 262

Answer Explanations
Answer (a) is incorrect. The Standards state that the charter should (a) establish the departments position within the organization; (b) authorize access to records, personnel, and physical properties relevant to the performance of audits; and (c) define the scope of internal auditing activities. Accordingly, not only is the frequency of audits not included in the charter, but also such information is not related to the operational effectiveness of the internal audit department. Answer (b) is incorrect. The manner of reporting audit findings (how it is reported, to whom it will be reported, etc.) is not included in the charter and is not related to operational effectiveness of the internal audit department. Answer (c) is incorrect. The procedures to be employed by internal auditors in investigating and reporting fraud are not included in the charter. Answer (d) is the correct answer. The IIA Standards state that the charter should include the internal auditors access to those records, personnel and physical properties that are relevant to their work. Having limitations on such access would impact the operational effectiveness of the internal audit department because the internal auditor would not be able to conduct the audit in the proper approach that he designed it.

Question: V2C3-0030
A director of internal auditing has reviewed credentials, checked references, and interviewed a candidate for a staff position. The director concludes that the candidate has a thorough understanding of internal auditing techniques, accounting, and management. However, the director notes that the candidate has limited knowledge of economics and computer science. Which of the following actions would be most appropriate?

Answers
A: Reject the candidate because of the lack of knowledge required by the IIA Standards. B: Offer the candidate a position despite the lack of knowledge in certain essential areas. C: Encourage the candidate to obtain additional training in economics and computer science and then reapply. D: Offer the candidate a position if other staff members possess sufficient knowledge in economics and computer science.

Answer Explanations
Answer (a) is incorrect. The IIA Standards state the general subjects that staff should possess knowledge of, but clearly states that every auditor need not possess knowledge of all of them. Answer (b) is incorrect. The departments needs may be for additional expertise in economics or computer science. Answer (c) is incorrect. This may be good advice, but it does not adequately address the departments present needs. Answer (d) is the correct answer. This is the most realistic way to address the departments staffing needs.

Question: V2C3-0031
Which audit-planning tool is general in nature and is used to ensure adequate audit coverage over time?

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 18 of 262

Answers
A: The long-range schedule. B: The audit program. C: The department budget. D: The department charter.

Answer Explanations
Answer (a) is the correct answer. The long-range program gives evidence of coverage of key functions at planned intervals. Answer (b) is incorrect. The audit program is limited in scope to a particular project. Answer (c) is incorrect. The department budget may be used to justify head count, but it is not used to ensure adequate audit coverage over time. Answer (d) is incorrect. The department charter is not an audit-planning tool.

Question: V2C3-0032
A professional engineer applied for a position in the internal auditing department of a high-technology firm. The engineer became interested in the position after observing several internal auditors while they were auditing the engineering department. The director of internal auditing

Answers
A: Should not hire the engineer because of the lack of knowledge of internal auditing standards. B: May hire the engineer in spite of the lack of knowledge of internal auditing standards. C: Should not hire the engineer because of the lack of knowledge of accounting and taxes. D: May hire the engineer because of the knowledge of internal auditing gained in the previous position.

Answer Explanations
Answer (a) is incorrect. Each new employee of an internal auditing department is not required to have knowledge of internal auditing standards. It is required that the department collectively has this knowledge. Answer (b) is the correct answer. Internal auditing standards are required to be known by the department collectively. Individual internal auditing staff members may, however, bring special skills to the department instead of specific knowledge of internal auditing standards. Answer (c) is incorrect. Each individual internal auditor is not required to have knowledge of accounting or taxes. Answer (d) is incorrect. What knowledge that was acquired by observing is irrelevant to the skills necessary for internal auditing.

Question: V2C3-0033
file://C:\Program Files\Wiley\CIAExam\Print.htm 1/20/2010

Wiley CIA 2006 v1

Page 19 of 262

Upon being appointed, a new director of internal auditing found an inexperienced audit staff that was over budget on most audits. A detailed review of audit working papers revealed no evidence of progressive reviews by audit supervisors. Additionally, there was no evidence that a quality assurance program existed. As a means of controlling projects and avoiding time-budget overruns, decisions to revise time budgets for an audit should normally be made

Answers
A: Immediately after the preliminary survey. B: When a significant deficiency has been substantiated. C: When inexperienced audit staff is assigned to an audit. D: Immediately after expanding tests to establish reliability of findings.

Answer Explanations
Answer (a) is the correct answer. Time budgets should be appraised for revision after the preliminary survey and preparation of the audit program. Answer (b) is incorrect. When a deficiency has been substantiated, no further audit work is required. Answer (c) is incorrect. The assignment of inexperienced staff should have no effect on the time budget. Answer (d) is incorrect. Expanded tests should have no effect on the time budget; the budget would have already been expanded as necessary.

Question: V2C3-0034
Upon being appointed, a new director of internal auditing found an inexperienced audit staff that was over budget on most audits. A detailed review of audit working papers revealed no evidence of progressive reviews by audit supervisors. Additionally, there was no evidence that a quality assurance program existed. Determining that audit objectives have been met is part of the overall supervision of an audit assignment and is the ultimate responsibility of the

Answers
A: Staff internal auditor. B: Audit committee. C: Internal auditing supervisor. D: Director of internal auditing.

Answer Explanations
Answer (a) is incorrect because according to the IIA Standards, the director of internal auditing is responsible for supervision. Answer (b) is incorrect because according to the IIA Standards, the director of internal auditing is responsible for supervision.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 20 of 262

Answer (c) is incorrect because according to the IIA Standards, the director of internal auditing is responsible for supervision. Answer (d) is the correct answer. The director of internal auditing is responsible for supervision, including determining that audit objectives are being met.

Question: V2C3-0035
Upon being appointed, a new director of internal auditing found an inexperienced audit staff that was over budget on most audits. A detailed review of audit working papers revealed no evidence of progressive reviews by audit supervisors. Additionally, there was no evidence that a quality assurance program existed. To properly evaluate the operations of an internal auditing department, a quality assurance program should include

Answers
A: Periodic supervision of internal audit work on a sample basis. B: Internal reviews, by other than the internal audit staff, to appraise the quality of department operations. C: External reviews at least once every three years by qualified persons who are independent of the organization. D: Periodic rotation of audit managers.

Answer Explanations
Answer (a) is incorrect. Supervision should be carried out continually, not just on a periodic test basis.. Choice (b) is incorrect. Internal reviews should be conducted by internal auditors and should focus on specific audit projects Answer (c) is the correct answer. External reviews should be conducted at least once every three years. Choice (d) is incorrect. Periodic rotation of audit managers is not required.

Question: V2C3-0036
The internal auditing department of a large corporation has established its operating plan and budget for the coming year. The operating plan is restricted to the following categories: a prioritized listing of all audits, staffing, a detailed expense budget, and the commencement date of each audit. Which of the following best describes the major deficiency of this operating plan?

Answers
A: Requests by management for special projects are not considered. B: Opportunities to achieve operating benefits are ignored. C: Measurability criteria and targeted dates of completion are not provided.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 21 of 262

D: Knowledge, skills, and disciplines required to perform work are ignored.

Answer Explanations
Choice (a) is incorrect because prioritizing audits would consider these factors. Choice (b) is incorrect because prioritizing audits would consider these factors. Answer (c) is the correct answer. This is a requirement of the IIA Standards. Answer (d) is incorrect. Staffing for each audit would include this consideration.

Question: V2C3-0037
The capabilities of individual staff members are key features in the effectiveness of an internal auditing department. Select the primary consideration used when staffing an internal auditing department.

Answers
A: Background checks. B: Job descriptions. C: Continuing education. D: Organizational orientation.

Answer Explanations
Answer (a) is incorrect. Background checks help ensure that statements made by prospective employees are accurate. However, they are not the primary requisite. Answer (b) is the correct answer. Properly formulated job descriptions provide a basis for the identifying job qualifications (including training and experience). Answer (c) is incorrect. Continuing education occurs after the proper people are hired. Answer (d) is incorrect. A thorough orientation helps the new employee become productive more rapidly. However, it will not overcome hiring the wrong person.

Question: V2C3-0038
Internal audit staff members should be afforded an appropriate means through which they can discuss problems and receive updates regarding departmental policies. The most appropriate forum for this objective is

Answers
A: The department's informal communication lines. B: Intradepartment memoranda.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 22 of 262

C: Staff meetings. D: Employee evaluation conferences.

Answer Explanations
Answer (a) is incorrect. Informal communication is not the most appropriate forum. Answer (b) is incorrect. Memoranda are generally impersonal and do not afford a good opportunity for maximum exchange of ideas. Answer (c) is the correct answer. Formal staff meetings provide the best opportunity for ensuring that issues are addressed timely and efficiently. Answer (d) is incorrect. The employee evaluation conference is not a timely place to discuss problems and receive updates.

Question: V2C3-0039
The peer review process can be performed internally or externally. A distinguishing feature of the external review is its objective to

Answers
A: Identify tasks that can be performed better. B: Determine if audit activities meet professional standards. C: Set forth the recommendations for improvement. D: Provide an independent evaluation.

Answer Explanations
Answer (a) is incorrect. The internal peer review process will identify things that can be done better. Answer (b) is incorrect. The internal review process will assess if audit activities meet professional standards. Answer (c) is incorrect. The internal review process will set forth recommendations for improvement. Answer (d) is the correct answer. External review process will provide independent evaluation for management and the audit committee.

Question: V2C3-0040
Exit conferences serve to ensure the accuracy of the information used by an internal auditor. A secondary purpose of an exit conference is to

Answers
A: Get immediate action on a recommendation. B: Improve relations with auditees.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 23 of 262

C: Agree to the appropriate distribution of the final report. D: Brief senior management on the results of the audit.

Answer Explanations
Answer (a) is incorrect. An interim report would have been used to accomplish this. Answer (b) is the correct answer. The exit conference can be used to allow operating management to air their views and to present any operational objections to specific recommendations. Answer (c) is incorrect. The distribution of reports is not a secondary purpose of an exit conference. Choice (d) is incorrect. Senior management should be given a greatly condensed view of the results of an audit.

Question: V2C3-0041
The advantage attributed to the establishment of internal auditing field offices for work at remote locations is best described as

Answers
A: The possibility of increased objectivity of personnel assigned to a field office. B: A reduction of travel time and related travel expense. C: The increased ease of maintaining uniform company-wide standards. D: More contact with senior audit personnel leading to an increase in control.

Answer Explanations
Answer (a) is incorrect. Objectivity of field office personnel decreases. Answer (b) is the correct answer. It is an advantage of the field office. Answer (c) is incorrect. It is a disadvantage; it decreases the ease of maintaining standards. Answer (d) is incorrect. Senior audit personnel are expected to be at corporate level.

Question: V2C3-0042
The director of internal auditing is preparing the work schedule for the next budget year and has limited audit resources. In deciding whether to schedule the purchasing or the personnel department for an audit, which of the following would be the least important factor?

Answers
A: There have been major changes in operations in one of the departments. B: The audit staff has recently added an individual with expertise in one of the areas. C: There are more opportunities to achieve operating benefits in one of the departments than in the other.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 24 of 262

D: The potential for loss is significantly greater in one department than the other.

Answer Explanations
Answer (a) is incorrect because it is an important factor according to the IIA Standards. Answer (b) is the correct answer. Audit needs, not auditor skill availability, should drive audit schedules. Answer (c) is incorrect because it is an important factor according to the IIA Standards. Answer (d) is incorrect because it is an important factor according to the IIA Standards.

Question: V2C3-0043
According to the IIA Standards, an internal auditing departments activity reports should

Answers
A: List the material findings of major audits. B: List unresolved findings. C: Report the weekly activities of the individual auditors. D: Compare audits completed with audits planned.

Answer Explanations
Answer (a) is incorrect because it is not an activity report as defined by the IIA Standards. Answer (b) is incorrect because it is not an activity report as defined by the IIA Standards. Answer (c) is incorrect because it is not an activity report as defined by the IIA Standards. Answer (d) is the correct answer. This information is a status report to be provided to the audit oversight authority.

Question: V2C3-0044
The best means for the internal auditing department to determine whether its goal of implementing broader audit coverage of functional activities has been met is through

Answers
A: Accumulation of audit findings by auditable area. B: Comparison of the audit plan to actual audit activity. C: Surveys of management satisfaction with the internal auditing function.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 25 of 262

D: Implementation of a quality assurance program.

Answer Explanations
Answer (a) is incorrect. The number of audit findings is not an indicator of audit breadth or quality. Answer (b) is the correct answer. Comparison of the plan to actual activity will reveal if the planned breadth was achieved. Answer (c) is incorrect. Management satisfaction does not directly relate to the expressed goal (broader audit coverage). Answer (d) is incorrect. Implementation of a quality assurance program has no bearing on the stated goal.

Question: V2C3-0045
Why should organizations require auditees to promptly reply and outline the corrective action that has been implemented on reported deficiencies?

Answers
A: To remove items from the "pending" list as soon as possible. B: To institute compliance as early as possible. C: To indicate concurrence with the audit findings. D: To ensure that the audit schedule is kept up-to-date.

Answer Explanations
Answer (a) is incorrect. This is an immaterial aspect of the audit reporting process. Answer (b) is the correct answer. The objective of the audit is to institute compliance with the auditees corrective action as early as possible so that the organization will benefit from the action taken. Answer (c) is incorrect. The auditee may not concur with the audit finding at all times. Answer (d) is incorrect. This is an administrative function of the audit department.

Question: V2C3-0046
Which of the following factors serves as a direct input to the internal auditing departments financial budget?

Answers
A: Audit work schedules. B: Activity reports. C: Past effectiveness of the internal auditing department in identifying cost savings. D: Auditing department's charter.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 26 of 262

Answer Explanations
Answer (a) is the correct answer. As specified in the IIA Standards, audit work schedules determine both staffing plans and financial budgets. Answer (b) is incorrect. Activity reports compare actual performance with goals and schedules and compare actual expenditures with financial budgets. Answer (c) is incorrect. While past performance is an indicator of the value of internal auditing, it will not impact the funds committed to current operations. Answer (d) is incorrect. The charter for an internal auditing department defines the purpose, authority, and responsibility of the department.

Question: V2C3-0047
While attending a social function, an internal auditor described to a group of friends the elements of a sensitive audit on which he was working. The internal auditing directors best avenue for proceeding is to

Answers
A: Fire the auditor to set an example for other auditors. B: Remove the auditor from all audits in that area, or in other sensitive areas. C: Reprimand the auditor for "talking shop" at a social function. D: Explain that the act is an ethical violation of the profession and that further such action could result in dismissal or other serious effects.

Answer Explanations
Answer (a) is incorrect. There was no intent to do wrong. The sanction is probably too severe. Also, the staff may lose a good auditor. Answer (b) is incorrect. The single occurrence described does not warrant this action. Answer (c) is incorrect. This is partly correct but it has no instructive value. Answer (d) is the correct answer. This is an instructive solution and explains the defect in the actions of the internal auditor.

Question: V2C3-0048
The internal auditing department for a large corporation recently concluded an audit of sales department travel expenses. Which of the following groups should receive a copy of the audit report?

Answers
A: Sales director and vice president for marketing. B: Chairman of the board, chief operating officer, and vice president for marketing. C: Chairman of the board, controller, and sales director.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 27 of 262

D: Chief financial officer, sales director, and chief executive officer.

Answer Explanations
Answer (a) is the correct answer. Audit reports should be distributed to those members of the organization who are able to ensure that audit results are given due consideration. In this case, the sales director and vice president of marketing would be sufficient. Answer (b) is incorrect. The distribution should include only that shown in answer (a). The chairman of the board and chief operating officer need not be involved unless significant problems were revealed. Answer (c) is incorrect. The distribution should include only that shown in answer (a). The chairman of the board and controller need not be involved unless significant problems were revealed. Answer (d) is incorrect. The distribution should include only that shown in answer (a). Chief financial officer and chief executive officer involvement would not be needed.

Question: V2C3-0049
External review of an internal auditing department is not likely to evaluate

Answers
A: Adherence to the internal auditing department's charter. B: Compliance with the IIA Standards. C: Detailed cost-benefit analysis of the internal auditing department. D: Audit planning documents, particularly those submitted to senior management and the audit committee.

Answer Explanations
Answer (a) is incorrect. It is included in the evaluation of the performance of an internal auditing department per the IIA Standards. Answer (b) is incorrect. It is included in the evaluation of the performance of an internal auditing department per the IIA Standards. Answer (c) is the correct answer. The cost benefit of internal auditing is neither easily quantifiable nor the subject of an external review. Answer (d) is incorrect. It is included in the evaluation of the performance of an internal auditing department per the IIA Standards.

Question: V2C3-0050
An internal auditing manager has a small team of employees, but each individual is self-motivated and could be termed a high achiever. The audit manager has been given a particularly difficult assignment. Even for a high achiever, the probability that this job can be completed by one individual by the required deadline is low. Select the best course for the audit manager.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 28 of 262

Answers
A: Assign one individual since high achievers thrive on high risks. B: Assign two staff members to moderate the risk of failure. C: Assign the entire staff to ensure the risk of failure is low. D: Ask company management to cancel the job.

Answer Explanations
Answer (a) is incorrect because high achievers prefer moderate risks. They perform best with moderate risks. Answer (b) is the correct answer. High achievers thrive when the job provides for personal responsibility, feedback, and moderate risks. Answer (c) is incorrect because high achievers prefer moderate risks. They perform best with moderate risks. Answer (d) is incorrect because high achievers prefer moderate risks. They perform best with moderate risks.

Question: V2C3-0051
Recent criticism of an internal auditing department suggested that audit coverage was not providing adequate feedback to senior management on the processes used in the organizations key lines of business. The problem was further defined as lack of feedback on the recent implementation of automated support systems. Which two functions does the director of internal auditing need to improve?

Answers
A: Staffing and communicating. B: Staffing and decision making. C: Planning and organizing. D: Planning and communicating.

Answer Explanations
Answer (a) is incorrect. There is no indication that there are staffing problems (i.e., insufficient audit personnel) or that audit personnel lack necessary skills to provide feedback on automated support systems. Answer (b) is incorrect. There is no indication that staffing or decision making is a problem. Answer (c) is incorrect. There is no indication that organizing is a problem. Answer (d) is the correct answer. The problem of lack of feedback indicates the director has problems in planning and allocating audit resources and communicating this need to the audit staff.

Question: V2C3-0052
file://C:\Program Files\Wiley\CIAExam\Print.htm 1/20/2010

Wiley CIA 2006 v1

Page 29 of 262

In some cultures and organizations, managers insist that the internal auditing function is not needed to provide a critical assessment of the organizations operations. A management attitude such as this will most probably have an adverse affect on the internal auditing departments

Answers
A: Operating budget variance. B: Charter. C: Performance appraisals. D: Policies and procedures.

Answer Explanations
Answer (a) is incorrect. An operating budget variance report is a control device used to monitor actual performance versus budget. Management foot-dragging could cause unfavorable variances, but favorable variances could also occur if many audits were cut short due to scope impairments. Answer (b) is the correct answer. In this type of situation, management is highly averse to analysis or possible criticism of their actions and will not grant the internal auditors an adequate charter. Answer (c) is incorrect. An unbiased evaluation of audit staff would not be affected by lack of cooperation on the part of nonaudit management. Answer (d) is incorrect. Policies and procedures of the internal audit function are developed by the internal audit department and should not be affected by nonaudit management.

Question: V2C4-0001
When an auditors sampling objective is to obtain a measurable assurance that a sample will contain at least one occurrence of a specific critical exception existing in a population, the sampling approach to use is

Answers
A: Random. B: Discovery. C: Probability proportional to size. D: Variables.

Answer Explanations
Answer (a) is incorrect. Random sampling deals only with the technique used to choose the sample. Answer (b) is the correct answer. Discovery sampling is structured to measure the probability of at least one exception occurring in a sample if there are a minimum number of errors in the population. Answer (c) is incorrect. Probability-proportional-to-size (PPS) sampling deals with the technique used to select items but does not apply when attempting to discover critical occurrences. Answer (d) is incorrect. Variables sampling need not include at least one exception of a critical occurrence.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 30 of 262

Question: V2C4-0002
Management is legally required to prepare a shipping document for all movement of hazardous materials. The document must be filed with bills of lading. Management expects 100% compliance with the procedure. Which of the following sampling approaches would be most appropriate?

Answers
A: Attributes sampling. B: Discovery sampling. C: Targeted sampling. D: Variables sampling.

Answer Explanations
Answer (a) is incorrect. Attributes sampling is too broad. Answer (b) is the correct answer. Discovery sampling is best because this application deals with an attribute that is expected to be quite rare. Answer (c) is incorrect. Targeted sampling is a nonsense term. Answer (d) is incorrect. Variables sampling deals with monetary amounts.

Question: V2C4-0003
The appropriate sampling plan to use to identify at least one irregularity, assuming some number of such irregularities exist in a population, and then to discontinue sampling when one irregularity is observed is

Answers
A: Stop-and-go sampling. B: Discovery sampling. C: Variables sampling. D: Attributes sampling.

Answer Explanations
Answer (a) is incorrect. It involves discontinuing the sampling when a target error rate is achieved. Answer (b) is the correct answer. Answer (b) involves identifying characteristics that could include discovering single instances of suspected special characteristics (irregularities). Answer (c) is incorrect. It involves reducing sample size by separating the population into groups of items with similar values. Answer (d) is incorrect. It involves identifying characteristics of the sample and projecting those to the population.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 31 of 262

Question: V2C4-0004
After partially completing an internal control review of the accounts payable department, the auditor suspects that some type of fraud has occurred. To ascertain whether the fraud is present, the best sampling approach would be to use

Answers
A: Simple random sampling to select a sample of vouchers processed by the department during the past year. B: Probability-proportional-to-size sampling to select a sample of vouchers processed by the department during the past year. C: Discovery sampling to select a sample of vouchers processed by the department during the past year. D: Judgmental sampling to select a sample of vouchers processed by clerks identified by the department manager as acting suspiciously.

Answer Explanations
Answer (a) is incorrect. This approach would be appropriate if the extent of fraud were to be estimated. Answer (b) is incorrect. This approach would be appropriate if the monetary value of fraud were to be estimated. Answer (c) is the correct answer. The purpose here is to determine whether any fraud has taken place, rather than to estimate its overall frequency. Discovery sampling is a method designed specifically to do this. Answer (d) is incorrect. It would be difficult to determine what an adequate sample would be in this case, but a more important issue is restricting the population considered to the vouchers processed by workers that the department manager considers suspicious. This presents a significant potential for biasing the sample because of the potential conflict of interest of the department manager.

Question: V2C4-0005
Because of control weaknesses, it is possible that the individual managers of 122 restaurants could have placed fictitious employees on the payroll. Each restaurant employs between 25 and 30 people. To efficiently determine whether this fraud exists at less than a 1% level, the auditor should use

Answers
A: Attributes sampling. B: Judgment sampling. C: Directed sampling. D: Discovery sampling.

Answer Explanations

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 32 of 262

Answer (a) is incorrect. Attribute sampling could work, but it would not be as efficient as discovery sampling. Answer (b) is incorrect. Judgment sampling cannot provide the needed statistical assurance. Answer (c) is incorrect. Directed sampling focuses on certain transactions or locations that are likely to contain errors. Its use is not indicated. Answer (d) is the correct answer. Discovery sampling is most often interested in the occurrence of fraud. It efficiently defines a sampling effort that will have a specified probability of containing at least one occurrence of the attribute within the population, given that it is expected to occur at a certain rate.

Question: V2C4-0006
In the audit of a health insurance claims processing department, a sample is taken to test for the presence of fictitious payees, although none is suspected. The most appropriate sampling plan would be

Answers
A: Attributes sampling. B: Discovery sampling. C: Variables sampling. D: Stop-and-go sampling.

Answer Explanations
Answer (a) is incorrect. Attributes sampling implies a fixed sample size and a need to project a sample occurrence rate. Answer (b) is the correct answer. Discovery sampling is appropriate when a near-zero error rate is expected and the characteristic under scrutiny is critical. Answer (c) is incorrect. Sampling for attributes not a variable. Answer (d) is incorrect. It is not in accord with the audit objective.

Question: V2C4-0007
An auditor applying a discovery sampling plan with a 5% risk of over-reliance may conclude that there is

Answers
A: A 95% probability that the actual rate of occurrence in the population is less than the critical rate if only one exception is found. B: A 95% probability that the actual rate of occurrence in the population is less than the critical rate if no exceptions are found. C: A 95% probability that the actual rate of occurrence in the population is less than the critical rate if the occurrence rate in the sample is less than the critical rate.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 33 of 262

D: Greater than a 95% probability that the actual rate of occurrence in the population is less than the critical rate if no exceptions are found.

Answer Explanations
Answer (a) is incorrect. There is a 95% probability that the actual rate of occurrence is equal to or greater than the critical rate if one exception is found. Answer (b) is the correct answer. If no exceptions are found, the correct conclusion is that the occurrence rate is less than the critical rate at a given probability level. Answer (c) is incorrect. There is a 95% probability that the actual rate is equal to or exceeds the critical rate if any exceptions are found. Answer (d) is incorrect. The probability does not increase because no exceptions were found.

Question: V2C4-0008
An internal auditor suspects fraud. Which of the following sample plans should be used if the purpose is to select a sample with a given probability of containing at least one example of the irregularity?

Answers
A: Attributes. B: Discovery. C: Stop and go. D: Probability proportional to size.

Answer Explanations
Answer (a) is incorrect. Attribute sampling is for normal compliance testing. It is not used when very, very few errors are expected. Answer (b) is the correct answer. Discovery sampling is used when the internal auditor suspects a rare but material error or fraud. The plan seeks to select a sample just large enough to include one example of the error or irregularity a specified percentage of the time. Answer (c) is incorrect. Stop-and-go is a form of attribute sampling. Answer (d) is incorrect. Probability-proportional-to-size (monetary-unit) sampling is used for substantive testing. It allows the verification of values whose range lies between positive and negative infinity.

Question: V2C4-0009
What is a data diddling technique?

Answers
A: Changing data before input to a computer system. B: Changing data during input to a computer system.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 34 of 262

C: Changing data during output from a computer system. D: Choices a, b, and c.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (d) is the correct answer. Data diddling involves changing data before or during input to computers or during output from a computer system.

Question: V2C4-0010
What is a salami technique?

Answers
A: Taking small amounts of assets. B: Using "rounding-down" concept. C: Stealing small amounts of money from bank accounts. D: Choices a, b, and c.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (d) is the correct answer. A salami technique is a theft of small amounts of assets and money from a number of sources (e.g., bank accounts, inventory accounts, and accounts payable and receivable accounts). It is also using the rounding-down concept, where a fraction of money is taken from bank accounts.

Question: V2C4-0011
Data diddling can be prevented by all of the following except:

Answers
A: Access controls. B: Program change controls.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 35 of 262

C: Rapid correction of data. D: Integrity checking.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. Data diddling can be prevented by limiting access to data and programs and limiting the methods used to perform modification to such data and programs. Integrity checking also helps in prevention. Rapid detection is neededthe sooner the betterbecause correcting data diddling is expensive.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0012
A reliable way to detect superzapping work is by

Answers
A: Comparing current data files with previous data files. B: Examining computer usage logs. C: Noting discrepancies by those who receive reports. D: Reviewing undocumented transactions.

Answer Explanations
Answer (a) is the correct answer. Superzapping leaves no evidence of file changes, and the only reliable way to detect this activity is by comparing current data files with previous generations of the same file. Answer (b) is incorrect. Computer usage logs may not capture superzapping activity. Answer (c) is incorrect. Users may not detect changes in their reports. Answer (d) is incorrect. It is very difficult to find, let alone review, the undocumented transactions. Even if these transactions are found, there is no assurance that the task is complete.

Question: V2C4-0013
With respect to computer security and fraud, a legal liability exists to an organization under which of the following conditions?

Answers
A: When estimated security costs are greater than estimated losses.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 36 of 262

B: When estimated security costs are equal to estimated losses. C: When estimated security costs are less than estimated losses. D: When actual security costs are equal to actual losses.

Answer Explanations
Answer (a) is incorrect. This poses no legal liability because costs are greater than losses. Answer (b) is incorrect. This requires judgment and qualitative considerations because costs are equal to losses. Answer (c) is the correct answer. Courts do not expect organizations to spend more money than losses resulting from a security flaw, threat, risk, or vulnerability. Implementing countermeasures and safeguards to protect information system assets cost money. Losses can result from risks, that is, exploitation of vulnerabilities. When estimated costs are less than estimated losses, then a legal liability exists. Courts can argue that the organizations management should have installed safeguards but did not and that management did not exercise due care and due diligence. Answer (d) is incorrect. This is not applicable because actual costs and losses are not known at the time of implementing safeguards.

Question: V2C4-0014
Are an investigators handwritten notes considered valid evidence in court of law?

Answers
A: No. B: Maybe. C: Yes. D: Depends.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. An investigators handwritten notes are considered valid evidence as long as the affected parties can read and understood the notes. Handwritten notes are no different from typed or printed versions.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0015
A security investigator or law enforcement officer should observe which of the following during a computer crime investigation?

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 37 of 262

Answers
A: Chain of events. B: Chain of custody. C: Chain of computers. D: Chain of logs.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. Chain of custody is required when evidence is collected and handled so that there is no dispute about it.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0016
Which of the following security techniques allow time for response by investigative authorities?

Answers
A: Deter. B: Detect. C: Delay. D: Deny.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. If a system perpetrator can be delayed longer while attacking a computer system, investigative authorities can trace his or her origins and location. Answers (a), (b), and (d) would not allow such a trap.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0017
file://C:\Program Files\Wiley\CIAExam\Print.htm 1/20/2010

Wiley CIA 2006 v1

Page 38 of 262

Most of the evidence submitted in a computer crime case is

Answers
A: Legal evidence. B: Documentary evidence. C: Secondary evidence. D: Admissible evidence.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. Documentary evidence is created information, such as letters, contracts, accounting records, invoices, and management information reports on performance and production. Legal evidence is a broad term, and is not be useful here. Secondary evidence is any evidence offered to prove the writing other than the writing itself and is a part of the best evidence rule. The best evidence is original. Admissible evidence is evidence that is revealed to the jury or other trier of fact with express or implied permission to use it in deciding disputed issues of fact.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0018
When computers and peripheral equipment are seized in relation to a computer crime, it is an example of

Answers
A: Duplicate evidence. B: Physical evidence. C: Best evidence. D: Collateral evidence.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. Direct inspection or observation of people, property, or events obtains physical evidence. Duplicate evidence is a document that is produced by some mechanical process that makes it more reliable evidence of the contents of the original than other forms of secondary evidence (e.g., a photocopy of the original). Modern statutes make duplicates easily substitutable for an original. Duplicate evidence is a part of the best evidence rule. Best evidence is evidence that is the most natural and reliable. The best evidence is primary.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 39 of 262

Collateral evidence is evidence relevant only to some evidential fact and that is not by itself relevant to a consequential fact.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0019
From a computer security viewpoint, courts expect what amount of care from organizations?

Answers
A: Super care. B: Due care. C: Extraordinary care. D: Great care.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. Courts will find computer owners responsible for their insecure systems. Courts will not find liability every time a computer is hijacked. Rather, courts will expect organizations to become reasonably prudent computer owners taking due care (reasonable care) to ensure adequate security. The term due care means having the right policies and procedures, access controls, firewalls, and other reasonable security measures in place. Computer owners need not take super care, great care, or extraordinary care.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0020
Which of the following is not a criminal activity in most jurisdictions?

Answers
A: Writing a computer virus program. B: Using a computer virus program. C: Releasing a computer virus program. D: Spreading a computer virus program.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 40 of 262

Answer Explanations
Answer (a) is the correct answer. It is the intentions of the developer of a computer virus program that matter the most in deciding what is a criminal activity. Simply writing a virus program is not a criminal activity. However, using, releasing, and spreading a virus with bad intentions of destroying computer resources are the basis for criminal activity.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0021
Once evidence is seized, a law enforcement officer should follow which of the following?

Answers
A: The chain of command. B: The chain of control. C: The chain of custody. D: The chain of communications.

Answer Explanations
Answer (a) is incorrect. The term chain of command refers to relationships between a superior and a subordinate in a workplace setting. Answer (b) is incorrect. The chain of control is a distracter. Answer (c) is the correct answer. The chain of custody or the chain of evidence is a method of authenticating an object by the testimony of witnesses who can trace possession of the object from hand to hand and from the beginning to the end. Answer (d) is incorrect. The chain of communication is a distracter.

Question: V2C4-0022
The concept of admissibility of evidence does not include which of the following?

Answers
A: Relevance. B: Competence. C: Materiality.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 41 of 262

D: Sufficiency.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (d) is the correct answer. Laying a proper foundation for evidence is the practice or requirement of introducing evidence of things necessary to make further evidence relevant, material, or competent. Sufficiency is not part of the concept of admissibility of evidence. Relevant evidence is evidence that had some logical tendency to prove or disprove a disputed consequential fact. Competent evidence (i.e., admissible evidence) is evidence that satisfied all the rules of evidence except those dealing with relevance. Materiality is the notion that evidence must be relevant to a fact that is in dispute between the parties.

Question: V2C4-0023
The chain of custody does not ask which of the following questions?

Answers
A: Who damaged the evidence? B: Who collected the evidence? C: Who stored the evidence? D: Who controlled the evidence?

Answer Explanations
Answer (a) is the correct answer. The chain of custody deals with who collected, stored, and controlled the evidence and does not ask who damaged the evidence. It looks at the positive side of the evidence. If the evidence is damaged, there is nothing to show in the court.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0024
When large volumes of writing are presented in court, which type of evidence is inapplicable?

Answers
A: Best evidence.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 42 of 262

B: Flowchart evidence. C: Magnetic tapes evidence. D: Demonstrative evidence.

Answer Explanations
Answer (a) is the correct answer. Best evidence is primary evidence, which is the most natural evidence. Best evidence gives the most satisfactory proof of the fact under investigation. It is confined to documents, records, and papers. A recommendation for cases with a large volume of evidence is to assemble a single exhibit book containing all documents, send copies to the defense and to the judge, and introduce it as a single exhibit in court. This saves time in court. Also, prepare a record of exhibits, the counts each is connected with, and the names of the witnesses who are to testify as to each item. Both flowchart evidence and magnetic tape evidence are proper. Demonstrative evidence or visual aids can be real things (i.e., a gun of the same type used in a homicide) or representation of real things (i.e., a photograph or map).

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0025
Evidence is needed to do which of the following?

Answers
A: Charge a case. B: Classify a case. C: Make a case. D: Prove a case.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (d) is the correct answer. Proper elements of proof and correct types of evidence are needed to prove a case.

Question: V2C4-0026
What determines whether a computer crime has been committed?

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 43 of 262

Answers
A: When the crime is reported. B: When a computer expert has completed his or her work. C: When the allegation has been substantiated. D: When the investigation is completed.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. A computer crime is committed when the allegation is substantiated with proper evidence that is relevant, competent, and material.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0027
The correct sequence of preliminary investigation is I. Consult with a computer expert. II. Prepare an investigative plan. III. Consult with a prosecutor. IV. Substantiate the allegation.

Answers
A: IV, I, II, and III. B: III, I, II, and IV. C: IV, II, III, and I. D: I, IV, II, and III.

Answer Explanations
Answer (a) is the correct answer. Step 1 is substantiating the allegation. Step 2 is consulting with a computer expert, as appropriate. Step 3 is preparing an investigation plan that sets forth the scope of the investigation and serves as a guide in determining how much technical assistance will be needed. Step 4 is consulting with a prosecutor, depending on the nature of the allegation and scope of the investigation. Items to discuss with the prosecutor may include the elements of proof, evidence required, and parameters of a prospective search.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 44 of 262

Question: V2C4-0028
The objective of which of the following team members is similar to that of the information systems security officer involved in a computer crime investigation?

Answers
A: An investigator. B: A district attorney. C: A computer expert. D: An internal systems auditor.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (d) is the correct answer. A team approach is desirable when a computer-related crime case is a complex one. Each person has a definite and different role and brings varied capabilities to the team approach. Both the internal system auditors and the security officers objectives are the same since they work for the same organization. The objectives are to understand system vulnerabilities, to strengthen security controls, and to support the investigation. A district attorneys role is to prove the case while the objective of the investigator is to gather facts.

Question: V2C4-0029
A search warrant is required

Answers
A: Before the allegation has been substantiated. B: After establishing the probable cause(s). C: Before identifying the number of investigators needed. D: After seizing the computer and related equipment.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 45 of 262

Answer (b) is the correct answer. Once the allegation has been substantiated, the prosecutor should be contacted to determine if there is probable cause for a search. Because of the technical orientation of a computer-related crime investigation, presenting a proper technical perspective in establishing probable cause becomes crucial to securing a search warrant.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0030
In a computer-related crime investigation, computer evidence is

Answers
A: Volatile and invisible. B: Apparent and magnetic C: Electronic and inadmissible. D: Difficult and erasable.

Answer Explanations
Answer (a) is the correct answer. Discovery and recognition is one of the seven considerations involved in the care and handling of evidence. It is the investigators capability to discover and to recognize the potential source of evidence. When a computer is involved, the evidence is probably not apparent or visible. Nevertheless, the investigator must recognize that computer storage devices are nothing more than electronic or magnetic file cabinets and should be searched if it would normally be reasonable to search an ordinary file cabinet. The evidence is highly volatile, that is, subject to change.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0031
In a computer-related crime investigation, maintenance of evidence is important for which of the following reasons?

Answers
A: To record the crime. B: To collect the evidence. C: To protect the evidence.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 46 of 262

D: To avoid problems of proof.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (d) is the correct answer. It is proper to maintain computer-related evidence. Special procedures are needed to avoid problems of proof caused by improper care and handling of such evidence.

Question: V2C4-0032
If a computer or peripheral equipment involved in a computer crime is not covered by a search warrant, what should the investigator do?

Answers
A: Seize it before someone takes it away B: Leave it alone until a warrant can be obtained. C: Analyze the equipment or its contents, and record it. D: Store it in a locked cabinet in a secure warehouse.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. If a computer or peripheral equipment involved in a computer crime is not covered by a search warrant, leave it alone until a warrant can be obtained. The point is that a warrant is required for anything to be collected by the investigator.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0033
All of the following are proper ways to handle the computer equipment and magnetic media items involved in a computer crime investigation except:

Answers
A: Seal, store, and tag the items. B: Seal and store items in a cardboard box.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 47 of 262

C: Seal and store items in a paper bag. D: Seal and store items in a plastic bag.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (d) is the correct answer. After all equipment and magnetic media have been labeled and inventoried, seal and store each item in a paper bag or cardboard box to keep out dust. An additional label should be attached to the bag identifying its contents and noting any identifying numbers, such as the number of the evidence tag. Do not use plastic bags or sandwich bags to store any piece of computer equipment and/or magnetic storage media, since plastic material can cause both static electricity and condensation, which can damage electronically stored data and sensitive electronic components.

Question: V2C4-0034
Indicate the most objective and relevant evidence in a computer environment involving fraud.

Answers
A: Physical examination. B: Physical observation. C: Inquiries of people. D: Computer logs.

Answer Explanations
Answer (a) is incorrect. Physical examination may not be possible in a computer environment due to automated records. Answer (b) is incorrect. Physical observation may not be possible in a computer environment due to automated records. Answer (c) is incorrect. Inquiries of people may not give in-depth answers due to their lack of specific knowledge about how a computer system works. Answer (d) is the correct answer. Relevant evidence is essential for a successful computer fraud examination. For example, data usage and access control security logs will identify (1) who has accessed the computer, (2) what information was accessed, (3) where the computer was accessed, and (4) how long the access lasted. These logs can be manually or computer maintained; the latter method is more timely and reliable than the former method.

Question: V2C4-0035
Which of the following is needed to produce technical evidence in computer-related crimes?

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 48 of 262

Answers
A: Audit methodology. B: System methodology. C: Forensic methodology. D: Criminal methodology.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. A forensic methodology is a process for the analysis of electronically stored data. The process must be completely documented to ensure that the integrity of the evidence is not questioned in court. The forensic methodology deals with technical evidence. The audit methodology deals with reviewing business transactions and systems and reaching an opinion by an auditor. The phrases system methodology and criminal methodology are too vague; they have many meanings.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0036
The final stage of reporting results of computer evidence life cycle is

Answers
A: Return. B: Receive. C: Examine. D: Report.

Answer Explanations
Answer (a) is the correct answer. The first stage is preparing a report documenting what was done and the results obtained. The second stage is sending printouts and reports to the contributor or subject matter expert for additional analysis. The third stage is repacking the computer and all magnetic disks. The final stage is returning the evidence to the contributor.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 49 of 262

Question: V2C4-0037
Which of the following investigative tools is most effective when large volumes of evidence need to be analyzed?

Answers
A: Interviews. B: Questionnaires. C: Forensic analysis. D: Computer.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (d) is the correct answer. Computers can be used to collect and compile large amounts of data and provide statistics, reports, and graphs to assist the investigator in analysis and decision making. Forensic analysis is the art of retrieving computer data in such a way that will make it admissible in court.

Question: V2C4-0038
Which of the following methods is acceptable to handle computer equipment seized in a computer crime investigation?

Answers
A: Exposing the magnetic media to radio waves. B: Laying the magnetic media on top of electronic equipment. C: Subjecting the magnetic media to forensic testing. D: Leaving the magnetic media in the trunk of a vehicle containing a radio unit.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. Forensic analysis is the art of retrieving computer data in such a way that will make it admissible in court. Exposing magnetic media to magnetic fields, such as radio waves, may alter or destroy data. Do not carry magnetic media in the trunk of a vehicle containing a radio unit, and do not lay magnetic media on top of any electronic equipment.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 50 of 262

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0039
Computer fraud is discouraged by

Answers
A: Being willing to prosecute. B: Ostracizing whistle-blowers. C: Overlooking inefficiencies in the judicial system. D: Accepting the lack of integrity in the system.

Answer Explanations
Answer (a) is the correct answer. Situational pressures (e.g., gambling, drugs), opportunities to commit fraud (e.g., weak system of controls), and personal characteristics (e.g., lack of integrity, honesty) are major causes of fraud, whether computer-related or not. There is nothing new about the act of committing fraud. There is no new way to commit fraud because someone has already tried it somewhere. Answer (b) is incorrect. This encourages computer fraud whereas choice (a) discourages it. Willingness to prosecute sends a strong message to the potential perpetrators. Answer (c) is incorrect. This encourages computer fraud whereas choice (a) discourages it. Willingness to prosecute sends a strong message to the potential perpetrators. Answer (d) is incorrect. This encourages computer fraud whereas choice (a) discourages it. Willingness to prosecute sends a strong message to the potential perpetrators.

Question: V2C4-0040
Identify the computer-related crime and fraud method that involves obtaining information that may be left in or around a computer system after the execution of a job.

Answers
A: Data diddling. B: Salami technique. C: Scavenging. D: Piggybacking.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 51 of 262

Answer Explanations
Answer (a) is incorrect. Data diddling involves changing data before or during input to computers or during output from a computer system. Answer (b) is incorrect. The salami technique is a theft of small amounts of assets (primarily money) from a number of sources. Answer (c) is the correct answer. Scavenging fits the description. Answer (d) is incorrect. Piggybacking can be done physically and electronically. Both involve gaining access to a controlled area without authorization.

Question: V2C4-0041
Computer fraud is increased when

Answers
A: Employees are not trained. B: Documentation is not available. C: Audit trails are not available. D: Employee performance appraisals are not given.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. Audit trails indicate what actions are taken by the system. The fact that the system has adequate and clear audit trails will deter fraud perpetrators because they fear getting caught. There is no direct correlation between computer fraud and the other three things indicated in the three choices.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0042
Internal auditors would be more likely to detect fraud if they developed/strengthened their ability to

Answers
A: Recognize and question changes which occur in organizations. B: Interrogate fraud perpetrators to discover why the fraud was committed. C: Develop internal controls to prevent the occurrence of fraud.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 52 of 262

D: Document computerized operating system programs.

Answer Explanations
Answer (a) is the correct answer. The recognition and questioning of change is critical to the detection of fraud. Answer (b) is incorrect. Interrogation of fraud perpetrators occurs after detection. Answer (c) is incorrect. The controls mentioned are preventive, not detective. Answer (d) is incorrect. Documentation of operating systems is not within the scope of internal auditing, and would do little to enhance fraud detection skills.

Question: V2C4-0043
According to the IIA Standards, which of the following best describes the two general categories or types of fraud that concern most internal auditors?

Answers
A: Improper payments (i.e., bribes and kickbacks) and tax fraud. B: Fraud designed to benefit the organization and fraud perpetrated to the detriment of the organization. C: Acceptance of bribes or kickbacks and improper related-party transactions. D: Acceptance of kickbacks or embezzlement and misappropriation of assets.

Answer Explanations
Answer (a) is incorrect. These are examples of kinds of fraud within the two general categories or types given in the Standards. Answer (b) is the correct answer. These are the two overall categories or types of fraud given in the IIA Standards. Answer (c) is incorrect. These are examples of kinds of fraud within the two general categories or types given in the Standards. Answer (d) is incorrect. These are examples of kinds of fraud within the two general categories or types given in the Standards.

Question: V2C4-0044
A company hired a highly qualified accounts payable manager who had been terminated from another company for alleged wrongdoing. Six months later the manager diverted $12,000 by sending duplicate payments of invoices to a relative. A control that might have prevented this situation would be to

Answers
A: Adequately check prior employment backgrounds for all new employees. B: Not hire individuals who appear overqualified for a job.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 53 of 262

C: Verify educational background for all new employees. D: Check to see if close relatives work for vendors.

Answer Explanations
Answer (a) is the correct answer. This practice might give some leads to previous shortcomings. Answer (b) is incorrect. Individuals in their declining years may be forced to accept jobs below their full capabilities. Answer (c) is incorrect. This does not include checking prior employment. Answer (d) is incorrect. This is not an adequate control in this scenario.

Question: V2C4-0045
Red flags are conditions that indicate a higher likelihood of fraud. Which of the following would not be considered a red flag?

Answers
A: Management has delegated the authority to make purchases under a certain dollar limit to subordinates. B: An individual has held the same cash-handling job for an extended period without any rotation of duties. C: An individual handling marketable securities is responsible for making the purchases, recording the purchases, and reporting any discrepancies and gains/losses to senior management. D: The assignment of responsibility and accountability in the accounts receivable department is not clear.

Answer Explanations
Answer (a) is the correct answer. This is an acceptable control procedure aimed at limiting risk while promoting efficiency. It is not, by itself, considered a red flag. Answer (b) is incorrect. Lack of rotation of duties or cross-training for sensitive jobs is one of the red-flag list factors. Answer (c) is incorrect. This would be an example of an inappropriate segregation of duties, which is an identified red flag. Answer (d) is incorrect. This is an identified red flag.

Question: V2C4-0046
Internal auditors and management have become increasingly concerned about computer fraud. Which of the following control procedures would be least important in preventing computer fraud?

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 54 of 262

A: Program change control that requires a distinction between production programs and test programs. B: Testing of new applications by users during the systems development process. C: Segregation of duties between the applications programmer and the program librarian function. D: Segregation of duties between the programmer and systems analyst.

Answer Explanations
Answer (a) is incorrect. This is one of the elements of good program change control. Answer (b) is incorrect. Testing of new applications by users is one of the most important controls to help prevent computer fraud. Answer (c) is incorrect. An adequate control structure over program changes is one of the most important control procedures in a computerized environment. Answer (d) is the correct answer. This would be the least important control procedure. The analyst is responsible for communicating the nature of the design to the programmer. There is no control reason not to combine these functions.

Question: V2C4-0047
During a regularly scheduled IT audit of a major division, the IT auditor discovers a complicated programming algorithm that adds costs to a cost-plus program billing the government. The amount added accounted for 95% of the net income for the division for the most recent year. Upon further investigation, the IT auditor finds that only the marketing manager, the divisional manager, and the programmer know of the algorithm. The company has a separate section to investigate fraud. The auditor communicates with management and the special investigation section, and the investigation is turned over to that group. However, after a month, it becomes apparent that senior management has instructed the group to not make waves and to drop the investigation. The internal audit department should

Answers
A: Immediately report the circumstances and the IT auditor's findings to the audit committee. B: Immediately report the circumstances and the IT auditor's findings to the appropriate governmental regulatory agency because the auditor cannot knowingly be a party to an illegal act. C: Take no further action. The nature of the fraud has been reported to the proper authorities within the company and the auditor has no power to pursue the investigation further. D: Report the findings to the external auditor because the external auditor should be aware of any material misstatement of account balances.

Answer Explanations
Answer (a) is the correct answer. The auditor cannot knowingly be a party to any illegal act. If the auditor does not do anything, he or she might be perceived as a party. The auditor should report the problem directly to the audit committee and await its decision as to further action to be taken. Answer (b) is incorrect. Although the action recommended is necessary to ultimately disassociate the auditor from

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 55 of 262

the fraud, alternatives within the organization should be pursued first. That alternative is represented in response (a). Answer (c) is incorrect. Doing nothing is not acceptable. The auditor could be perceived as a party to the fraud if no action is taken. Answer (d) is incorrect. The auditor is not required to report the finding to the external auditor, but should be free to communicate the problem if the external auditor makes an inquiry.

Question: V2C4-0048
Which of the following statements correctly characterize(s) the red flags literature that has recently developed in the auditing profession? I. Red flags are items or actions that have been associated with fraudulent conduct. II. The auditor should document all red flags that may have been noted on an audit engagement. III. Many red flags are subjective in nature and might not come to the auditors attention during the course of an audit that is properly planned and conducted in accordance with the Standards.

Answers
A: I and II. B: I and III. C: II and III. D: III only.

Answer Explanations
Answer (a) is incorrect. The auditor is to be alert to red flags and should investigate any situations that might include potential fraud. But the auditor is not required to document all personal red flags, for example, excessive gambling debts or excessive living style. The requirement to document these red flags is pertinent only when the auditor continues a fraud investigation or the item is pertinent to a particular audit finding. Answer (b) is the correct answer. Red flags are associated with fraudulent conduct. However, many red flags are personal in nature and would not necessarily come to the attention of the auditor. These would include items such as excessive living style by a manager, excessive gambling, and so on. Answer (c) is incorrect because Item II is not required. Answer (d) is incorrect because item I is also a correct statement.

Question: V2C4-0049
An employee of an insurance company processed a fraudulent policy loan application for an amount less than the established level requiring supervisory review. The employee then obtained the check and cashed it by forging the endorsement. To prevent the loans appearance on a subsequent policyholder statement, the loan amount was transferred to a suspense account. Which of the following should expose this situation at the earliest date?

Answers
A: A computer report identifying unusual entries to the suspense account.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 56 of 262

B: The use of prenumbered checks which are periodically accounted for. C: An annual internal audit. D: Regular reconciliation of the "suspense" account performed by an independent employee.

Answer Explanations
Answer (a) is the correct answer. A programmed computer output notification identifying unusual entries would identify the write off of the payees account to suspense as an unusual item immediately when it occurs. Answer (b) is incorrect because this is a good control procedure. Answer (c) is incorrect. The annual internal audit may detect the fraud, but it is unlikely to do so because of the small amount involved. In any case the timing of the internal audit may delay discovery. Answer (d) is incorrect. Regular reconciliation of the suspense account would occur at a date later than the computer output notification.

Question: V2C4-0050
The primary purpose of operating a fraud hotline within a company is to

Answers
A: Reduce total costs of operating the company. B: Measure how well organizational units are achieving the organization's goals. C: Establish channels of communication for people to report suspected improprieties. D: Concentrate on areas that deserve attention and to place less attention on areas operating as expected.

Answer Explanations
Answer (a) is incorrect. Performance measures focus on reducing the total costs of the company as a whole. Answer (b) is incorrect. Responsibility accounting is concerned with measuring how well organizational members are achieving the organizations goals. Answer (c) is the correct answer. Fraud hotlines may identify areas where existing internal controls need to be modified or enhanced. Answer (d) is incorrect. Management by exception concentrates on areas that deserve attention and places less attention on areas operating as expected.

Question: V2C4-0051
A programmer accumulating round-off errors into one account that is later accessed by the programmer is a type of computer fraud. The best way to prevent this type of fraud is to

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 57 of 262

A: Build in judgment with reasonableness tests. B: Independently test programs during development and limit access to the programs. C: Segregate duties of systems development and programming. D: Use control totals and check the results of the computer.

Answer Explanations
Answer (a) is incorrect. Reasonableness tests will not overcome this error, since in this particular type of fraud all the amounts will balance. Answer (b) is the correct answer. The accumulation of round-off errors into one persons account is a procedure written into the program. Independent testing of a program will lead to discovery of this programmed fraud. If access to programs was not limited, it would be possible for a programmer to change a program without approval. Answer (c) is incorrect. Segregation of duties between systems development and programming would not generally prevent this type of error, since programmers possess the skills required to construct the program. Unless the controls outlined in choice (b) are present, the fraud would go undetected. Answer (d) is incorrect. Since the particular fraud results in a balanced entry, control totals would not detect the fraud.

Question: V2C4-0052
Which of the following statements is(are) correct regarding the deterrence of fraud? I. The primary means of deterring fraud is through an effective control system initiated by top management. II. Internal auditors are responsible for assisting in the deterrence of fraud by examining and evaluating the adequacy of the control system. III. Internal auditors should determine whether communication channels provide management with adequate and reliable information regarding the effectiveness of the control system and the occurrence of unusual transactions.

Answers
A: I only. B: I and II only. C: II only. D: I, II, and III.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (d) is the correct answer. All three items are correct statements according to the IIA Standards.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 58 of 262

Question: V2C4-0053
A significant employee fraud took place shortly after an internal audit. The Internal auditor may not have properly fulfilled the responsibility for the deterrence of fraud by failing to note and report that

Answers
A: Policies, practices, and procedures to monitor activities and safeguard assets were less extensive in low-risk areas than in high-risk areas. B: A system of control that depended on separation of duties could be circumvented by collusion among three employees. C: There were no written policies describing prohibited activities and the action required whenever violations are discovered. D: Divisional employees had not been properly trained to distinguish between bona fide signatures and cleverly forged ones on authorization forms.

Answer Explanations
Answer (a) is incorrect. On a cost/benefit basis, it is entirely reasonable to have more extensive control policies, practices, and procedures in high-risk areas. Answer (b) is incorrect. Even the best of internal control systems can often be circumvented by collusion. Answer (c) is the correct answer. In carrying out its responsibility for the deterrence of fraud, internal auditing should determine whether such written policy statements exist. Answer (d) is incorrect. Forgeries, like collusion, can circumvent even the best of internal control systems.

Question: V2C4-0054
Fraudulent use of corporate credit cards would be minimized by which of the following internal control procedures?

Answers
A: Establishing a corporate policy on the issuance of credit cards to authorized employees. B: Reviewing the validity of credit card need at executive and operating levels on a periodic basis. C: Reconciling the monthly statement from the credit card company with the submitted copies of the cardholders' charge slips. D: Subjecting credit card charges to the same expense controls as those used on regular company expense forms.

Answer Explanations
Answer (a) is incorrect. Establishing a corporate policy on the issuance of credit cards does nothing to prevent

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 59 of 262

fraudulent usage by those authorized to use company cards. Answer (b) is incorrect. This procedure helps ensure the validity of issuance rather than usage within prescribed limitations. Answer (c) is incorrect. Reconciling the monthly statement with the cardholders charge slips would determine that the amount of the separate charge items and the vendor codes were in agreement. However, amounts charged may exceed authorized limits and amounts incurred may not be business related. The same expense controls should be applied to charge transactions as those applied to currency. Answer (d) is the correct answer. Subjecting credit card expenses to the same controls used in processing similar expense reports. In this way, per diems and authorization limits would be reviewed.

Question: V2C4-0055
A fraud was perpetrated in a moderate-sized company when the accounting clerk was delegated too much responsibility. During the year, the company switched suppliers of a service to a new vendor. The accounting clerk continued to submit fraudulent invoices from the old supplier. Because contracting for services and approval of supplier invoices had been delegated to the clerk, it was possible for her to continue billings from the old supplier and deposit the subsequent checks, which she was responsible to mail, into a new account she opened in the name of the old supplier. The clerk was considered an excellent employee and eventually was improperly given the added responsibility of preparing the department budgets. This added responsibility allowed her to actually budget for the amount of the fraudulent payments. Analytical tests can be useful in detecting frauds. Which of the following analytical procedures would most likely have signaled the existence of the fraud?

Answers
A: Current production with prior period production. B: Current and prior period service expenses. C: Budget to actual service expense. D: Company cost of goods sold to industry cost of goods sold.

Answer Explanations
Answer (a) is incorrect. Comparison of production totals would not provide information concerning suppliers or the amount of materials used. Answer (b) is the correct answer. Period-to-period analysis of expenses would have shown a sudden increase in material costs. Answer (c) is incorrect. At the time the fraud was uncovered, the amount taken was included in the organizations budget. Answer (d) is incorrect. The service may not have been part of cost of goods sold, but if so, comparison to industry averages is not as likely to reveal the extra cost as is comparison of company data period to period.

Question: V2C4-0056
A fraud was perpetrated in a moderate-sized company when the accounting clerk was delegated too much responsibility. During the year, the company switched suppliers of a service to a new vendor. The accounting clerk continued to submit fraudulent invoices from the old supplier. Because contracting for services and approval of

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 60 of 262

supplier invoices had been delegated to the clerk, it was possible for her to continue billings from the old supplier and deposit the subsequent checks, which she was responsible to mail, into a new account she opened in the name of the old supplier. The clerk was considered an excellent employee and eventually was improperly given the added responsibility of preparing the department budgets. This added responsibility allowed her to actually budget for the amount of the fraudulent payments. Which of the following controls would be least likely to prevent or detect the fraud described above?

Answers
A: Require authorization of payments by someone other than the clerk negotiating the contract. B: Comparison by person signing checks of invoices to an independent verification of services received. C: Budget preparation by someone other than person signing contract and approving payment. D: Mailing of check by someone other than persons responsible for check signing or invoice approval.

Answer Explanations
Answer (a) is incorrect. Separating contracting for service and approval of invoices would have prevented the fraud. Answer (b) is incorrect. An independent verification of services received, reviewed by the check signor, would have prevented payment for services not received. Answer (c) is incorrect. Independent budget preparation would have allowed an actual to budget comparison to detect the payments. Answer (d) is the correct answer. Once invoices have been approved and checks are prepared and signed, the mailing of the check by an independent person provides no means of preventing improper payments.

Question: V2C4-0057
A fraud was perpetrated in a moderate-sized company when the accounting clerk was delegated too much responsibility. During the year, the company switched suppliers of a service to a new vendor. The accounting clerk continued to submit fraudulent invoices from the old supplier. Because contracting for services and approval of supplier invoices had been delegated to the clerk, it was possible for her to continue billings from the old supplier and deposit the subsequent checks, which she was responsible to mail, into a new account she opened in the name of the old supplier. The clerk was considered an excellent employee and eventually was improperly given the added responsibility of preparing the department budgets. This added responsibility allowed her to actually budget for the amount of the fraudulent payments. Which of the following audit procedures would most likely lead to the detection of the fraud?

Answers
A: Take a sample of paid invoices and verify receipt of services by departments involved. B: Trace a sample of checks disbursed to approved invoices for services. C: Perform bank statement reconciliation and account for all outstanding checks. D: Trace a sample of receiving documents to invoices and to checks disbursed.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 61 of 262

Answer Explanations
Answer (a) is the correct answer. Confirming with the using department the receipt of services that have been paid for would uncover the fraud. Answer (b) is incorrect. The clerk approved the fraudulent invoices, and an approved invoice would therefore support each check. Answer (c) is incorrect. Bank statement reconciliations do not test the validity of the cash payments. Answer (d) is incorrect. The test begins with valid receiving reports; the fraudulent payments would not be detected.

Question: V2C4-0058
A production manager for a moderate-sized manufacturing company began ordering excessive raw materials and had them delivered to a wholesale company he runs as a side business. He falsified receiving documents and approved the invoices for payment. Which of the following audit procedures would most likely detect this fraud?

Answers
A: Take a sample of cash disbursements; compare purchase orders, receiving reports, invoices, and check copies. B: Take a sample and confirm the amount purchased, purchase price, and date of shipment with the vendors. C: Observe the receiving dock and count material received; compare your counts to receiving reports completed by receiving personnel. D: Prepare analytical tests, comparing production, material purchased, and raw material inventory levels and investigate differences.

Answer Explanations
Answer (a) is incorrect. Because documents are falsified, all supporting documents would match for each cash disbursement. Answer (b) is incorrect. Vendors would confirm all transactions, because all have been made. Answer (c) is incorrect. Fraudulent orders are shipped to another location; the receiving dock procedures would appear correct. Answer (d) is the correct answer. Because materials are shipped and used in another business, the analytic comparisons would show an unexplained increase in materials used.

Question: V2C4-0059
A purchasing agent acquired items for personal use with company funds. The company allowed designated employees to purchase as much as $250 per day in merchandise under open-ended contracts. Supervisory approval of the purchases was required, but that information was not communicated to the vendor. Instead of reviewing and authorizing each purchase order, supervisors routinely signed the authorization sheet at the end of the month without reviewing any of the supporting documentation. Since purchases of this nature were not subject to normal company receiving policies, the dishonest employee picked up the supplies at the vendors warehouse. All

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 62 of 262

purchases were for items routinely ordered by the company. During the past year, the employee amassed enough merchandise to start a printing and photography business. Which of the following internal controls would have been most effective in preventing this fraud?

Answers
A: Allowing purchases only from a list of preapproved vendors. B: Requiring the use of prenumbered purchase orders for all purchases of merchandise. C: Canceling supporting documents, such as purchase orders and receiving reports, at the time invoices are paid. D: Establishing separation of duties between the ordering and receiving of merchandise.

Answer Explanations
Answer (a) is incorrect. There is nothing suggesting inappropriate actions by the vendor or collusion between the vendor and the dishonest employee. Answer (b) is incorrect. Purchase orders are being issued by the dishonest employee, who has the authority to do so. They may be prenumberedthat would not prevent him from engaging in this fraud. Answer (c) is incorrect. This control is to prevent the same document from being used to support two identical payments; that is not the case here. Answer (d) is the correct answer. If the supplies in question had been sent to the company and a receiving report had been signed by an employee other than the one ordering them, the fraud could not have occurred.

Question: V2C4-0060
A purchasing agent acquired items for personal use with company funds. The company allowed designated employees to purchase as much as $250 per day in merchandise under open-ended contracts. Supervisory approval of the purchases was required, but that information was not communicated to the vendor. Instead of reviewing and authorizing each purchase order, supervisors routinely signed the authorization sheet at the end of the month without reviewing any of the supporting documentation. Since purchases of this nature were not subject to normal company receiving policies, the dishonest employee picked up the supplies at the vendors warehouse. All purchases were for items routinely ordered by the company. During the past year, the employee amassed enough merchandise to start a printing and photography business. Which of the following audit procedures performed by the internal auditor would be most effective in leading to the discovery of this fraud?

Answers
A: Tracing selected canceled checks to the cash payments journal and to the related vendors' invoices. B: Performing a trend analysis of printing supplies expenses for a two-year period. C: Tracing prices and quantities on selected vendors' invoices to the related purchase orders. D: Recomputing the clerical accuracy of selected vendors' invoices, including discounts and sales taxes.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 63 of 262

Answer Explanations
Answer (a) is incorrect. There is a legitimate vendors invoice for each cash payment related to this fraud. Answer (b) is the correct answer. Analytical procedures would identify an excess use of supplies. Answer (c) is incorrect. There is nothing in this scenario that would cause the invoice prices or quantities to be different from those on the purchase order prepared by the dishonest employee. Answer (d) is incorrect. Recomputations prove accuracy of invoices, but do not detect fraud.

Question: V2C4-0061
A purchasing agent acquired items for personal use with company funds. The company allowed designated employees to purchase as much as $250 per day in merchandise under open-ended contracts. Supervisory approval of the purchases was required, but that information was not communicated to the vendor. Instead of reviewing and authorizing each purchase order, supervisors routinely signed the authorization sheet at the end of the month without reviewing any of the supporting documentation. Since purchases of this nature were not subject to normal company receiving policies, the dishonest employee picked up the supplies at the vendors warehouse. All purchases were for items routinely ordered by the company. During the past year, the employee amassed enough merchandise to start a printing and photography business. Once the internal auditor becomes reasonably certain that this defalcation is taking place, what should the auditor do next?

Answers
A: Immediately report the matter to the appropriate law enforcement official, since a potential felony is involved. B: Say nothing now, but include a description of the suspected defalcation in the audit. C: Immediately report the matter to the appropriate level of management. D: Immediately discuss the matter with the employee suspected of the defalcation in order to confirm the audit findings.

Answer Explanations
Answer (a) is incorrect. The Standards state that internal auditors are not responsible for notifying outside authorities of suspected wrongdoing. Answer (b) is incorrect. A delay in reporting the suspected defalcation will allow it to continue and/or give the suspected dishonest employee time to destroy or conceal important evidence. Answer (c) is the correct answer. The IIA Standards state: When an internal auditor suspects wrongdoing, the appropriate authorities within the organization should be informed. Answer (d) is incorrect. Once the dishonest employee knows that he or she is suspected, the person has an opportunity to destroy or to conceal important evidence or to flee to avoid apprehension.

Question: V2C4-0062
Management discovers that a supervisor at one of their restaurant locations removes excess cash and resets sales totals throughout the day on the point-of-sale (POS) system. At closing the supervisor deposits cash equal to the

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 64 of 262

recorded sales on the POS system and keeps the rest. The supervisor forwards the close-of-day POS reports from the POS system along with a copy of the bank deposit slip to the companys revenue accounting department. The revenue accounting department records the sales and the cash for the location in the general ledger and verifies the deposit slip to the bank statement. Any differences between sales and deposits are recorded in an over/short account and, if necessary, followed up with the location supervisor. The customer food order checks are serially numbered, and it is the supervisors responsibility to see that they are accounted for at the end of each day. Customer checks and the transaction journal tapes from the POS system are kept by the supervisor for one week at the location and then destroyed. Which of the following control procedures allowed the fraud to occur?

Answers
A: The accounting of customer food checks by the supervisor. B: The deposit of cash receipts by the supervisor. C: The matching of the bank deposit slips to the bank statement by revenue accounting. D: The forwarding of the close-of-day POS reports to revenue accounting.

Answer Explanations
Answer (a) is the correct answer. An inappropriate segregation of duties was created when responsibility for accounting for customer food checks and the depositing of receipts was given to the supervisor. Answer (b) is incorrect. The depositing of receipts by the supervisor by itself is not the problem; it is the access to cash and ability to reset POS totals throughout the day that allowed the fraud. Answer (c) is incorrect. This is an independent verification of the deposits made by the supervisor. Answer (d) is incorrect. This is a step in the process of independently verifying sales.

Question: V2C4-0063
Management discovers that a supervisor at one of their restaurant locations removes excess cash and resets sales totals throughout the day on the point-of-sale (POS) system. At closing the supervisor deposits cash equal to the recorded sales on the POS system and keeps the rest. The supervisor forwards the close-of-day POS reports from the POS system along with a copy of the bank deposit slip to the companys revenue accounting department. The revenue accounting department records the sales and the cash for the location in the general ledger and verifies the deposit slip to the bank statement. Any differences between sales and deposits are recorded in an over/short account and, if necessary, followed up with the location supervisor. The customer food order checks are serially numbered, and it is the supervisors responsibility to see that they are accounted for at the end of each day. Customer checks and the transaction journal tapes from the POS system are kept by the supervisor for one week at the location and then destroyed. Which of the following audit procedures would have detected the fraud?

Answers
A: Flowcharting the controls over the verification of bank deposit. B: Comparing a sample of the close of day POS reports to copies of the bank deposit slips.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 65 of 262

C: On a test basis, verifying that the serial-numbered customer food checks are accounted for. D: For selected days, reconciling the total of customer food checks to daily bank deposits.

Answer Explanations
Answer (a) is incorrect. The fraud involved receipts, not deposits. Answer (b) is incorrect. The fraud involved altering the amounts on the close-of-day POS reports by resetting the POS system totals to zero. Answer (c) is incorrect. The accounting for individual customer food checks would not have detected the fraud because it did not involve manipulation of these devices. Answer (d) is the correct answer. Using the total of the customer food checks as a confirmation of sales would have detected the shortage in the bank deposit.

Question: V2C4-0064
The IIA Standards require internal auditors to have knowledge about factors (red flags) that have proven to be associated with management fraud. Which of the following factors have generally not been associated with management fraud?

Answers
A: Generous performance-based reward systems. B: A domineering management. C: Regular comparison of actual results to budgets. D: A management preoccupation with increased financial performance.

Answer Explanations
Answer (a) is incorrect. Generous reward systems can lead managers to falsify records so that rewards can be achieved. Answer (b) is incorrect. Domineering management cause managers to falsify records so as to meet the demands of upper management. Answer (c) is the correct answer. Regular actual to budget comparisons encourage performance and detect problems before they become too large. Answer (d) is incorrect. Preoccupation with increased financial performance can cause management to falsify records to show increased performance.

Question: V2C4-0065
A personnel department is responsible for processing placement agency fees for new hires. A recruiter established some bogus placement agencies and, when interviewing walk-in applicants, the recruiter would list one of the bogus agencies as referring the candidate. A possible means of detection or deterrence is to

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 66 of 262

A: Process all personnel agency invoices via a purchase order through the purchasing department. B: Verify new vendors to firms listed in a professional association catalog and/or verify the vendor name and address through the telephone book. C: Monitor the closeness of the relationships of recruiters with specific vendors. D: Require all employees to sign an annual conflict of interest statement.

Answer Explanations
Answer (a) is incorrect. Invoices being processed through purchasing will not add any additional controls. Purchasing would have to make an independent source selection of the vendor. Answer (b) is the correct answer. This type of checking would prove that the agency is a genuine one. Answer (c) is incorrect. This is not practical for all employees. The degree of closeness in itself is not a conflict nor might it be subject to scrutiny. Answer (d) is incorrect. If a person was unethical, he or she probably would not disclose any illegal activity that the person is processing through the company.

Question: V2C4-0066
Experience has shown that certain conditions in an organization are symptoms of possible management fraud. Which of the following conditions would not be considered an indicator of possible fraud?

Answers
A: Managers regularly assume subordinates' duties. B: Managers dealing in matters outside their profit center's scope. C: Mangers not complying with corporate directives and procedures. D: Managers subject to formal performance reviews on a regular basis.

Answer Explanations
Answer (a) is incorrect because it is a symptom of possible fraud. Answer (b) is incorrect because it is a symptom of possible fraud. Answer (c) is incorrect because it is a symptom of possible fraud. Answer (d) is the correct answer. This would be an internal control strength.

Question: V2C4-0067
Which of the following is an indicator of possible financial reporting fraud being perpetrated by management of a manufacturer?

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 67 of 262

Answers
A: A trend analysis discloses (1) sales increases of 50% and (2) cost of goods sold increases of 25%. B: A ratio analysis discloses (1) sales of $50 million and (2) cost of goods sold of $25 million. C: A cross-sectional analysis of common size statements discloses: (1) the firm's ratio of cost of goods sold to sales is 0.4 and (2) the industry average ratio of cost of goods sold to sales is 0.5. D: A cross-sectional analysis of common size statements discloses: (1) the firm's ratio of cost of goods sold to sales is 0.5 and (2) the industry average ratio of cost of goods sold to sales is 0.4.

Answer Explanations
Answer (a) is the correct answer. A 50% increase in sales supported by a 25% increase in cost of goods sold is either fortuitous or fraudulent. Increases in sales are usually accompanied by close to proportional increases in cost of goods sold. Examples of situation in which increases in sales can be disproportionately larger than increases in cost of goods sold include: (1) operations within the realm of economies of scale (increasing returns to scale) and (2) the introduction of a highly accepted fashion item. Cases where disproportionately large sales increases indicate fraudulent conduct include: (1) collusion by the host firms sales personnel and the buying firms purchasing personnel and (2) collusion by members of two departments within the host firm, such as sales and transportation. Since the internal auditor would not know whether the disproportionately large increase in sales is legitimate, the auditor should view this as an indicator of possible fraud. Answer (b) is incorrect. Sales of $50 million and cost of goods sold of $25 million yield a gross profit margin (GPM) of 50%. Manufacturers can expect a range of 40 to 60% on this ratio. Answer (c) is incorrect. These data indicate an industry GPM of 0.5 and host firm GPM of 0.4. The greater GPM realized by the host firm may result from any number of reasonable causes. These include: (1) greater efficiencies exercised by the host firm, (2) greater sales effort (or a more highly accepted product), and (3) measurement errors. Answer (d) is incorrect. These data indicate an industry GPM of 0.4 and a host firm GPM of 0.5. The lower GPM realized by the host firm may result from such causes as: (1) host firm inefficiencies, (2) less acceptance of host firm product or less sales effort, and (3) measurement errors.

Question: V2C4-0068
Which of the following might be considered a red flag indicating possible fraud in a large manufacturing company with several subsidiaries?

Answers
A: The existence of a financial subsidiary. B: A consistent record of above average return on investment for all subsidiaries. C: Complex sales transactions and transfers of funds between affiliated companies. D: Use of separate bank accounts for payrolls by each subsidiary.

Answer Explanations
Answer (a) is incorrect. Mere existence does not indicate fraud.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 68 of 262

Answer (b) is incorrect. A consistent record of above-average return on investment can be an indication of good management. Answer (c) is the correct answer. Experience shows that such transfers are often used in fraud schemes. This is the only red flag among the options. Answer (d) is incorrect. Use of separate bank accounts is normal and convenient.

Question: V2C4-0069
A subsidiary president terminated a controller and hired a replacement without the required corporate approvals. Sales, cash flow, and profit statistics were then manipulated by the new controller and president via accelerated depreciation and sale of capital assets to obtain larger performance bonuses for the controller and the subsidiary president. An approach that might detect this fraudulent activity would be

Answers
A: Analysis of overall management control for segregation of duties. B: Required exit interviews for all terminated employees. C: Periodic changes of outside public accountants. D: Regular analytical review of operating divisions.

Answer Explanations
Answer (a) is incorrect. Analysis of segregation of duties will not detect fraudulent activity; it only shows areas where opportunity exists. Answer (b) is incorrect. Exit interviews are not as effective at the officer level, since most individuals will not want to compromise severance arrangements. Answer (c) is incorrect. Changing outside auditors coverage of divisions will not mandate better due diligence reviews. Answer (d) is the correct answer. Analytical review of the divisions would reveal trends that might indicate fraud.

Question: V2C4-0070
Bank management suspects that a bank loan officer frequently made loans to fictitious companies, disbursed loan proceeds to personally established accounts, and then let the loans go into default. Some pertinent facts about the loan officer include A high standard of living, explained as the result of sound investments and not taking vacations An expensive personal car obtained through business contacts Gasoline and repair bills submitted for an assigned company car that is higher than company average (mileage logs were submitted on a quarterly basis) Marked annoyance with questions from auditors In this situation, typical indicators of the suspected fraud would include all of the following except:

Answers
A: Not taking an annual vacation.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 69 of 262

B: Becoming easily annoyed with auditor inquiries about questionable loans. C: Explaining a high standard of living as the result of investments. D: Submitting gasoline and repair bills that are higher than company average.

Answer Explanations
Answer (a) is incorrect. Not taking an annual vacation is a fraud indicator. Answer (b) is incorrect. Becoming easily annoyed with auditor questions is a fraud indicator. Answer (c) is incorrect. Explaining a high standard of living is a fraud indicator. Answer (d) is the correct answer. Answer (d) is not correlated to making fraudulent loans.

Question: V2C4-0071
Bank management suspects that a bank loan officer frequently made loans to fictitious companies, disbursed loan proceeds to personally established accounts, and then let the loans go into default. Some pertinent facts about the loan officer include A high standard of living, explained as the result of sound investments and not taking vacations An expensive personal car obtained through business contacts Gasoline and repair bills submitted for an assigned company car that is higher than company average (mileage logs were submitted on a quarterly basis) Marked annoyance with questions from auditors The most appropriate trend analysis to indicate this potential fraud is

Answers
A: Loan default rates by loan officer. B: Accumulation of unpaid vacation days. C: Automobile operating expenses by loan officer. D: Total dollar volume of loans by loan officer.

Answer Explanations
Answer (a) is the correct answer. Trend analysis would detect an increase in the default rate due to bogus loans. Answer (b) is incorrect. Trend analysis would not detect annual vacation not taken. Answer (c) is incorrect. Although trend analysis could detect higher-than-average expenses for operation of the company car, it has no relationship to suspected fraudulent loans. Answer (d) is incorrect. Total dollar value of loans made would not correlate to fraudulent loans.

Question: V2C4-0072
Bank management suspects that a bank loan officer frequently made loans to fictitious companies, disbursed loan proceeds to personally established accounts, and then let the loans go into default. Some pertinent facts about the

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 70 of 262

loan officer include A high standard of living, explained as the result of sound investments and not taking vacations An expensive personal car obtained through business contacts Gasoline and repair bills submitted for an assigned company car that is higher than company average (mileage logs were submitted on a quarterly basis) Marked annoyance with questions from auditors The extent of loans made to fictitious borrowers by the loan officer could best be determined by

Answers
A: Reviewing a representative sample of the loan officer's transactions for compliance with bank policies and procedures. B: Reviewing a representative sample of loan files for properly completed documents, such as loan agreements, credit approvals, and approval of secured collateral. C: Comparing current loan approval balances with those of prior years. D: Requesting positive confirmations for all outstanding loans made by the loan officer.

Answer Explanations
Answer (a) is incorrect. A compliance audit would not show which loans were made to fictitious borrowers. Answer (b) is the correct answer. Secured collateral would be difficult to obtain. Answer (c) is incorrect because the loan officers level of activity might be higher or lower without regard to fraudulent activity. Answer (d) is incorrect because the perpetrator could easily make positive account confirmations.

Question: V2C4-0073
Bank management suspects that a bank loan officer frequently made loans to fictitious companies, disbursed loan proceeds to personally established accounts, and then let the loans go into default. Some pertinent facts about the loan officer include A high standard of living, explained as the result of sound investments and not taking vacations An expensive personal car obtained through business contacts Gasoline and repair bills submitted for an assigned company car that is higher than company average (mileage logs were submitted on a quarterly basis) Marked annoyance with questions from auditors The above fraud would least likely be discovered by

Answers
A: Analyses of the number of loans made by each loan officer. B: Analysis of total dollar volume of loans by loan officer. C: External or internal audits of loan files.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 71 of 262

D: Reconciliation of total loans outstanding to the general ledger balance.

Answer Explanations
Answer (a) is incorrect because this procedure has some possibility of detecting fraud. Answer (b) is incorrect because this procedure has some possibility of detecting fraud. Answer (c) is incorrect because this procedure has some possibility of detecting fraud. Answer (d) is the correct answer. Reconciling outstanding loans to the general ledger would be least likely to discover this fraud.

Question: V2C4-0074
Which of the following policies is most likely to result in an environment conducive to the occurrence of fraud?

Answers
A: Budget preparation input by the employees who are responsible for meeting the budget. B: Unreasonable sales and production goals. C: The division's hiring process frequently results in the rejection of adequately trained applicants. D: The application of some accounting controls on a sample basis.

Answer Explanations
Answer (a) is incorrect. Participatory budgeting can reduce antagonism to budgets and reduce the likelihood of inappropriate means of meeting the budget. Answer (b) is the correct answer. A prod to achieve an unrealistically high sales or production quota can become a prod to falsify the records so that it appears the quota has been met. Answer (c) is incorrect. First, hiring policies should be based on factors other than adequate trainingsuch as the applicants personal integrity. Second, in many labor markets the large number of applicants may make cause rejection of qualified ones to be unavoidable. Answer (d) is incorrect. Under the reasonable assurance concept, the cost of controls should not exceed their benefits. It is quite possible that, in some areas, the additional cost of applying controls to all relevant transactions, rather than just a sample of them, may be greater than the resultant savings.

Question: V2C4-0075
Internal auditors must exercise due care if they are to meet their responsibilities for fraud detection. Thus, the existence of certain conditions should raise red flags and arouse auditors professional skepticism concerning possible fraud. Which of the following is most likely to be considered an indication of possible fraud?

Answers
A: A new management team installed as the result of a takeover.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 72 of 262

B: Rapid turnover of financial executives. C: Rapid expansion into new markets. D: An Internal Revenue Service audit of tax returns.

Answer Explanations
Answer (a) is incorrect. This is not unusual and, in and of itself, is not an indication of possible fraud. Answer (b) is the correct answer. This is considered a red flag that indicates possible fraud. Answer (c) is incorrect. This is not unusual and, in and of itself, is not an indication of possible fraud. Answer (b) is incorrect. This is not unusual and, in and of itself, is not an indication of possible fraud.

Question: V2C4-0076
In order for internal auditors to be able to recognize potential fraud, they must be aware of the basic characteristics of fraud. Which of the following is not a characteristic of fraud?

Answers
A: Intentional deception. B: Taking unfair or dishonest advantage. C: Perpetration for the benefit or detriment of the organization. D: Negligence on the part of executive management.

Answer Explanations
Answer (a) is incorrect because this is a characteristic of fraud. Answer (b) is incorrect because this is a characteristic of fraud. Answer (c) is incorrect because this is a characteristic of fraud. Answer (d) is the correct answer. Negligence is not fraud because it does not involve willful wrongdoing.

Question: V2C4-0077
Auditors have been advised to look at red flags to determine whether management is involved in a fraud. Which of the following does not represent a difficulty in using the red flags as fraud indicators?

Answers
A: Many common red flags are also associated with situations where no fraud exists.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 73 of 262

B: Some red flags are difficult to quantify or to evaluate. C: Red flag information is not gathered as a normal part of an audit engagement. D: The red flags literature is not well enough established to have a positive impact on auditing.

Answer Explanations
Answer (a) is incorrect. This is a difficulty in using red flags. Red flags are developed through correlation analysis, not necessarily causation analysis. Answer (b) is incorrect. Many red flags, such as managements attitude, are difficult to quantify. Answer (c) is incorrect. When performing an audit, internal auditors should be alert to the possibility of intentional wrongdoing, errors, omissions, inefficiency, waste, ineffectiveness, and conflicts of interest. Answer (d) is the correct answer. This is not a difficulty. The red flags literature is well established. Although red flags will be refined in the future as research is done, this does not preclude their effective use.

Question: V2C4-0078
Management of a nonprofit organization has been monitoring spending and is concerned because payments to some vendors appear to be unusually high. Most purchases are made through the purchasing function, which is organized around three buyers, each with defined purchasing areas. The purchasing agents place the purchase orders and receive copies of receiving reports to ensure goods are received. They review the reports and compare them with the purchase orders before sending the items to accounts payable with their approval for payment. All vendor invoices are sent directly to accounts payable even though receiving reports first go through the purchasing agents. The organization has a policy of requiring three bids on all purchases that exceed $10,000. Which of the following, if observed, would not indicate the need to search for other indicators of fraud?

Answers
A: The standard of living of one of the purchasing agents has increased. B: The internal control structure has significant weaknesses. C: Management, at the purchasing agents' request, has adopted a policy of paying vendors on a more timely basis to avoid incurring penalty charges. D: The cost of goods procured seems to be excessive in comparison with previous years.

Answer Explanations
Answer (a) is incorrect. This is generally considered a red flag, which is most indicative of possible fraud. Answer (b) is incorrect. Significant deficiencies are one of the major factors associated with fraud. Answer (c) is the correct answer. This, by itself, would not be considered a red flag. It represents a valid business reason for more timely payment. Answer (d) is incorrect. An unexpected, and unusual, increase in costs could be considered a red flag.

Question: V2C4-0079
file://C:\Program Files\Wiley\CIAExam\Print.htm 1/20/2010

Wiley CIA 2006 v1

Page 74 of 262

Management of a nonprofit organization has been monitoring spending and is concerned because payments to some vendors appear to be unusually high. Most purchases are made through the purchasing function, which is organized around three buyers, each with defined purchasing areas. The purchasing agents place the purchase orders and receive copies of receiving reports to ensure goods are received. They review the reports and compare them with the purchase orders before sending the items to accounts payable with their approval for payment. All vendor invoices are sent directly to accounts payable even though receiving reports first go through the purchasing agents. The organization has a policy of requiring three bids on all purchases that exceed $10,000. Which of the following statements regarding the internal auditors responsibility for detecting fraud in the environment described in the scenario above is not correct? The auditor should

Answers
A: Detect fraud if red flags are present in the environment. B: Have sufficient knowledge to correctly identify indicators that fraud may have been committed. C: Identify control weaknesses that could allow fraud to occur. D: Evaluate the indicators of fraud sufficiently to determine if a fraud investigation should take place.

Answer Explanations
Answer (a) is the correct answer. The presence of red flags does not make the auditor responsible for detecting fraud. Answer (b) is incorrect because it is a responsibility identified in the IIA Standards. Answer (c) is incorrect because it is a responsibility identified in the IIA Standards. Answer (d) is incorrect because it is a responsibility identified in the IIA Standards.

Question: V2C4-0080
Management of a nonprofit organization has been monitoring spending and is concerned because payments to some vendors appear to be unusually high. Most purchases are made through the purchasing function, which is organized around three buyers, each with defined purchasing areas. The purchasing agents place the purchase orders and receive copies of receiving reports to ensure goods are received. They review the reports and compare them with the purchase orders before sending the items to accounts payable with their approval for payment. All vendor invoices are sent directly to accounts payable even though receiving reports first go through the purchasing agents. The organization has a policy of requiring three bids on all purchases that exceed $10,000. Management has requested that the auditor investigate the possibility of kickbacks going to a purchasing agent. Which of the following procedures would be least effective in addressing managements concern?

Answers
A: Confirm all contract terms with vendors. B: Analyze, by purchasing agent, all increases in cost of procured goods from specific vendors. C: Take a statistical sample of goods purchased and compare purchase prices for goods with those of

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 75 of 262

other sources of similar goods, such as other companies or catalogs. D: Observe any changes in the lifestyles or individual consumption habits of the purchasing agents involved.

Answer Explanations
Answer (a) is the correct answer. This would be the least useful procedure because the contract terms are already known. The confirmation would have to be expanded to inquire as to whether pressure was brought to bear by the purchasing agent to generate kickbacksand that approach would be successful only if the kickbacks were initiated by the purchasing agent rather than the vendor. Answer (b) is incorrect. This would be the best procedure to gather more insight as to what products and which purchasing agent might be involved. It would be an important first step. Answer (c) is incorrect. This would provide information on excess purchase prices. Answer (d) is incorrect. Most (although not all) frauds are accompanied by changes in lifestyles of those committing the fraud. Although not the best procedure, it provides more information than choice (a).

Question: V2C4-0081
An auditor is investigating the performance of a division with an unusually large increase in sales, gross margin, and profit. Which of the following indicators is least likely to indicate the possibility of sales-related fraud in the division?

Answers
A: A significant portion of divisional management compensation is based on reported divisional profits. B: There is an unusually large amount of sales returns recorded after year-end. C: The auditor has taken a random sample of sales invoices, but cannot locate a shipping document for a number of the sales transactions selected for November and December. D: One of the division's major competitors went out of business during the year.

Answer Explanations
Answer (a) is incorrect. Significant management compensation tied to reported profits has been identified as a red flag for potential fraud investigation. Answer (b) is incorrect. An unusually large amount of sales returns after year-end could indicate that a large amount of nonvalid (without substance) sales were recorded near the end of the year. Answer (c) is incorrect. The lack of receiving documents would be a good indicator that nonvalid sales were recorded during November and December. Answer (d) is the correct answer. A decrease in the number of competitors during the year could be a potential explanation for the increase in sales and profits.

Question: V2C4-0082
An auditor is investigating the performance of a division with an unusually large increase in sales, gross margin,

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 76 of 262

and profit. If the auditor continued to suspect fraudulent recording of transactions to increase reported profits, which of the following audit procedures would be least effective?

Answers
A: Take a physical inventory. B: Develop a schedule of inventory by month and investigate unusual fluctuations by reference to the perpetual inventory records. C: Prepare a schedule of sales fluctuations and gross margin by month. Investigate unusually high months of sales and gross margin by examining support for sales. D: Perform year-end sales and purchase cutoff tests.

Answer Explanations
Answer (a) is incorrect. This would be an effective procedure because one way to overstate the gross margin would be to overstate inventory. Answer (b) is the correct answer. This would be the least effective procedure. The auditor would have more information by conducting a year-end physical inventory. Answer (c) is incorrect. Sales and gross margin fluctuation analysis identifying unusual months would be a useful procedure to indicate the possibility of fraudulent transactions. Answer (d) is incorrect. Performing year-end cutoff tests would be effective in identifying transactions recorded in the wrong period.

Question: V2C4-0083
An auditor is investigating the performance of a division with an unusually large increase in sales, gross margin, and profit. Without prejudice to answers on the previous question, assume that the analysis shows unusually high sales and gross margin during the months of November and December and the auditor wishes to investigate further. Which of the following audit procedures would be most effective in analyzing whether fraudulent sales may have been recorded?

Answers
A: Take a sample of shipping documents and trace to related sales invoice, noting that all items were properly billed. B: Confirm accounts receivable with large customers. C: Perform an analytical review comparing sales and gross margin with the previous 10 months and the first month of the following year. D: Use regression analysis techniques for the first 10 months to estimate the sales and cost of goods sold for the last 2 months.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 77 of 262

Answer Explanations
Answer (a) is incorrect. Selecting a sample of shipping documents only provides evidence that all shipments were billed. The concern here is that sales have been recorded for shipments not made. A more appropriate procedure would be to select recorded sales and trace back to the underlying documents. Answer (b) is the correct answer. If fictitious sales were recorded, the most likely corresponding debit would be to accounts receivable. Thus, confirming accounts receivable would be an effective procedure, assuming that the customers are willing to respond to confirmations. The alternative best procedure would be to select recorded sales and trace them back to the underlying documents. However, that procedure was not given as an alternative. Answer (c) is incorrect. Analytical review procedures have already been performed and indicate the possibility of a misstatement. The auditor now needs to perform detailed tests to determine the existence of misstatements. Answer (d) is incorrect. Regression analysis would potentially indicate the existence of misstatements. That has already been accomplished by the analytical review techniques.

Question: V2C4-0084
The internal auditing department has been assigned to perform an audit of a division. Based on background review, the auditor knows the following about management policies: Company policy is to rapidly promote divisional managers who show significant success. Thus, successful managers rarely stay at a division for more than three years. A significant portion of division managements compensation comes in the form of bonuses based on the divisions profitability. The division was identified by senior management as a turnaround opportunity. The division is growing, but is not scheduled for a full audit by the external auditors this year. The division has been growing about 7% per year for the past three years and uses a standard cost system. During the preliminary review, the auditor notes the following changes in financial data compared to the prior year: Sales have increased by 10%. Cost of goods sold has increased by 2%. Inventory has increased by 15%. Divisional net income has increased by 8%.

Which of the following items might alert the auditor to the possibility of fraud in the division?

Answers
A: The division is not scheduled for an external audit this year. B: Sales have increased by 10%. C: A significant portion of management's compensation is directly tied to reported net income of the division. D: All of the above.

Answer Explanations
Answer (a) is incorrect. This factor has not been identified as a significant red flag. In addition, the division is audited by the internal audit department. Answer (b) is incorrect. Sales have normally been increasing by about 7% at this division. Thus, an increase of 10%, by itself, is not unexpected and would not raise a red flag.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 78 of 262

Answer (c) is the correct answer. This is one of the most common red flags identified in the lIA Standards. Answer (d) is incorrect because neither choice (b) nor (c) is a red flag.

Question: V2C4-0085
The internal auditing department has been assigned to perform an audit of a division. Based on background review, the auditor knows the following about management policies: Company policy is to rapidly promote divisional managers who show significant success. Thus, successful managers rarely stay at a division for more than three years. A significant portion of division managements compensation comes in the form of bonuses based on the divisions profitability. The division was identified by senior management as a turnaround opportunity. The division is growing, but is not scheduled for a full audit by the external auditors this year. The division has been growing about 7% per year for the past three years and uses a standard cost system. During the preliminary review, the auditor notes the following changes in financial data compared to the prior year: Sales have increased by 10%. Cost of goods sold has increased by 2%. Inventory has increased by 15%. Divisional net income has increased by 8%.

It is November and the audit manager is finalizing plans for a year-end audit of the division. Based on the above data, the audit procedure with highest priority would be to

Answers
A: Select sales transactions and trace shipping documents to entries into cost of goods sold to determine if all shipments were recorded. B: Schedule a complete count of inventory at year-end and have the auditor observe and test the year-end inventory. C: Schedule a complete investigation of the standard cost system by preparing cost buildups of a sample of products. D: Schedule a year-end sales cutoff test.

Answer Explanations
Answer (a) is incorrect. This would be an appropriate procedure, but the major problem appears to be existence of inventory, and the auditor should start there. Answer (b) is the correct answer. The data would seem to indicate that inventory is overstated and cost of goods sold is understated. Inventory might be overstated because of either quantity or cost differences. Since we are nearing year-end, the most appropriate procedure would be to begin with a physical observation of inventory and expand to price tests after establishing the existence of inventory. Answer (c) is incorrect. This would be an appropriate procedure, but the major problem appears to be existence of inventory, and the auditor should start there. Answer (d) is incorrect. The problem is occurring during normal operations. Because of the red flags, the auditor should schedule a cutoff test, but the existing red flags point primarily to a problem with inventory overstatement.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 79 of 262

Question: V2C4-0086
The internal auditing department has been assigned to perform an audit of a division. Based on background review, the auditor knows the following about management policies: Company policy is to rapidly promote divisional managers who show significant success. Thus, successful managers rarely stay at a division for more than three years. A significant portion of division managements compensation comes in the form of bonuses based on the divisions profitability. The division was identified by senior management as a turnaround opportunity. The division is growing, but is not scheduled for a full audit by the external auditors this year. The division has been growing about 7% per year for the past three years and uses a standard cost system. During the preliminary review, the auditor notes the following changes in financial data compared to the prior year: Sales have increased by 10%. Cost of goods sold has increased by 2%. Inventory has increased by 15%. Divisional net income has increased by 8%.

If the auditor decides there are significant problems with the standard cost system, the next audit step to perform would be to

Answers
A: Interview divisional management to determine why the standard cost system has not been updated on a timely basis. B: Select a random sample of products and review the standard cost buildup by tracing purchases to the standard cost record. C: Use generalized audit software to prepare a listing of gross margin by product by comparing standard cost with sales price. Select all high-gross-margin items for further investigation. D: Schedule all variances and determine their source and their disposition, that is, whether they are allocated to inventory or cost of goods sold.

Answer Explanations
Answer (a) is incorrect. It would be inappropriate to interview management to determine why the standard costs have not been updated when the auditor does not yet have evidence that the standard costs are misstated. Answer (b) is incorrect. This would follow choice (a), and would need to test more than the correct recording of purchases. It would also need to test for proper allocation of labor and overhead costs. Answer (c) is incorrect. This procedure may have merit, but there is no indication that higher-gross-margin products are the ones with standard cost problems. Again, it would be a supplemental procedure after choice (a) is performed. Answer (d) is the correct answer. If there is a problem with standard costs, it will show up in variances. Since this is an analytical procedure, it is not costly and provides the best direction for further detailed testing.

Question: V2C4-0087
The internal auditing department has been assigned to perform an audit of a division. Based on background review,

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 80 of 262

the auditor knows the following about management policies: Company policy is to rapidly promote divisional managers who show significant success. Thus, successful managers rarely stay at a division for more than three years. A significant portion of division managements compensation comes in the form of bonuses based on the divisions profitability. The division was identified by senior management as a turnaround opportunity. The division is growing, but is not scheduled for a full audit by the external auditors this year. The division has been growing about 7% per year for the past three years and uses a standard cost system. During the preliminary review, the auditor notes the following changes in financial data compared to the prior year: Sales have increased by 10%. Cost of goods sold has increased by 2%. Inventory has increased by 15%. Divisional net income has increased by 8%.

Assume the auditor found that there was a plan to overstate inventory and therefore increase reported profits for the division. If reported correctly, the division would not have shown an increase in net income. The auditor has substantial evidence that the divisional manager was aware of and approved the plan to overstate inventory. There is also some evidence that the manager may have been responsible for the implementation of the plan. The appropriate audit action would be to

Answers
A: Continue to conduct interviews with subordinates until a clear-cut case is made. Then report the case to the audit committee. B: Inform management and the audit committee of the findings and discuss proper follow-up action and/or further investigation with them. C: Inform the divisional manager of the audit suspicions and obtain the manager's explanation of the findings before pursuing the matter further. D: Document the case thoroughly and report the suspicions to the external auditor for further review and external reporting.

Answer Explanations
Answer (a) is incorrect. The auditor has sufficient evidence to bring the matter to the attention of management and leave it to them to decide the method of further investigation. Answer (b) is the correct answer. This is the correct response according to the IIA Standards. Answer (c) is incorrect. There is no need to inform divisional management of suspicions. It would be appropriate to interview divisional management, but primarily as a fact-finding chore. Answer (d) is incorrect. The auditors responsibility is for reporting inside the organization. There is no need to report the item to the external auditor.

Question: V2C4-0088
The following are facts about a subsidiary: I. The subsidiary company has been in business for several years and enjoyed good profit margins although the general economy was in a recession, which affected competitors.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 81 of 262

II. The working capital ratio had declined from a healthy 3:1 to 0.9:1. III. Turnover for the last several years has included three controllers, two supervisors of accounts receivable, four payables supervisors, and numerous staff in other financial positions. IV. Corporate purchasing policy requires three bids. However, the supervisor of purchasing at the subsidiary has instituted a policy of sole-source procurement to reduce the number of suppliers. When conducting a financial audit of the subsidiary, the internal auditor would

Answers
A: Be unlikely to detect I, II, or III. B: Ignore II since the economy had a downturn during this period. C: Consider III to be normal turnover, but be concerned about II and IV as warning signals of fraud. D: Consider I, II, III, and IV as warning signals of fraud.

Answer Explanations
Answer (a) is incorrect. The items described can be detected through usual audit procedures in a financial audit. Answer (b) is incorrect. Although the economy had a downturn, the change in working capital is unusual in light of the continuing strong profit margins and should be investigated. Answer (c) is incorrect. Items II, III, and IV are all warning signals. Answer (d) is the correct answer. Insufficient working capital may indicate such problems as overexpansion, decreases in revenues, transfer of funds to other companies, insufficient credit, and excessive expenditures. The auditor should be on the lookout for diversion of funds to personal use through such methods as unrecorded sales and falsified expenditures. Rapid turnover in financial positions may signify existing problems that the individuals feel uncomfortable with but do not want to disclose. Accountability for funds and other resources should be determined upon termination of employment. Use of sole-source procurement is not a practice that encourages competition to assure that the organization is obtaining the required materials or equipment at the best price. Solesource procurement, if not adequately justified, indicates potential favoritism or kickbacks.

Question: V2C4-0089
When comparing perpetrators who have embezzled company funds to perpetrators of financial statement fraud (falsified financial statements), those who have falsified financial statements would be less likely to

Answers
A: Have experienced an autocratic management style. B: Be living beyond their obvious means of support. C: Rationalize the fraudulent behavior. D: Use company expectations as justification for the act.

Answer Explanations

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 82 of 262

Answer (a) is incorrect. Autocratic management styles have been linked to management (financial statement) fraud. Answer (b) is the correct answer. Living beyond ones means has been linked to employee (embezzlement) fraud, not to financial statement fraud. Answer (c) is incorrect. Rationalization is common to all fraud. Answer (d) is incorrect. High expectations are often given as a motivating factor by those who have committed financial statement fraud.

Question: V2C4-0090
Randy and John had known each other for many years. They had become best friends in college, where they both majored in accounting. After graduation, Randy took over the family business from his father. His family had been in the grocery business for several generations. When John had difficulty finding a job, Randy offered him a job in the family store. John proved to be a very capable employee. As John demonstrated his abilities, Randy began delegating more and more responsibility to him. After a period of time, John was doing all of the general accounting and authorization functions for checks, cash, inventories, documents, records, and bank statement reconciliations. (I) John was trusted completely and handled all financial functions. No one checked his work. Randy decided to expand the business and opened several new stores. (II) Randy was always handling the most urgent problem . . . crisis management is what his college professors had termed it. John assisted with the problems when his other duties allowed him time. Although successful at work, John had (III) difficulties with personal financial problems. At first, the amounts stolen by John were small. John did not even worry about making the accounts balance. But he became greedy. How easy it is to take the money, he said. He felt that he was a critical member of the business team, (IV) and that he contributed much more to the success of the company than was represented by his salary. It would take two or three people to replace me, he often thought to himself. As the amounts became larger and larger, (V) he made the books balance. Because of these activities, John was able to purchase an expensive car and take his family on several trips each year. (VI) He also joined an expensive country club. Things were changing at home, however. (VII) Johns family observed that he was often argumentative and at other times very depressed. The fraud continued for six years. Each year the business performed more and more poorly. In the last year the stores lost over $200,000. Randys bank required an audit. John confessed when he thought the auditors had discovered his embezzlements. When discussing frauds, the pressures, opportunities, and rationalizations that cause/allow a perpetrator to commit the fraud are often identified. Symptoms of fraud are also studied. Identify the numbered and italicized factors (from the case) as being one of the symptoms, pressures, opportunities, or rationalizations given. Number I, John was trusted completely . . . is an example of a(n)

Answers
A: Document symptom. B: Situational pressure. C: Opportunity to commit. D: Physical symptom.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 83 of 262

This answer is incorrect. Refer to the correct answer explanation.


Answer (c) is the correct answer. Complete trust is an opportunity to commit a fraud. Therefore, by definition, choices (a), (b), and (d) are incorrect.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0091
Randy and John had known each other for many years. They had become best friends in college, where they both majored in accounting. After graduation, Randy took over the family business from his father. His family had been in the grocery business for several generations. When John had difficulty finding a job, Randy offered him a job in the family store. John proved to be a very capable employee. As John demonstrated his abilities, Randy began delegating more and more responsibility to him. After a period of time, John was doing all of the general accounting and authorization functions for checks, cash, inventories, documents, records, and bank statement reconciliations. (I) John was trusted completely and handled all financial functions. No one checked his work. Randy decided to expand the business and opened several new stores. (II) Randy was always handling the most urgent problem . . . crisis management is what his college professors had termed it. John assisted with the problems when his other duties allowed him time. Although successful at work, John had (III) difficulties with personal financial problems. At first, the amounts stolen by John were small. John did not even worry about making the accounts balance. But he became greedy. How easy it is to take the money, he said. He felt that he was a critical member of the business team, (IV) and that he contributed much more to the success of the company than was represented by his salary. It would take two or three people to replace me, he often thought to himself. As the amounts became larger and larger, (V) he made the books balance. Because of these activities, John was able to purchase an expensive car and take his family on several trips each year. (VI) He also joined an expensive country club. Things were changing at home, however. (VII) Johns family observed that he was often argumentative and at other times very depressed. The fraud continued for six years. Each year the business performed more and more poorly. In the last year the stores lost over $200,000. Randys bank required an audit. John confessed when he thought the auditors had discovered his embezzlements. When discussing frauds, the pressures, opportunities, and rationalizations that cause/allow a perpetrator to commit the fraud are often identified. Symptoms of fraud are also studied. Identify the numbered and italicized factors (from the case) as being one of the symptoms, pressures, opportunities, or rationalizations given. Number II, Randy was always handling the most urgent . . . is an example of a(n)

Answers
A: Opportunity to commit. B: Analytical symptom. C: Situational pressure. D: Rationalization.

Answer Explanations
Answer (a) is the correct answer. Crisis management provides an opportunity to commit a fraud. Therefore, by definition, choices (b), (c), and (d) are incorrect.

This answer is incorrect. Refer to the correct answer explanation.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 84 of 262

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0092
Randy and John had known each other for many years. They had become best friends in college, where they both majored in accounting. After graduation, Randy took over the family business from his father. His family had been in the grocery business for several generations. When John had difficulty finding a job, Randy offered him a job in the family store. John proved to be a very capable employee. As John demonstrated his abilities, Randy began delegating more and more responsibility to him. After a period of time, John was doing all of the general accounting and authorization functions for checks, cash, inventories, documents, records, and bank statement reconciliations. (I) John was trusted completely and handled all financial functions. No one checked his work. Randy decided to expand the business and opened several new stores. (II) Randy was always handling the most urgent problem . . . crisis management is what his college professors had termed it. John assisted with the problems when his other duties allowed him time. Although successful at work, John had (III) difficulties with personal financial problems. At first, the amounts stolen by John were small. John did not even worry about making the accounts balance. But he became greedy. How easy it is to take the money, he said. He felt that he was a critical member of the business team, (IV) and that he contributed much more to the success of the company than was represented by his salary. It would take two or three people to replace me, he often thought to himself. As the amounts became larger and larger, (V) he made the books balance. Because of these activities, John was able to purchase an expensive car and take his family on several trips each year. (VI) He also joined an expensive country club. Things were changing at home, however. (VII) Johns family observed that he was often argumentative and at other times very depressed. The fraud continued for six years. Each year the business performed more and more poorly. In the last year the stores lost over $200,000. Randys bank required an audit. John confessed when he thought the auditors had discovered his embezzlements. When discussing frauds, the pressures, opportunities, and rationalizations that cause/allow a perpetrator to commit the fraud are often identified. Symptoms of fraud are also studied. Identify the numbered and italicized factors (from the case) as being one of the symptoms, pressures, opportunities, or rationalizations given. Number III; Difficulties with personal financial problems is an example of a(n)

Answers
A: Behavioral symptom. B: Situational pressure. C: Rationalization. D: Opportunity to commit.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. Personal financial problem is a situational pressure to commit a fraud. Therefore, by definition, choices (a), (c), and (d) are incorrect.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 85 of 262

Question: V2C4-0093
Randy and John had known each other for many years. They had become best friends in college, where they both majored in accounting. After graduation, Randy took over the family business from his father. His family had been in the grocery business for several generations. When John had difficulty finding a job, Randy offered him a job in the family store. John proved to be a very capable employee. As John demonstrated his abilities, Randy began delegating more and more responsibility to him. After a period of time, John was doing all of the general accounting and authorization functions for checks, cash, inventories, documents, records, and bank statement reconciliations. (I) John was trusted completely and handled all financial functions. No one checked his work. Randy decided to expand the business and opened several new stores. (II) Randy was always handling the most urgent problem . . . crisis management is what his college professors had termed it. John assisted with the problems when his other duties allowed him time. Although successful at work, John had (III) difficulties with personal financial problems. At first, the amounts stolen by John were small. John did not even worry about making the accounts balance. But he became greedy. How easy it is to take the money, he said. He felt that he was a critical member of the business team, (IV) and that he contributed much more to the success of the company than was represented by his salary. It would take two or three people to replace me, he often thought to himself. As the amounts became larger and larger, (V) he made the books balance. Because of these activities, John was able to purchase an expensive car and take his family on several trips each year. (VI) He also joined an expensive country club. Things were changing at home, however. (VII) Johns family observed that he was often argumentative and at other times very depressed. The fraud continued for six years. Each year the business performed more and more poorly. In the last year the stores lost over $200,000. Randys bank required an audit. John confessed when he thought the auditors had discovered his embezzlements. When discussing frauds, the pressures, opportunities, and rationalizations that cause/allow a perpetrator to commit the fraud are often identified. Symptoms of fraud are also studied. Identify the numbered and italicized factors (from the case) as being one of the symptoms, pressures, opportunities, or rationalizations given. Number IV, and that he contributed much more . . . is an example of a

Answers
A: Rationalization. B: Behavioral symptom. C: Situational pressure. D: Physical symptom.

Answer Explanations
Answer (a) is the correct answer. Contributing more than paid is a rationalization. Therefore, by definition, choices (b), (c), and (d) are incorrect.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 86 of 262

Question: V2C4-0094
Randy and John had known each other for many years. They had become best friends in college, where they both majored in accounting. After graduation, Randy took over the family business from his father. His family had been in the grocery business for several generations. When John had difficulty finding a job, Randy offered him a job in the family store. John proved to be a very capable employee. As John demonstrated his abilities, Randy began delegating more and more responsibility to him. After a period of time, John was doing all of the general accounting and authorization functions for checks, cash, inventories, documents, rec-ords, and bank statement reconciliations. (I) John was trusted completely and handled all financial functions. No one checked his work. Randy decided to expand the business and opened several new stores. (II) Randy was always handling the most urgent problem . . . crisis management is what his college professors had termed it. John assisted with the problems when his other duties allowed him time. Although successful at work, John had (III) difficulties with personal financial problems. At first, the amounts stolen by John were small. John did not even worry about making the accounts balance. But he became greedy. How easy it is to take the money, he said. He felt that he was a critical member of the business team, (IV) and that he contributed much more to the success of the company than was represented by his salary. It would take two or three people to replace me, he often thought to himself. As the amounts became larger and larger, (V) he made the books balance. Because of these activities, John was able to purchase an expensive car and take his family on several trips each year. (VI) He also joined an expensive country club. Things were changing at home, however. (VII) Johns family observed that he was often argumentative and at other times very depressed. The fraud continued for six years. Each year the business performed more and more poorly. In the last year the stores lost over $200,000. Randys bank required an audit. John confessed when he thought the auditors had discovered his embezzlements. When discussing frauds, the pressures, opportunities, and rationalizations that cause/allow a perpetrator to commit the fraud are often identified. Symptoms of fraud are also studied. Identify the numbered and italicized factors (from the case) as being one of the symptoms, pressures, opportunities, or rationalizations given. Number V, he made the books balance, is an example of a(n)

Answers
A: Physical symptom. B: Analytical symptom. C: Lifestyle symptom. D: Document symptom.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (d) is the correct answer. To make the books balance is an example of a document symptom. Therefore, by definition, choices (a), (b), and (c) are incorrect.

Question: V2C4-0095
file://C:\Program Files\Wiley\CIAExam\Print.htm 1/20/2010

Wiley CIA 2006 v1

Page 87 of 262

Randy and John had known each other for many years. They had become best friends in college, where they both majored in accounting. After graduation, Randy took over the family business from his father. His family had been in the grocery business for several generations. When John had difficulty finding a job, Randy offered him a job in the family store. John proved to be a very capable employee. As John demonstrated his abilities, Randy began delegating more and more responsibility to him. After a period of time, John was doing all of the general accounting and authorization functions for checks, cash, inventories, documents, rec-ords, and bank statement reconciliations. (I) John was trusted completely and handled all financial functions. No one checked his work. Randy decided to expand the business and opened several new stores. (II) Randy was always handling the most urgent problem . . . crisis management is what his college professors had termed it. John assisted with the problems when his other duties allowed him time. Although successful at work, John had (III) difficulties with personal financial problems. At first, the amounts stolen by John were small. John did not even worry about making the accounts balance. But he became greedy. How easy it is to take the money, he said. He felt that he was a critical member of the business team, (IV) and that he contributed much more to the success of the company than was represented by his salary. It would take two or three people to replace me, he often thought to himself. As the amounts became larger and larger, (V) he made the books balance. Because of these activities, John was able to purchase an expensive car and take his family on several trips each year. (VI) He also joined an expensive country club. Things were changing at home, however. (VII) Johns family observed that he was often argumentative and at other times very depressed. The fraud continued for six years. Each year the business performed more and more poorly. In the last year the stores lost over $200,000. Randys bank required an audit. John confessed when he thought the auditors had discovered his embezzlements. When discussing frauds, the pressures, opportunities, and rationalizations that cause/allow a perpetrator to commit the fraud are often identified. Symptoms of fraud are also studied. Identify the numbered and italicized factors (from the case) as being one of the symptoms, pressures, opportunities, or rationalizations given. Number VI, He also joined an expensive country club, is an example of a

Answers
A: Rationalization. B: Lifestyle symptom. C: Behavioral symptom. D: Physical symptom.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. Joining an expensive country club is an example of a lifestyle symptom. Therefore, by definition, choices (a), (c), and (d) are incorrect.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0096
Randy and John had known each other for many years. They had become best friends in college, where they both majored in accounting. After graduation, Randy took over the family business from his father. His family had

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 88 of 262

been in the grocery business for several generations. When John had difficulty finding a job, Randy offered him a job in the family store. John proved to be a very capable employee. As John demonstrated his abilities, Randy began delegating more and more responsibility to him. After a period of time, John was doing all of the general accounting and authorization functions for checks, cash, inventories, documents, rec-ords, and bank statement reconciliations. (I) John was trusted completely and handled all financial functions. No one checked his work. Randy decided to expand the business and opened several new stores. (II) Randy was always handling the most urgent problem . . . crisis management is what his college professors had termed it. John assisted with the problems when his other duties allowed him time. Although successful at work, John had (III) difficulties with personal financial problems. At first, the amounts stolen by John were small. John did not even worry about making the accounts balance. But he became greedy. How easy it is to take the money, he said. He felt that he was a critical member of the business team, (IV) and that he contributed much more to the success of the company than was represented by his salary. It would take two or three people to replace me, he often thought to himself. As the amounts became larger and larger, (V) he made the books balance. Because of these activities, John was able to purchase an expensive car and take his family on several trips each year. (VI) He also joined an expensive country club. Things were changing at home, however. (VII) Johns family observed that he was often argumentative and at other times very depressed. The fraud continued for six years. Each year the business performed more and more poorly. In the last year the stores lost over $200,000. Randys bank required an audit. John confessed when he thought the auditors had discovered his embezzlements. When discussing frauds, the pressures, opportunities, and rationalizations that cause/allow a perpetrator to commit the fraud are often identified. Symptoms of fraud are also studied. Identify the numbered and italicized factors (from the case) as being one of the symptoms, pressures, opportunities, or rationalizations given. Number VII, Johns family observed that he was often argumentative . . . is an example of a

Answers
A: Rationalization. B: Lifestyle symptom. C: Behavioral symptom. D: Physical symptom.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. Being argumentative is an example of a behavioral symptom. Therefore, by definition, choices (a), (b), and (d) are incorrect.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C4-0097
An internal auditor would be concerned about the possibility of fraud if

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 89 of 262

Answers
A: Cash receipts, net of the amounts used to pay petty cash-type expenditures, are deposited in the bank daily. B: The same employee who maintains the perpetual inventory records performs the monthly bank statement reconciliation. C: The same person maintains the accounts receivable subsidiary ledger and accounts payable subsidiary ledger. D: One person, acting alone, has sole access to the petty cash fund (except for a provision for occasional surprise counts by a supervisor or auditor).

Answer Explanations
Answer (a) is the correct answer. Paying petty cashtype expenditures from cash receipts facilitates the unauthorized removal of cash before deposit. All cash receipts should be deposited intact daily. Petty cashtype expenditures should be handled through an imprest fund. Answer (b) is incorrect. The monthly bank reconciliation should not be performed by a person who makes deposits or writes checks, but there is no problem with the inventory clerk doing it. Answer (c) is incorrect. There is no direct relationship between the transactions posted to the accounts receivable and accounts payable subsidiary ledgers; having the same person maintain both does not create a control weakness. Answer (d) is incorrect. In order to pinpoint responsibility for petty cash, it is desirable that only one person has access to the fund.

Question: V2C4-0098
When following up on a $200,000 increase in maintenance supplies during the past year, a purchasing agent explained to the auditor that the main reason for the increase was painting services and supplies. The auditor found a blanket purchase order without the normal bid or quote documentation. The blanket purchase order had been signed by the general manager and named the general managers father as the sole contractor for painting services on company projects. The auditor also found a number of large invoices authorized for payment by the general manager that showed the general managers father as the person who signed for receipt of the material at the supplier. Which is not a symptom of fraud as described in this situation?

Answers
A: Purchased material is not received by authorized company personnel. B: Routine controls are suspended for certain transactions. C: Purchased material is not delivered to a central location on company premises. D: The use of blanket purchase orders.

Answer Explanations

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 90 of 262

Answer (a) is incorrect. The receipt of goods or services by noncompany personnel is a symptom of fraud. Answer (b) is incorrect. The scenario refers to normal and appropriate procedures that are suspended for these transactions. Answer (c) is incorrect. The receipt of goods or services off-site is a symptom of fraud. Answer (d) is the correct answer. The use of blanket purchase orders is an acceptable business practice.

Question: V2C4-0099
When following up on a $200,000 increase in maintenance supplies during the past year, a purchasing agent explained to the auditor that the main reason for the increase was painting services and supplies. The auditor found a blanket purchase order without the normal bid or quote documentation. The blanket purchase order had been signed by the general manager and named the general managers father as the sole contractor for painting services on company projects. The auditor also found a number of large invoices authorized for payment by the general manager that showed the general managers father as the person who signed for receipt of the material at the supplier. The common indicator of fraud recognized by the auditor in this scenario is

Answers
A: Analytical procedures revealed an extraordinary increase in account balances. B: Paint and supplies are being purchased for a contractor. C: The purchasing agent is selecting the contractor on the basis of a blanket purchase order. D: Invoices are being authorized for payment by the general manager.

Answer Explanations
Answer (a) is the correct answer. The indicators include an extraordinary change in account balances as discovered during analytical review procedures. Answer (b) is incorrect. The provision of paint is not an issue. Answer (c) is incorrect. The purchasing agent is fulfilling this responsibility in accordance with the authority of a purchasing agents position. Answer (d) is incorrect. The painting contractor is bound by company procedures in this manner.

Question: V2C4-0100
Jane Jackson had been the regional sales manager for a company over ten years. During this time she had become a very close friend with Frank Hansen, an internal audit manager. In addition to being neighbors, Jane and Frank had many of the same interests and belonged to the same tennis club. They trusted each other. Frank had helped Jane solve some sales problems, and Jane had given Frank some information that led to significant audit findings during the past three audits. Below are selected analytical data from the company that have led staff auditors to believe that there has been a financial statement fraud. The perpetrator appears to have falsified sales information for the past two years. Frank is concerned because he recently completed an audit in the area and accepted Janes explanation for differences in the analytical data. Frank is now certain that Jane is involved in the fraud. Which combination of the following analytical data provides the strongest indication of the possibility of the fraud?

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 91 of 262

Percent increase in sales Inventory turnover Gross margin percentage Percent change in sales returns

Current year 10% 5 54 8%

Last year 8% 4 49 6%

-2 year 6% 5 42 3%

-3 year 4% 3.5 39 2.5%

-4 year 5% 4 40 3%

Answers
A: Percent increase in sales and inventory turnover. B: Gross margin percentage and change in sales returns. C: Inventory turnover and change in sales returns. D: Percent increase in sales and gross margin percentage.

Answer Explanations
Answer (a) is incorrect. The increase in percent change in sales is not unreasonable, and given the constant increase, one might expect increases in inventory that could keep turnover constant. Answer (b) is the correct answer. One would expect rapid increases in gross margin percentage if sales were fictitious; the large increase in returns is also symptomatic of falsified sales. Answer (c) is incorrect. See choice (a) for turnover. The turnover and return figures, when taken together, are not indications of sales overstatements. Answer (d) is incorrect. If the increase in sales was due to a market sales price increase, one might expect these results.

Question: V2C4-0101
Jane Jackson had been the regional sales manager for a company over ten years. During this time she had become a very close friend with Frank Hansen, an internal audit manager. In addition to being neighbors, Jane and Frank had many of the same interests and belonged to the same tennis club. They trusted each other. Frank had helped Jane solve some sales problems, and Jane had given Frank some information that led to significant audit findings during the past three audits. Below are selected analytical data from the company that have led staff auditors to believe that there has been a financial statement fraud. The perpetrator appears to have falsified sales information for the past two years. Frank is concerned because he recently completed an audit in the area and accepted Janes explanation for differences in the analytical data. Frank is now certain that Jane is involved in the fraud. The current dilemma in which Frank finds himself was least likely caused by

Answers
A: Not rotating audit assignments every year. B: Accepting an audit assignment in an area where he was a close personal friend of management. C: Failure to select the appropriate analytical procedures.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 92 of 262

D: Accepting the response of management without additional audit testing.

Answer Explanations
Answer (a) is incorrect because failure to rotate assignments and close personal friendships seems to have contributed to Franks decision to accept managements explanation for the analytic findings. Answer (b) is incorrect because failure to rotate assignments and close personal friendships seems to have contributed to Franks decision to accept managements explanation for the analytic findings. Answer (c) is the correct answer. From the information given, it appears Frank found the analytic data, but accepted managements explanation of the findings. Answer (d) is incorrect because Frank should not accept managements response on its face value.

Question: V2C5-0001
For which of the following sample results is sampling risk the smallest? Sample size 40 60 80 100 Tolerable error rate 5% 5% 4% 1% Sample error rate 2% 1% 3% 1% a. b. c. d.

Answers
A: a. B: b. C: c. D: d.

Answer Explanations
Answer (a) is incorrect. Sampling risk would be higher for the sample because the sample size is smaller and because the 2% error rate is larger than the 1% in answer (b), while the tolerable error rate is the same. Answer (b) is the correct answer. Compared to the other responses, the percentage of error in the sample is small relative to the tolerable error rate. Answer (c) is incorrect. Sampling risk would be higher than in answer (b) because the sample error rate is very large compared to the tolerable error rate. Although the sample size is larger than that in answer (b), the increase in the sample size is not large enough to compensate for the size of the sample error rate relative to the tolerable error rate. Answer (d) is incorrect. Although this is the largest sample, the sampling risk is extremely high because the sample error rate equals the tolerable error rate.

Question: V2C5-0002
file://C:\Program Files\Wiley\CIAExam\Print.htm 1/20/2010

Wiley CIA 2006 v1

Page 93 of 262

If an auditor is sampling to test compliance with a particular company policy, which of the following factors should not affect the allowable level of sampling risk?

Answers
A: The experience and knowledge of the auditor. B: The adverse consequences of noncompliance. C: The acceptable level of risk of making an incorrect audit conclusion. D: The cost of performing auditing procedures on sample selections.

Answer Explanations
Answer (a) is the correct answer. The allowable level of sampling risk is the risk an auditor is willing to take that a conclusion based on the sample may be incorrect. The auditors experience and knowledge should have no bearing on that decision; however, the auditors experience and knowledge may affect his or her decision to use statistical or nonstatistical sampling and may be a factor in assessing nonsampling risks. Answer (b) is incorrect. As adverse consequences of noncompliance increase, the allowable level of sampling risk tends to decrease. Choice (c) is incorrect. The acceptable level of risk of making an incorrect audit conclusion is directly related to the allowable level of sampling risk. Choice (d) is incorrect. The cost of performing auditing procedures on sample selections is one of the factors an auditor should consider when assessing the allowable level of sampling risk. The cost of performing the auditing procedures is weighed against the benefit of minimizing the chance of making an incorrect audit decision.

Question: V2C5-0003
Which of the following techniques could be used to estimate the standard deviation for a sampling plan?

Answers
A: Difference estimation. B: Pilot sample. C: Regression. D: Discovery sampling.

Answer Explanations
Answer (a) is incorrect. Difference estimation is a type of variables sampling plan. It is not a technique for estimating standard deviation. Answer (b) is the correct answer. Auditors use a pilot sample to estimate the standard deviation in a population. This enables auditors to estimate the confidence interval that would be achieved by the sample and therefore helps them decide how large of a sample to select. Answer (c) is incorrect. Auditors use regression to project balances of accounts or other populations. Answer (d) is incorrect. Discovery sampling is a type of sampling plan, not a technique for estimating standard de-

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 94 of 262

viation.

Question: V2C5-0004
Identification of an appropriate population to sample is dependent on audit objectives. A population of entries in an asset repairs expense file would be an appropriate population if the audit objective were to determine whether

Answers
A: Expenditures for fixed assets have been improperly expensed. B: Noncapital repair expenditures have been properly charged to expense. C: Noncapital repair expenditures have been recorded in the proper period. D: Expenditures for fixed assets have been recorded in the proper period.

Answer Explanations
Answer (a) is the correct answer. Sampling of this transaction file would be appropriate to ascertain if the cost of fixed assets is improperly expensed. Answer (b) is incorrect. Ascertaining that all noncapital expenditures have been expensed would require testing of expense accounts and selected asset accounts in addition to the repair expense account. Answer (c) is incorrect. Ascertaining that noncapital repair expenditures have been recorded in the proper time period would require sampling from more than one time period. Answer (d) is incorrect. Ascertaining that capital fixed assets expenditures were recorded in the proper time period would involve sampling from the fixed assets file.

Question: V2C5-0005
To test compliance with a policy regarding sales returns recorded during the most recent year, an auditor systematically selected 5% of the actual returns recorded in March and April. Returns during these two busiest months of the year represented about 25% of total annual returns. Error projections from this sample have limited usefulness because

Answers
A: The small size of the sample relative to the population makes sampling risk unacceptable. B: The failure to stratify the population according to sales volume results in bias. C: The systematic selection of returns during the two months is not sufficiently random. D: The error rates during the two busiest months may not be representative of the whole year.

Answer Explanations

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 95 of 262

Answer (a) is incorrect. Although sampling risk is related to sample size, it is not related to sample size relative to the population size. In addition, this problem does not contain sufficient information to evaluate the acceptability of sampling risk. Answer (b) is incorrect. The objective of stratifying a population is to decrease the sampling risk, not to reduce bias. This problem does not give enough information to decide whether stratification might have enabled the auditor to use a smaller sample. Answer (c) is incorrect. Systematic selection with a random start is unbiased if the population is randomly organized. Answer (d) is the correct answer. The auditor has selected items from only two months. That sampling plan may enable the auditor to make conclusions about the overall error rates during those two months, but not about error rates during the whole year.

Question: V2C5-0006
Using random numbers to select a sample

Answers
A: Is required for a variables sampling plan. B: Is likely to result in an unbiased sample. C: Results in a representative sample. D: Allows auditors to use smaller samples.

Answer Explanations
Answer (a) is incorrect. Although random-number sampling may be used for variables sampling plan, it is not required. Systematic selection is also acceptable unless the population is not randomly organized. Answer (b) is the correct answer. This is why auditors often use random numbers to select sample items. In a random sample, each sampling unit and each combination of sampling units has an equal probability of selection and is therefore likely to be unbiased. Answer (c) is incorrect. The use of random numbers does not always result in a representative sample. Statistics allow auditors to estimate the probability that a random sample is not representative. Answer (d) is incorrect. The use of random numbers does not affect sample size.

Question: V2C5-0007
An auditor tested a population by examining sixty items selected judgmentally and found one error. The main limitation of the auditors sample is the inability to

Answers
A: Quantify sampling risk. B: Quantify the acceptable error rate.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 96 of 262

C: Project the population's error rate. D: Determine whether the sample is random.

Answer Explanations
Answer (a) is the correct answer. The limitation of all nonstatistical sampling techniques is the auditors inability to quantify sampling risk. Based on past experience and intuition, the auditor may believe that sampling risk is acceptable, but the auditor is not able to quantify the risk level without using statistical sampling. Answer (b) is incorrect. The auditor could quantify the acceptable error rate independently of the sample design. Answer (c) is incorrect. The auditor can project an error rate of 1/60, or .0167. The problem is that the auditor cannot quantify the risk that the rate in the sample is significantly different from the rate in the population. Answer (d) is incorrect. A mathematician may be able to determine whether the auditors selections are random, although it is unlikely that they are. If the sample is representative, it does not matter whether it is random or not.

Question: V2C5-0008
The degree to which the auditor is justified in believing that the estimate based on a random sample will fall within a specified range is called

Answers
A: Sampling risk. B: Nonsampling risk. C: Confidence level. D: Precision.

Answer Explanations
Answer (a) is incorrect. Sampling risk is the complement of the confidence level. Answer (b) is incorrect. Nonsampling risk is the risk of improperly auditing the sampled items and cannot be quantified. Answer (c) is the correct answer. This is the definition of confidence level. Answer (d) is incorrect. Precision is the specified range, not the degree of justification.

Question: V2C5-0009
An auditor is designing a sampling plan to test the accuracy of daily production reports over the past three years. All of the reports contain the same information except that Friday reports also contain weekly totals and are prepared by managers rather than by supervisors. Production normally peaks near the end of a month. If the auditor wants to select two reports per month using an interval-sampling plan, which of the following techniques reduces the likelihood of bias in the sample?

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 97 of 262

A: Estimating the error rate in the population. B: Using multiple random starts. C: Increasing the confidence level. D: Increasing the precision.

Answer Explanations
Answer (a) is incorrect. Estimating the error rate has no effect on bias. Bias is related to the selection method. Answer (b) is the correct answer. Using multiple random starts would increase the likelihood that the population includes a representative number of reports for each day of the week and for each day of the month. Answer (c) is incorrect. Increasing the confidence level has no effect on bias. Answer (d) is incorrect. Increasing the precision has no effect on bias.

Question: V2C5-0010
In a sampling application, the group of items about which the auditor wants to estimate some characteristic is called the

Answers
A: Population. B: Attribute of interest. C: Sample. D: Sampling unit.

Answer Explanations
Answer (a) is the correct answer. This is the definition of the population. Answer (b) is incorrect. The attribute is the characteristic the auditor wants to estimate about the population. Answer (c) is incorrect. The sample is a subset of the population used to estimate the characteristic. Answer (d) is incorrect. Sampling unit refers to the item that is actually selected for examination and is a subset of the population.

Question: V2C5-0011
In a sampling application, the standard deviation represents a measure of the

Answers
A: Expected error rate.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 98 of 262

B: Level of confidence desired. C: Degree of data variability. D: Extent of precision achieved.

Answer Explanations
Answer (a) is incorrect. Expected error rate is associated with attribute sampling and is not involved with the standard deviation. Answer (b) is incorrect. Confidence level is determined by auditor judgment. Answer (c) is the correct answer. Standard deviation is a measure of data (item) variability. Answer (d) is incorrect. Achieved precision in variables sampling is computed using the standard deviation.

Question: V2C5-0012
An auditor selected a random sample of 100 items from a population of 2,000 items. The total dollars in the sample were $10,000, and the standard deviation was $10. If the achieved precision based on this sample was plus or minus $4,000, the minimum acceptable value of the population would be

Answers
A: $204,000 B: $196,000 C: $199,000 D: $199,800

Answer Explanations
Answer (a) is incorrect. Precision of $4,000 should be subtracted, not added to the estimate of the population. Answer (b) is the correct answer. $10,000/100 = $100 and $100 (2000) = $200,000 and $200,000 $4000 = $196,000. Answer (c) is incorrect. This calculation uses standard deviation for determining the precision factor, but the precision has been given as $4,000. The amount is determined as follows: $10 100 = $1,000 and $200,000 1,000 = $199,000. Answer (d) is incorrect. This calculation uses standard deviation for determining the precision factor, but the precision has been given as $4,000. The amount is determined as: ($10/100) 2,000 = $200 and 200,000 200 = $199,800.

Question: V2C5-0013
An auditor prepared a working paper that consisted of a list of employee names and identification numbers as well as the following statement: By matching random numbers with employee identification numbers, forty employee personnel files were selected to verify that they contain all documents required by company policy 501. No exceptions were noted.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 99 of 262

The auditor did not place any tick marks on this working paper. Which one of the following changes would improve the auditors working paper the most?

Answers
A: Use of tick marks to show that each file was examined. B: Removal of the employee names to protect their confidentiality. C: Justification for the sample size. D: Listing of the actual documents examined for each employee.

Answer Explanations
Answer (a) is incorrect. It is not necessary to use tick marks in this case because the same procedures were applied to all sample selections and no exceptions were detected. Answer (b) is incorrect. The audit work papers are themselves kept confidential so it is not necessary to remove employee names. Answer (c) is the correct answer. The working paper should specify the sampling risk and the confidence level or precision achieved by the sample or the method of determining size. Answer (d) is incorrect. In this case, reference to the company policy is equivalent to listing the documents that were examined.

Question: V2C5-0014
The standard deviation of a sample will usually decrease with

Answers
A: A decrease in sample size. B: The use of stratification. C: An increase in desired precision. D: An increase in confidence level.

Answer Explanations
Answer (a) is incorrect. A larger sample might more closely approximate the population standard deviation, but that could be either higher or lower depending on the point of reference. A smaller sample might go either way without the increased reliability. Answer (b) is the correct answer. Because high-value items can be sampled 100%, a large segment of variability can be eliminated. Answers (c) is incorrect. To the extent that sample size is affected, the results might be the same as in the answer (a) above. Answers (d) is incorrect. To the extent that sample size is affected, the results might be the same as in the Answer (a) above.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 100 of 262

Question: V2C5-0015
Statistical sampling would be appropriate to estimate the value of an auto dealers 3,000 line-item inventory because statistical sampling is

Answers
A: Reliable and objective. B: Thorough and complete. C: Thorough and accurate. D: Complete and precise.

Answer Explanations
Answer (a) is the correct answer. This fits the definition. Answer (b) is incorrect because it is neither. Answer (c) is incorrect because it is neither. Answer (d) is incorrect because it is precise but not complete.

Question: V2C5-0016
An important difference between a statistical sample and a judgmental sample is that with a statistical sample

Answers
A: No judgment is required, everything is by formula. B: A smaller sample size can be used. C: More accurate results are obtained. D: Population estimates with measurable reliability can be made.

Answer Explanations
Answer (a) is incorrect because judgment is needed for sample size. Answer (b) is incorrect because this may need a large sample. Answer (c) is incorrect because there is no way to determine this. Answer (d) is the correct answer. It is the only way to measure reliability.

Question: V2C5-0017
Sample size

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 101 of 262

Answers
A: Increases with the use of higher confidence levels. B: Decreases with the use of higher confidence levels. C: Remains unchanged with changes in confidence levels. D: Increases with the use of lower confidence levels.

Answer Explanations
Answer (a) is the correct answer. In its simplest form, the sample-size formula shows that sample size is equal to [(Confidence level factor squared Estimated standard deviation squared)/(Precision squared)], thus any increase in confidence level would be accompanied by an increase in sample size. Answer (b) is incorrect by definition. Answer (c) is incorrect by definition. Answer (d) is incorrect by definition.

Question: V2C5-0018
Using the following results from a variables sample, compute the standard error of the mean. Population size Sample size Sample standard deviation Confidence level Mean = 10,000 = 144 = $24.00 = 90% (Z=1.65) = $84.00

Answers
A: $60.00 B: $ 7.00 C: $ 2.30 D: $ 2.00

Answer Explanations
Answer (a) is incorrect by definition. Answer (b) is incorrect by definition. Answer (c) is incorrect by definition. Answer (d) is the correct answer. The standard error of the mean is equal to the sample standard deviation divided by the square root of sample size. ($24.00/12 = $2.00).

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 102 of 262

Question: V2C5-0019
During an internal control inspection, an auditor is evaluating the contents of a large warehouse that contains records from both the retail and the wholesale divisions of the client company. Upon inspecting the contents of one particular randomly selected box, the auditor discovers that the contents do not match the computer-generated label taped to the outside of the box. On average, errors of this kind have occurred in 6% of retail boxes and 2% of wholesale boxes. Unfortunately, some water has leaked onto the label and smeared the part that indicated the division of origin. The auditor does know that two-thirds of the boxes in this warehouse come from the wholesale division and one-third from the retail division. Which of the following can be concluded?

Answers
A: The box is more likely to have come from the retail division than from the wholesale division. B: The box is more likely to have come from the wholesale division than from the retail division. C: The proportion of retail boxes in the warehouse is probably much larger than the auditor thought. D: The proportion of wholesale boxes in the warehouse is probably much larger than the auditor thought.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. Errors are three times as likely in retail boxes as in wholesale boxes, but wholesale boxes are twice as frequent in the warehouse. Thus, the evidence points slightly more toward the retail division. Alternatively, by the Bayes theorem, we have: P (Retail/Error) = 0.06 1/3)/0.06 1/3 + 0.02 2/3) = 0.60. Answer (c) is incorrect. The contents of any one box are insufficient grounds to conclude anything about the whole warehouse. Answer (d) is incorrect. See response (c).

Question: V2C5-0020
Which one of the following statements about sampling is true?

Answers
A: A larger sample is always more representative of the underlying population than a smaller sample. B: For very large populations, the absolute size of a sample has more impact on the precision of its results than does its size relative to its population. C: For a given sample size, a simple random sample always produces the most representative sample. D: The limitations of an incomplete sample frame can almost always be overcome by careful sampling techniques.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 103 of 262

Answer Explanations
Answer (a) is incorrect. A large sample selected in a biased way leads to less representatives than a smaller but more carefully selected sample. Answer (b) is the correct answer. When the size of the population is very large, the effect on precision of the finite population correction factor is very limited. Answer (c) is incorrect. The advantage of most variations on simple random sampling is that for a given sample size, they produce a more representative sample. Answer (d) is incorrect. Things that are not in the sampling frame cannot be put there by an appropriate sampling technique.

Question: V2C5-0021
Which one of the following is not an important consideration in determining the appropriate sample size?

Answers
A: Whether the sample is designed to estimate a mean or a proportion. B: The amount of variability in the population under study. C: The sensitivity of the decision using this sample to errors of estimation. D: The cost per sample observation.

Answer Explanations
Answer (a) is the correct answer. Sample size considerations are the same for both of these parameters. Answer (b) is incorrect. The greater the variability, the greater the required sample size. Answer (c) is incorrect. The more sensitive the decision is to estimation errors, the greater the appropriate sample size. Answer (d) is incorrect. The greater the cost per observation, the smaller the appropriate sample size.

Question: V2C5-0022
An auditor is considering a sample size of fifty to estimate the average amount per invoice in a large trucking company. How would the precision of the sample results be affected if the sample size were increased to 200?

Answers
A: The larger sample would be about two times as precise as the smaller sample. B: The larger sample would be about four times as precise as the smaller sample. C: Although precision would not be increased that much, a possible downward bias in the estimate of the average per invoice would be corrected.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 104 of 262

D: Since both sample sizes are larger than 30, the increase would not have that much of an effect on precision.

Answer Explanations
Answer (a) is the correct answer. The precision of sample results is proportional to the square root of the sample size. Answer (b) is incorrect. The precision of sample results does not increase at the same rate as sample size. Answer (c) is incorrect. The expected value of the sample mean is the same regardless of sample size, and thus no downward bias is present.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0023
A 90% confidence interval for the mean of a population based on the information in a sample always implies that there is a 90% chance that the

Answers
A: Estimate is equal to the true population mean. B: True population mean is no larger than the largest end point of the interval. C: Standard deviation will not be any greater than 10% of the population mean. D: True population mean lies within the specified confidence interval.

Answer Explanations
Answer (a) is incorrect. A confidence interval concerns only whether the population parameter is contained inside the interval and says nothing directly about the exact value of the parameter. Answer (b) is incorrect. This could be true if the confidence interval were one-sided (i.e., all probability bunched below the mean), but it is not true for the more common two-sided confidence intervals, for which the correct chance of exceeding the top of the interval in a 90% confidence interval would be 5%. Answer (c) is incorrect. The confidence interval is based on the standard deviation, but it has no bearing on the size of the standard deviation. Answer (d) is the correct answer. This is the definition of a confidence interval.

Question: V2C5-0024
The auditor is concerned that a computer program is not properly computing the amount of freight to be added to shipments of merchandise ordered through the catalog. Management considers the occurrence of any freight costing errors to be critical. The auditor is considering sampling techniques to examine the freight charges on invoices to customers or considering the use of computer audit tools. Which of the following sampling or audit approaches would provide the greatest assurance as to the correctness of the freight charge computations at the current time?

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 105 of 262

Answers
A: Use discovery sampling selecting transactions from invoices, which should have freight charges added to them. B: Use either test data or parallel simulation to test the computer application. C: Use difference estimation by selecting transactions from invoices, which should have freight charges added to them. D: Use generalized audit software to select a monetary unit sample of invoices that have been billed to customers.

Answer Explanations
Answer (a) is incorrect. Discovery sampling would not be as comprehensive or as efficient as either of the computer audit techniques in answer (b). Answer (b) is the correct answer. The major concern is whether the computer program is properly calculating the freight charges. Test data or parallel simulation would allow a comprehensive test of the computer program at this one point in time and would provide more evidence than sampling procedures. Answer (c) is incorrect. Difference estimation is used to estimate the dollar amount of error in a population, not to discover whether such errors take place. The auditor is more interested in finding whether errors take place. Answer (d) is incorrect. A computer audit tool is used, but the basic technique is a monetary unit sample, which is designed to test the hypothesis of material errors in the account balance. The task cited is to determine whether such errors are occurring.

Question: V2C5-0025
If all other factors specified in an attributes-sampling plan remain constant, decreasing the confidence level from 95% to 90% would cause the required sample size to

Answers
A: Increase. B: Decrease. C: Change by 5%. D: Remain the same.

Answer Explanations
Answers (a) is incorrect. Lower confidence level allows smaller sample size. Answer (b) is the correct answer. Lower confidence level allows smaller sample size. Answer (c) is incorrect. The percentage change is not a corresponding percentonly a decrease. Answers (d) is incorrect. Lower confidence level allows smaller sample size.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 106 of 262

Question: V2C5-0026
In sampling applications, the standard deviation represents a measure of the

Answers
A: Expected error rate. B: Level of confidence desired. C: Degree of data variability. D: Extent of precision achieved.

Answer Explanations
Answer (a) is incorrect. Expected error rate is associated with attribute sampling and is not involved with the standard deviation. Answer (b) is incorrect. Confidence level is determined by auditor judgment. Answer (c) is the correct answer. Standard deviation is a measure of data (items) variability. Answer (d) is incorrect. Achieved precision in variables sampling is computed using the standard deviation.

Question: V2C5-0027
In preparing a sampling plan for an inventory-pricing test, which of the following describes an advantage of statistical sampling over nonstatistical sampling?

Answers
A: Requires nonquantitative expression of sample results. B: Provides a quantitative measure of sampling risk. C: Minimizes nonsampling risk. D: Reduces the level of tolerable error.

Answer Explanations
Answer (a) is incorrect. Statistical sampling provides quantified results. Answer (b) is the correct answer. Statistical sampling provides quantifiable risk and results. Answer (c) is incorrect. Nonsampling risk exists in statistical and nonstatistical sampling. Answer (d) is incorrect. Tolerable error is related to materiality and auditor judgment.

Question: V2C5-0028

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 107 of 262

An internal auditor wishes to determine whether the finished goods perpetual inventory records are being properly updated for completed production. To accomplish this, the auditor traces inventory quantity and cost records from production reports to perpetual inventory records, using an appropriate sample size based on a 95% confidence level, estimated error rate of 4%, and desired precision of 2%. If the error rate in the sample is, as expected, 4%, and 2,000 production reports were posted to perpetual inventory records during the year, the auditor can be 95% sure that the number incorrectly posted was

Answers
A: At least 100. B: At least 80. C: Between 60 and 140. D: Between 40 and 120.

Answer Explanations
Answer (a) is incorrect. This response (5% 2,000 items) confuses the confidence level with the estimated error rate. Answer (b) is incorrect. Although 80 (4% 2,000) is the best guess as to the number of errors, the actual number of errors will be fewer than 80 approximately as often as it exceeds 80 (indicated by the stated precision of 2%). Answer (c) is incorrect. This response (5% 2% 2,000 items) also confuses the confidence level with the estimated error rate. Answer (d) is the correct answer. There is a 95% probability that the number of errors is between 2% (4% 2%) and 6% (4% + 2%) of the population of 2,000 items.

Question: V2C5-0029
A company with 14,344 customers determines that the mean and median accounts receivable balances for the year are $15,412 and $10,382, respectively. From this information, the auditor can conclude that the distribution of the accounts receivable balances is continuous and

Answers
A: Negatively skewed. B: Positively skewed. C: Symmetrically skewed. D: Evenly distributed between the mean and median.

Answer Explanations
Answer (a) is incorrect because the mean is greater than the median and the distribution is continuous. Answer (b) is the correct answer. This answer is correct because the mean is greater than the median and the distribution is continuous. Answer (c) is incorrect. This answer would be correct for a continuous distribution when the mean, median, and

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 108 of 262

mode are equal. Answer (d) is incorrect. Distributions spread evenly between two values are uniform distributions.

Question: V2C5-0030
The following data relate to a variables-sampling application: x = $78.50, s = $13.00, sx = $1.00, confidence level = 90% (Z = 1.65). The achieved precision is equal to

Answers
A: $ 1.65 B: $21.45 C: $70.65 D: $80.15

Answer Explanations
Answer (a) is the correct answer. Achieved precision (A) = sxt ; A = $1.00 (1.65) = $1.65. Answer (b) is incorrect by definition. Answer (c) is incorrect by definition. Answer (d) is incorrect by definition.

Question: V2C5-0031
The measure of variability most useful in variables sampling is the

Answers
A: Median. B: Range. C: Standard deviation. D: Mean.

Answer Explanations
Answer (a) is incorrect. The median is a measure of central tendency. Answer (b) is incorrect. Although the range is a measure of variability, its use is considerably limited when compared to the standard deviation.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 109 of 262

Answer (c) is the correct answer. Use of the standard deviation enables an auditor to extend the results of a sample to the population. Answer (d) is incorrect. The mean is a measure of central tendency.

Question: V2C5-0032
The primary reason for an auditor to use statistical sampling is to

Answers
A: Obtain a smaller sample than would be required by nonstatistical sampling techniques. B: Obtain a sample more representative of the population than would be obtained by nonstatistical sampling techniques. C: Allow the auditor to quantify, and therefore control, the risk of making an incorrect decision based on sample evidence. D: Meet requirements of the IIA Standards.

Answer Explanations
Answer (a) is incorrect. Statistical sampling will not necessarily prescribe a smaller sample size than nonstatistical sampling techniques. It will, however, aid the auditor in designing an efficient sample. Answer (b) is incorrect. Statistical sampling does not guarantee that the sample obtained will be more representative than a sample selected by nonstatistical sampling techniques, only that the sampling risk can be quantified. Answer (c) is the correct answer. The primary difference between statistical and nonstatistical sampling is that statistical sampling allows sampling risk to be measured and thus controlled. Answer (d) is incorrect. The IIA Standards do not require statistical sampling. Both statistical and nonstatistical samples can provide sufficient evidential matter. The auditor chooses between them after considering their relative cost and effectiveness in the circumstances.

Question: V2C5-0033
During the audit of inventories, an internal auditor specified a precision of 5% instead of the 4% contained in the preliminary audit program. What would be the impact of the change in precision?

Answers
A: A decrease in population standard deviation. B: An increase in population standard deviation. C: A decrease in required sample size. D: An increase in required sample size.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 110 of 262

Answer Explanations
Answer (a) is incorrect. Population standard deviation is a factor of the variability of data only. Answer (b) is incorrect. Population standard deviation is a factor of the variability of data only. Answer (c) is the correct answer. Sample size is equal to (Standard deviation squared Confidence-level factor squared) / Desired precision squared. Answer (d) is incorrect because answer (c) is the correct answer. It was just reversed.

Question: V2C5-0034
Based on a random sample, it is estimated that 4%, plus or minus 2%, of a firms invoices contain errors. The plus or minus 2% is known as the estimates

Answers
A: Precision. B: Accuracy. C: Confidence level. D: Standard error.

Answer Explanations
Answer (a) is the correct answer. Precision refers to the maximum amount, stated at a certain confidence level, that we can expect the estimate from a single sample to deviate from the results obtained by applying the same measuring procedures to all the items in the population. Answer (b) is incorrect because it is not used in connection with sampling. Answer (c) is incorrect because it is a probability. Answer (d) is incorrect because it is too general.

Question: V2C5-0035
The measure of variability of a statistical sample that serves as an estimate of the population variability is the

Answers
A: Basic precision. B: Range. C: Standard deviation. D: Interval.

Answer Explanations

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 111 of 262

Answer (a) is incorrect. The variance is the square of the standard deviation, which is the measure of variability of a statistical sample that serves as an estimate of the population variability. Answer (b) is incorrect. The range is the difference between the largest and smallest values of a sample or population. Answer (c) is the correct answer. The standard deviation is the measure of variability of a statistical sample that serves as an estimate of the population variability. Answer (d) is incorrect. The interval is a set of numbers or observations that consists of all the numbers or observations between and including the end points.

Question: V2C5-0036
Internal auditors employ confidence levels in the context of audit sampling. In a given sample plan, the confidence level

Answers
A: Is a decision variable that the internal auditor specifies after considering the economic consequences of drawing the wrong conclusion as a result of sampling error. B: Is a characteristic of the audit population and is not under the direct control of the internal auditor. C: Is essentially a measure of the accuracy of the sample results obtained after the sample has been selected and tested. D: Is not normally specified before the sample size is determined. Rather it is computed once the sample has been selected and tested.

Answer Explanations
Answer (a) is the correct answer. Confidence level is the probability that an estimate based on a random sample falls within a specified range. Answer (b) is incorrect because confidence is a decision variable, not a population characteristic. Answer (c) is incorrect because precision, not confidence level, is a measure of accuracy. Answer (d) is incorrect because planned confidence must be specified before sample size can be computed.

Question: V2C5-0037
Internal auditors employ the concept of precision in audit sampling contexts. In this context, precision is

Answers
A: A characteristic of the population at hand and is not under the direct control of the auditor. B: A measure of the accuracy with which one has generated sample estimates. Desired precision must be established before the sample is obtained and evaluated. C: Evaluated independently of reliability in a given sample.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 112 of 262

D: Important for evaluating variables samples, but not attributes samples.

Answer Explanations
Answer (a) is incorrect because precision is under the auditors control. Answer (b) is the correct answer. Precision is the range into which an estimate of a population characteristic is expected to fall. Answer (c) is incorrect because precision and reliability are dependent on one another. Answer (d) is incorrect because precision applies to attribute samples as well.

Question: V2C5-0038
In audit sampling applications there are risks of Type I and Type II errors. These risks

Answers
A: Result directly from the chance that the sample obtained by the internal auditor is unrepresentative of the population. B: Can be decreased by using more reliable, albeit more expensive, audit procedures. C: Have a magnitude that is based only on the economic consequences of incorrect sample-based conclusions. D: Refer respectively to the risks that (1) internal controls will fail and (2) the resultant error will go undetected.

Answer Explanations
Answer (a) is the correct answer. Sampling risk results from the possibility that the sample might not be representative in this population. Answer (b) is incorrect because these errors refer to sampling risk, which is independent of the quality of audit procedures. Answer (c) is incorrect because these risks do not inherently depend on economic consequences. Answer (d) is incorrect because it deals with aspects of audit risk, a different concept.

Question: V2C5-0039
The size of a given audit sample is jointly a result of characteristics of the population of interest and decisions made by the internal auditor. Everything else being equal, sample size will

Answers
A: Increase if the internal auditor decides to accept more risk of incorrectly concluding that controls are effective when they are in fact ineffective. B: Double if the internal auditor finds that the variance of the population is twice as large as was

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 113 of 262

indicated in the pilot sample. C: Decrease if the internal auditor increases the amount of tolerable error. D: Increase as the risk of sampling error increases.

Answer Explanations
Answer (a) is incorrect. This decision will cause sample size to decrease. Answer (b) is incorrect. This will cause the sample size to more that double. Answer (c) is the correct answer. If tolerable error is increased, sample size will decrease. Answer (d) is incorrect. This would cause sample size to decrease.

Question: V2C5-0040
The auditor notes an unexpectedly weak correlation between lower interest rates and large mortgages closed and seeks an explanation for the rejection of most large mortgages. The auditor should

Answers
A: Take a judgment sample directed toward applications for large mortgages. B: Take a random sample of all mortgages closed. C: Develop a regression model to explain the relationship. D: Use linear programming to analyze allocation of funds.

Answer Explanations
Answer (a) is the correct answer. A directed nonstatistical (judgment) sample is desirable when reasons exist for focusing audit attention on specific transactions, as in this case for large mortgage applications. Answer (b) is incorrect. A random sample is inefficient in this case, and the population (mortgages closed) is inappropriate. Answer (c) is incorrect. A regression analysis would not explain the cause of the weak correlation. Answer (d) is incorrect. Linear programming to allocate the funds is irrelevant to the issue at hand.

Question: V2C5-0041
Assuming no change in sample standard deviation, how would sample size and achieved precision be affected by a change in confidence level from 95.5% to 99.7%?

Answers
A: Sample size would be smaller, but achieved precision would be larger. B: Sample size would be larger, but achieved precision would not change.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 114 of 262

C: Sample size would be smaller, but achieved precision would not change. D: Sample size would be larger, but achieved precision would be smaller.

Answer Explanations
Answers (a) is incorrect. Sample size would be larger and achieved precision would not change. Answer (b) is the correct answer. If all other factors remain constant, the sample size will increase to the size required to keep achieved precision constant. Answers (c) is incorrect. Sample size would be larger and achieved precision would not change. Answer (d) is incorrect because precision would not change. It is good to remember that sample size varies directly with changes in confidence level and inversely with changes in precision.

Question: V2C5-0042
In testing payroll transactions, an auditor discovers that 4 out of a statistical sample of 100 selected time cards were not signed by the appropriate supervisor. To evaluate the materiality or significance of this control deficiency, the auditor should

Answers
A: Compare the tolerable error rate with the expected error rate. B: Compute an upper precision limit and compare with the tolerable error. C: Evaluate the dollar amount of the 4 time cards in relation to the financial statements. D: Report the errors and let management assess the significance because they are in the best position to know.

Answer Explanations
Answer (a) is incorrect. Both the expected error rate and the tolerable error rate are known before sampling. Answer (b) is the correct answer. An upper precision limit can be calculated based on the size of the sample and the observed error rate. This should be compared with the maximum tolerable error. Answer (c) is incorrect. Any monetary errors discovered in the sample must first be extrapolated to the population before their materiality can be assessed. Answer (d) is incorrect. It is the responsibility of the auditor to determine the significance of detected errors.

Question: V2C5-0043
Each time an internal auditor draws a conclusion based on evidence drawn from a sample, an additional risk sampling riskis introduced. An example of sampling risk is

Answers
A: Projecting the results of sampling beyond the population tested.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 115 of 262

B: Using an improper audit procedure with a sample. C: Incorrectly applying an audit procedure to sample data. D: Drawing an erroneous conclusion from sample data.

Answer Explanations
Answer (a) is incorrect. Drawing a conclusion beyond the population tested is an example of a nonsampling error. Answer (b) is incorrect. Using an improper audit procedure is an example of nonsampling error. Answer (c) is incorrect. Incorrectly applying an audit procedure is another example of a nonsampling error. Answer (d) is the correct answer. Sampling error is the likelihood that sampled items do not reflect the population for which conclusions are made.

Question: V2C5-0044
A confidence level of 90% means that

Answers
A: The expected error rate is equal to 10%. B: The point estimate obtained is within 10% of the true population value. C: There are 90 chances out of 100 that the sample results will not vary from the true characteristics of the population by more than a specified amount. D: A larger sample size is required than if the desired confidence level were equal to 95%.

Answer Explanations
Answer (a) is incorrect. A confidence level of 90% does not necessarily mean that the expected error rate will be 10%. If it is, it is only by chance. Answer (b) is incorrect. A confidence level of 90% does not mean that any point estimate obtained is within 10% of the value of the true population value. Answer (c) is the correct answer. A confidence level of 90% does mean that 90 times out of 100, the sample results will not vary from the true characteristics of the whole population by more than a specified amount. Ten times out of 100 they will. Answer (d) is incorrect. A smaller sample size is required if the desired confidence level was equal to 95%.

Question: V2C5-0045
Internal auditing is conducting an operational audit of the organizations mailroom activities to determine whether the use of express mail service is limited to cases of necessity. To test cost-effectiveness, the auditor selects the 100 most recent express-mail transactions for review. A major limitation of such a sampling technique is that it

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 116 of 262

A: Does not allow a statistical generalization about all express-mail transactions. B: Results in a sample size that is too small to project to the population. C: Does not evaluate existing controls in this area. D: Does not describe the population from which it was drawn.

Answer Explanations
Answer (a) is the correct answer. Along with the inability to quantify sampling error, this is a major limitation of a judgmental sample. Answer (b) is incorrect because the sample size is not the reason for not being able to project; 100 might be enough. Answer (c) is incorrect because the auditor is testing for cost effectiveness. Answer (d) is incorrect because 100 might be enough.

Question: V2C5-0046
The supervisor of claims-processing department for a health insurance firm selects all claims processed in the past two days by a particular employee for audit. From this sample, the supervisor can develop

Answers
A: An overall representative view of employee work for the year. B: A quantification of sampling error. C: Conclusions about the correctness of processing for the department. D: Understanding of the details contained in the processing task.

Answer Explanations
Answer (a) is incorrect. It is not representative of the employees work for the whole year. Answer (b) is incorrect. This is a judgment sample. Answer (c) is incorrect. Conclusions for the whole department cannot be drawn. Answer (d) is the correct answer. Since the sample is highly limited due to selection of all claims processed in the past two days, the intention of the supervisor is to gain an understanding of the details of the work performed by a particular employee. Conclusions cannot be generalized.

Question: V2C5-0047
To audit invoices paid over the past year, an auditor selects the two busiest months, which account for 60% of invoices. Following a random start, every tenth invoice is chosen yielding a sample of 116 invoices. This sample may not be valid because it is not a

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 117 of 262

Answers
A: Representative sample. B: Random sample. C: Large enough sample. D: None of the above-sample is valid.

Answer Explanations
Answer (a) is the correct answer. The two busiest months may not be representative of the entire year. Answer (b) is incorrect. The sample is random. Answer (c) is incorrect. There is insufficient information to judge size.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0048
A sample of 100 items was taken from a population of 5,000 items. The mean value was $200 and the standard deviation was $30. The computed confidence interval for a 95% confidence level (Z=1.96) is

Answers
A: $970,600 to $1,029,400. B: $706,000 to $1,294,000. C: $996,733 to $1,003,267. D: $997,060 to $1,002,940.

Answer Explanations
Answer (a) is the correct answer. The computed precision is 1.96 30 5,000/10 = 29,400. This amount added to the population of 5,000 mean of $200 equals $1,000,000 plus $29,400 and minus $29,400. Answer (b) is incorrect. If the square root of the sample is incorrectly omitted, the computed precision is 1.96 30 5,000 = 294,000. Answer (c) is incorrect. If the standard deviation and the square root of the sample size are incorrectly reversed, the computed precision is 1.96 10 5,000/30 = 3,267. Answer (d) is incorrect. If the sample size is incorrectly used (not the square root), the computed precision is 1.96 30 5000/100 = 2,940.

Question: V2C5-0049
The probability that an estimate based on a random sample falls within a specified range is known as the

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 118 of 262

Answers
A: Error rate. B: Lower precision limit. C: Confidence level. D: Standard error of the mean.

Answer Explanations
Answer (a) is incorrect. The error rate is the proportion of incorrect items in a population. Answer (b) is incorrect. The lower limit is the bound below which a population value is not expected to fall at a specified confidence level. Answer (c) is the correct answer. The confidence level is the estimated probability that a value falls within the precision limits. Answer (d) is incorrect. The standard error of the mean is a value equal to the standard deviation divided by the square root of sample size.

Question: V2C5-0050
The range into which an estimate of a population characteristic is expected to fall at a stated confidence level is known as the

Answers
A: Precision. B: Measure of central tendency. C: Standard deviation. D: Sampling field.

Answer Explanations
Answer (a) is the correct answer. The precision is the range in which a population parameter is expected to fall, at a specified confidence level. Answer (b) is incorrect. The average or mean is an example of central tendency. Answer (c) is incorrect. Standard deviation is a measure of the variability of the data around the mean. Answer (d) is incorrect. The field is the population.

Question: V2C5-0051
One measure of the variability within a sample is the

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 119 of 262

Answers
A: Median. B: Standard error of the mean. C: Upper precision limit. D: Mean.

Answer Explanations
Answer (a) is incorrect. The median, a form of the average, is the central item in an array. Answer (b) is the correct answer. The standard error is a measure of the samples variability. It is computed by dividing sample standard deviation by the square root of sample size. Answer (c) is incorrect. The upper limit is the bound above which a population parameter is not expected to fall, at a specified confidence level. Answer (d) is incorrect. The mean, a form of the average, is the sum of the population values, divided by the number of units in the population.

Question: V2C5-0052
An internal auditor suspects that the invoices from a small number of vendors contain serious errors and therefore limits the sample to only those vendors. A major disadvantage of selecting such a directed sample of items to examine is the

Answers
A: Difficulty in obtaining sample items. B: Inability to quantify the sampling error related to the total population of vendor invoices. C: Absence of a normal distribution. D: Tendency to sample a greater number of units.

Answer Explanations
Answer (a) is incorrect. The stem of this question describes judgmental sampling. Judgmental sampling is often used to make sample selection easier. Answer (b) is the correct answer. Sampling error cannot be quantified if judgmental sampling is used. This makes the auditors conclusions difficult to defend. Answer (c) is incorrect. Judgmental sampling does not rely on any statistical concepts, including assumptions about the distribution of the population. Answer (d) is incorrect. An auditor who uses judgmental sampling often samples fewer units than a statistical plan would have specified.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 120 of 262

Question: V2C5-0053
An electronics manufacturer is planning to purchase a large quantity of computer chips, which are available at a bargain price. However, before doing so, it would like to know whether these chips are of sufficient quality. To determine the number of chips to be tested in order to estimate the quality of these computer chips, the manufacturer should use

Answers
A: Linear programming. B: Regression analysis. C: Queuing theory. D: Statistical sampling.

Answer Explanations
Answer (a) is incorrect. Linear programming is a mathematical technique for maximizing or minimizing a given objective subject to certain constraints. Answer (b) is incorrect. Regression analysis is a statistical procedure for estimating the relation between variables. Answer (c) is incorrect. Queuing theory is used to minimize the cost of waiting in line plus the cost of servicing waiting lines when items arrive randomly at a service point and are serviced sequentially. Answer (d) is the correct answer. Statistical sampling is a procedure for estimating the value of a population parameter of interest by examining only a few observations from the population.

Question: V2C5-0054
The fundamental difference between judgmental sampling and statistical sampling techniques is that

Answers
A: A nonrandom sample will be more representative of the population than a sample chosen by statistical sampling. B: Statistical sampling results in smaller sample sizes than judgmental sampling. C: Judgmental sampling does not permit sampling risk to be measured. D: Statistical sampling results in more accurate point estimates of the parameters than judgmental sampling.

Answer Explanations
Answer (a) is incorrect. Representativeness of population is the goal of all sampling. Judgmental and random (statistical) selection both attempt to achieve it. There is no general rule that judgmental will be better than statistical in obtaining it.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 121 of 262

Answer (b) is incorrect. Statistical sampling may or may not result in a smaller sample size than judgmental sampling. Answer (c) is the correct answer. The basic difference between judgmental and statistical sampling is that the sampling risk cannot be quantified in judgmental sampling because the behavior of the sample draw cannot be predicted in terms of the laws of the theory of probability. Answer (d) is incorrect. Judgmental sampling does not necessarily give less accurate point estimates.

Question: V2C5-0055
An auditor wishes to obtain substantive evidence concerning a divisions accounts receivable balances. The receivables are of four types. Type Number of accounts Balance per book Retail 3,800 $1,500,000 Commercial 875 6,700,000 Government agencies 34 900,000 Miscellaneous receivables 900 375,000 In which of the following instances would the auditor be precluded from using statistical inferences?

Answers
A: The auditor randomly selects 100 commercial accounts for confirmations. B: The auditor sends confirmations to 30 of the miscellaneous receivables customers. From a serial number of a dollar bill, the auditor takes the first two digits falling between 1 and 30 to determine the starting point and selects every 30th account to send confirmations. C: In examining the retail accounts, the auditor decides to confirm all accounts with a balance in excess of $2,000. This results in the selection of 87 accounts. The auditor, using simple random sampling, selects additional 23 accounts with balances less than $2,000 for confirmation. D: For the accounts with governmental agencies, the auditor decides not to send confirmations but to trace the accounts to subsequent cash collections. The auditor then selects the five largest accounts and from each selected account takes the first purchase transaction at least 60 days old to trace to subsequent collections.

Answer Explanations
Answer (a) is incorrect. Although the sample size is arbitrarily chosen, sampling risk can still be quantified since the sample items are selected according to the criteria of probability sampling. Answer (b) is incorrect. Here systematic selection with a random starting point is used. In practice, this is assumed to meet the criteria of probability sampling. Answer (c) is incorrect. Stratification is used here. The upper stratum is examined 100% and those in the lower stratum are randomly selected. Thus, the criteria of probability sampling are met. Answer (d) is the correct answer. The transactions chosen are judgmental. The selection or the transactions does not meet the criteria of probability sampling since all are not available for selection.

Question: V2C5-0056

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 122 of 262

Sampling risk refers to the possibility that

Answers
A: The auditor may use a less than optimal statistical method for the circumstances, for example, difference estimation instead of ratio estimation. B: The auditor may fail to recognize an error that is included in the sample. C: Even though a sample is properly chosen, it may not be representative of the population. D: The confidence level and/or precision established by the auditor are not appropriate.

Answer Explanations
Answer (a) is incorrect. This Answer may result in an inefficient or unnecessarily large sample, but it is not called sampling risk. Answer (b) is incorrect. Failure to recognize an error included in a sample is referred to as nonsampling risk. Answer (c) is the correct answer. This response gives the correct definition of sampling risk. It can be measured, and increasing sample size can reduce it. Answer (d) is incorrect. Confidence level and precision are a matter of auditor judgment; faulty judgment is not called sampling risk.

Question: V2C5-0057
An advantage of statistical over nonstatistical sampling is that statistical sampling

Answers
A: Enables auditors to objectively measure the reliability of their sample results. B: Permits use of a smaller sample size than would be necessary with nonstatistical sampling. C: Is compatible with a wider variety of sample selection methods than is nonstatistical sampling. D: Allows auditors to inject their subjective judgment in determining sample size and selection process in order to audit items of greatest value and highest risk.

Answer Explanations
Answer (a) is the correct answer. Statistical sampling enables auditors to compute the reliability (confidence) and precision of their sample results. Answer (b) is incorrect. While statistical sampling may sometimes result in a smaller sample than nonstatistical sampling, it may at other times require a larger sample. Answer (c) is incorrect. Statistical sampling requires use of a random sample. Nonstatistical sampling permits the use of nonrandom selection techniques, such as high-value and high-risk items. Answer (d) is incorrect. Statistical sampling results in an objective computation of sample size and, as stated above, requires a random rather than subjective selection technique.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 123 of 262

Question: V2C5-0058
An auditor is checking the accuracy of a computer-printed inventory listing to determine whether the total dollar value of inventory is significantly overstated. Because there is no time or resources to check all items in the warehouse, a sample of inventory items must be used. If the sample size were fixed, which one of the following would be the most accurate sampling approach in this case?

Answers
A: Select those items that are most easily inspected. B: Employ simple random sampling. C: Sample so that the probability of a given inventory item being selected is proportional to the number of units sold for that item. D: Sample so that the probability of a given inventory item being selected is proportional to its book value.

Answer Explanations
Answer (a) is incorrect. How easy it is to inspect an item has nothing necessarily to do with its value. Answer (b) is incorrect. The approach described in the answer (d) is more appropriate than simple random sampling. Answer (c) is incorrect. Although this approach is better than simple random sampling, items with high sales volumes may have low prices, and thus this method is not as good as that described in the answer (d). Answer (d) is the correct answer. Since the total dollar value is under study, the probability-in-proportion-to-size (book value) approach is most efficient here.

Question: V2C5-0059
A distinguishing characteristic of random number sample selection is that each

Answers
A: Item is selected from a stratum having minimum variability. B: Item's chance for selection is proportional to its dollar value. C: Item in the population has an equal chance of being selected. D: Stratum in the population has an equal number of items selected.

Answer Explanations
Answer (a) is incorrect. Stratifying the population is not required for random selection. Answer (b) is incorrect. Dollar values are not used in random selection. Answer (c) is the correct answer. Equal opportunity for selection is a feature of random selection.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 124 of 262

Answer (d) is incorrect. Stratifying the population is not required for random selection.

Question: V2C5-0060
Which one of the following statements is true regarding two random samples drawn in the same way from the same population, one of size 30 and one of size 300?

Answers
A: The two samples would have the same expected value. B: The larger sample is more likely to produce a large sample mean. C: The smaller sample will have a smaller 95% confidence interval for the mean. D: The smaller sample will, on the average, produce a lower estimate of the variance of the population.

Answer Explanations
Answer (a) is the correct answer. The expected value of a random sample of any size is equal to the population mean. Answer (b) is incorrect. The smaller sample is less reliable and is therefore more likely to produce unusually large (or small) sample means. Answer (c) is incorrect. The smaller sample is less reliable and therefore will have a wider 95% confidence interval. Answer (d) is incorrect. The variance is also a population parameter, and the expected value of the sample variance does not change with sample size.

Question: V2C5-0061
An auditor is conducting a survey of perceptions and beliefs of employees concerning an organization health care plan. The best approach to selecting a sample would be to

Answers
A: Focus on people who are likely to respond so that a larger sample can be obtained. B: Focus on managers and supervisors because they can also reflect the opinions of the people in their departments. C: Use stratified sampling where the strata are defined by marital and family status, age, and salaried/hourly status. D: Use monetary unit sampling according to employee salaries.

Answer Explanations

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 125 of 262

Answer (a) is incorrect. This convenience sample is likely to emphasize people with lots of time on their hands at the expense of key employees who are too busy with company work to respond. Answer (b) is incorrect. Managers and supervisors often do not have the same needs and perceptions as their subordinates and also often misperceive their views. Answer (c) is the correct answer. Because different employees probably have different situations, needs, and experiences, stratified sampling would best ensure that a representative sample would result. Answer (d) is incorrect. This approach would produce a disproportionate number of highly paid employees who may not have the same needs as lower-paid employees.

Question: V2C5-0062
An internal auditor uses a number of techniques to select samples. A frequently, and appropriately, used technique is random selection. In which of the following situations would random selection be least justified? The auditor needs to

Answers
A: Test sales transactions to determine that they were properly authorized and are supported by shipping documents. B: Confirm accounts receivable and has already selected the 10 largest accounts for confirmation. The remaining accounts are not numbered. The auditor only has a computer listing of the accounts in alphabetical order approximately 250 pages long with 50 account balances on every page. C: Obtain evidence on the proper sales cutoff by sampling items from the monthly sales journal to determine if the items were recorded in the correct time period. D: Test the perpetual inventory records to ensure that the sample covers the largest dollar value items in the account.

Answer Explanations
Answer (a) is incorrect. This is an ideal place to use random selection because it could provide evidence on the quality of processing throughout the year. Answer (b) is incorrect. This would be a very appropriate situation in which to use random selection. Individual account balances could be selected using dollar-unit (PPS) sampling or could be randomly selected by randomly selecting a page number and then selecting an account item (150) within each page. Answer (c) is the correct answer. This is the least justified situation to use random selection because the auditor is concerned that the monthly sales journal has been held open to record the next month sales. The auditor should select transactions from the latter part of the month and examine supporting evidence to determine if they were recorded in the proper time period. Answer (d) is incorrect. This is an ideal place to apply dollar-unit sampling to gain confidence about potential dollar misstatement of account balances.

Question: V2C5-0063
Systematic selection can be expected to produce a representative when

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 126 of 262

Answers
A: Random number tables are used to determine the items included in the sample. B: The population is arranged randomly with respect to the audit objective. C: The sample is determined using multiple random starts and includes more items than required. D: Judgmental sampling is used by the auditor to offset any sampling bias.

Answer Explanations
Answer (a) is incorrect. This is the description of a random selection procedure where each item in the population has an equal chance of being included in the sample. Answer (b) is the correct answer. Samples selected using a systematic sampling procedure and a random start will behave as if they were a random sample when the population is randomly ordered with respective to the audit objective. Sampling bias due to the systematic procedure will be small because the population items do not have a pattern with respect to the audit objective. Answer (c) is incorrect. The number of items in a sample is not relevant to the procedures used to select the specific items comprising the sample. The use of multiple random starts might increase the chance that a sample will behave randomly but only if the population is arranged randomly. Answer (d) is incorrect. Judgmental sampling will not increase the randomness of a sample but will introduce sampling bias into the sample. In fact, the use of any judgment by an internal auditor in determining which items are included in a sample increases the sampling bias.

Question: V2C5-0064
An internal auditor used regression analysis to evaluate the relationship between utility costs and machine hours. The following information was developed using a computer software program: Intercept Regression coefficient Correlation coefficient Standard error of the estimate Number of observations 2,050 .825 .800 200 36

What is the expected utility cost if the companys 10 machines will be used 2,400 hours next month?

Answers
A: $4,050 B: $4,030 C: $3,970 D: $3,930

Answer Explanations
Answer (a) is incorrect. $2,050 + 10(200) [incorrectly uses the standard error of the estimate].

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 127 of 262

Answer (b) is the correct answer. $2,050 + .825(2,400). Answer (c) is incorrect. [$2,050 + .825(2,400)] 100 [incorrectly uses the standard error of the estimate]. Answer (d) is incorrect. $2,050 + .800(2,400) [incorrectly uses the correlation coefficient instead of the regression coefficient].

Question: V2C5-0065
An internal auditor wants to select a statistically representative sample from a population of 475 inventory control sheets. Each sheet lists the description, physical count, bar code, and unit cost for 50 inventory items. The auditor uses a random number table to construct the sample; the first two columns are listed below. The randomly chosen starting point is 14326; the samples first item is found on page 143, line 26. (The route used by the auditor is down Column A to the top of Column B.) Column A 75233 14326 76562 28123 64227 80938 22539 29452 Where is the fifth item in the sample located? Column B 06852 42904 64854 04978 33150 04301 41240 69521

Answers
A: Page 809, line 38. B: Page 429, line 04. C: Page 331, line 50. D: Page 068, line 52.

Answer Explanations
Answer (a) is incorrect. This answer is the fifth random number but not the fifth usable number. For example, the random number following the starting point (14326) is 76562, which represents page 765, line 62. However, there are only 475 sheets and only 50 lines per sheet. Answer (b) is incorrect. This is the fourth usable number. Answer (c) is the correct answer. This is the fifth usable number. Answer (d) is incorrect. This is the fifth usable page number, but the line limitation is exceeded.

Question: V2C5-0066
The most appropriate methodology for drawing a sample from 3,000 time cards to check for signatures would be

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 128 of 262

A: Interval sampling. B: Cluster sampling. C: Stratified sampling. D: Variables sampling.

Answer Explanations
Answer (a) is the correct answer. This fits the definition. Answer (b) is incorrect. There are no clusters. Answer (c) is incorrect. There are no strata. Answer (d) is incorrect. It does not allow reliable estimates.

Question: V2C5-0067
A car rental agency has branches located throughout the world that are essentially small-scale representations of the entire population. What is the appropriate sampling method for determining the average net revenue per vehicle in inventory?

Answers
A: Stratified sampling. B: Cluster sampling. C: Attributes sampling. D: Systematic sampling.

Answer Explanations
Answer (a) is incorrect. Stratified sampling is used to give special emphasis to certain categories in the population. Skewed or unusual values are not indicated in this case. Answer (b) is the correct answer. In this case savings would occur because the auditor would not have to travel to all sight to draw a representative sample. Answer (c) is incorrect. Attribute sampling is not appropriate for estimating a variable such as dollar amount. Answer (d) is incorrect. Systematic (judgmental) sampling is not appropriate for projecting sample results to a population.

Question: V2C5-0068
In obtaining a sample for the purpose of reaching a conclusion about the population from which it is drawn, the internal auditor

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 129 of 262

A: Can statistically quantify the sample results only if the sample was selected in such a way that each population item has an equal or known probability of selection. B: Should use judgmental sampling and concentrate on high-risk items. C: Cannot use random sampling procedures unless the items to be sampled are available in machinereadable form. D: Will usually use random sampling with replacement.

Answer Explanations
Answer (a) is the correct answer. The only way to statistically evaluate a sample is if each item has an equal or known probability of selection. Answer (b) is incorrect. Judgment sampling is an unsatisfactory alternative for reaching conclusions about a population. Answer (c) is incorrect. Random sampling does not require machine-readable data. Answer (d) is incorrect. Sampling without replacement is normal.

Question: V2C5-0069
An auditor wishes to sample 200 sales receipts from a population of 5,000 receipts issued during the last year. The receipts have preprinted serial numbers and are arranged in chronological (and thus serial number) order. The auditor randomly chooses a receipt from the first 25 receipts and then selects every 25th receipt thereafter. The sampling procedure described here is called

Answers
A: Systematic random sampling. B: Dollar-unit sampling. C: Judgmental interval sampling. D: Variables sampling

Answer Explanations
Answer (a) is the correct answer. With systematic random sampling, every nth element is selected from the sample, with the starting point among the first n elements determined at random. Answer (b) is incorrect. With dollar-unit sampling, the probability of an item being chosen is directly proportionate to its dollar value. Answer (c) is incorrect. Judgmental interval sampling is a nonsense term, since interval sampling is a statistical, not judgmental, sampling approach. Answer (d) is incorrect. Variables sampling is a sampling methodology, not a sample selection method.

Question: V2C5-0070
file://C:\Program Files\Wiley\CIAExam\Print.htm 1/20/2010

Wiley CIA 2006 v1

Page 130 of 262

In a regional survey of suburban households to obtain data on television viewing habits, a statistical sample of suburban areas is first selected. Within the chosen areas, statistical samples of whole blocks are selected, and within the selected blocks, random samples of households are selected. This type of sample selection can best be described as

Answers
A: Attributes sampling. B: Stratified sampling. C: Cluster sampling. D: Interval sampling.

Answer Explanations
Answer (a) is incorrect. Attributes sampling describes a sampling model, not a selection technique. Answer (b) is incorrect. Stratified sampling separates the population into several strata with the elements in each stratum possessing some common attribute. The sample is then chosen using a statistical sampling approach. Answer (c) is the correct answer. Cluster sampling samples groups of items rather than individual items and is most appropriate when each aggregate sampling group is representative of the entire population. Answer (d) is incorrect. Interval sampling selects every nth item for sampling with a randomized starting point.

Question: V2C5-0071
An internal auditor with an international shipping company needs to sample shipping records over the past six months. To do so, the auditor draws a random sample for ships operating in the Mediterranean and a separate sample for those operating in the North Atlantic. This method of sampling is called

Answers
A: Cluster sampling. B: Haphazard. C: Interval sampling. D: Stratified sampling.

Answer Explanations
Answer (a) is incorrect. Not enough information is given, such as (1) sampling units are not defined and (2) stages are not defined. Answer (b) is incorrect since it is not a sampling term. Answer (c) is incorrect. Interval sampling involves taking every nth item from a total population. Answer (d) is the correct answer. Two strata are being usedMediterranean and North Atlantic.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 131 of 262

Question: V2C5-0072
A sample from a population of over 10,000 bills of lading is needed to estimate an error rate. Since a sample size of 250 will satisfy precision and confidence level needs, a sampling interval of 40 is chosen. For ease of implementation, the auditor randomly selects a number between 1 and 40, and then selects each succeeding 40th item. Which of the following is true?

Answers
A: The sample lacks randomness and will not be correct. B: Interval sampling is not an acceptable statistical method. C: If the population lacks bias, the sample is statistically valid. D: Interval sampling eliminates the use of auditor judgment.

Answer Explanations
Answer (a) is incorrect. The sample has a random start. Answer (b) is incorrect. Interval sampling, with a random start, is statistically valid. Answer (c) is the correct answer. If the population contains no systematic bias, interval sampling with a random start is valid. Answer (d) is incorrect. Auditor judgment is required when using statistical methods.

Question: V2C5-0073
An inventory listing consisting of approximately 2,050 unnumbered items is arranged by category, with 10 items in each category. Within each category, the most expensive (per unit) items are listed first. An auditor wishes to use an interval-sampling plan to select a representative sample of at least 100 items from this population. The best technique is to

Answers
A: Select a random number from 1 to 20 as the starting point and then select every 20th item, moving through the entire population. B: Select a random number from 1 to 15 as the starting point and then select every 15th item until he has 100 items. C: Select 7 random digits from 1 to 135 as the starting points and then select every 135th item per pass, moving through the entire population 7 times. D: Select the 50 largest items (i.e., extensions with the highest dollar amounts); then, excluding the 50 largest items already selected, select a random number from 1 to 37 as the starting point and select every 37th item, moving through the entire population.

Answer Explanations

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 132 of 262

Answer (a) is incorrect. Due to the pattern of this population, this technique could result in a sample consisting almost entirely of high-value items (starting numbers = 1, 2, 11, or 12) or low-value items (starting numbers = 8, 9, 18, or 19). Answer (b) is incorrect. The sample will be complete after he has moved through three-quarters of the population, so items in the last one-quarter/4 of the population will have zero chance of being selected. Answer (c) is the correct answer. The 7 different starting points, plus the fact that the sampling interval (135) is not an exact multiple of the population pattern interval (10), should result in a representative sample. Answer (d) is incorrect. This is a stratified sample. While it may be a desirable sampling procedure for some purposes, it might not constitute a representative sample, since the interval, 25, would result in every other item being a multiple of 10. Thus, 40 of the items could be from an extreme value.

Question: V2C5-0074
You are to audit the timeliness of the payment of vendor invoices based on a representative sample of checks written. The sample population consists of a total of 967 consecutively numbered checks that have been issued for accounts payable. The most appropriate method for drawing a sample of checks is

Answers
A: Cluster sampling. B: Interval sampling. C: Simple random sampling. D: Stratified sampling.

Answer Explanations
Answer (a) is incorrect. It may be misleading. Answer (b) is incorrect. It is not as good as answer (c). There may be a pattern in the way the checks were written. Answer (c) is the correct answer. It is easy to do since checks are numbered consecutively. Answer (d) is incorrect. There is no reason to stratify.

Question: V2C5-0075
You are to audit the timeliness of the payment of vendor invoices based on a representative sample of checks written. The sample population consists of a total of 967 consecutively numbered checks that have been issued for accounts payable. If you know that 40% of the checks were issued to a single vendor who offered unusually large cash discounts, the most appropriate method of sampling would be

Answers
A: Cluster sampling.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 133 of 262

B: Interval sampling. C: Simple random sampling. D: Stratified sampling.

Answer Explanations
Answer (a) is incorrect because there is no basis for this. Answer (b) is incorrect because it would not subdivide the population. Answer (c) is incorrect because it would not subdivide the population. Answer (d) is the correct answer. Two strata could be used, the single vendor and all others.

Question: V2C5-0076
An auditor using statistical sampling wishes to select a sample from an aged trial balance of 750 accounts receivable. There are no account numbers; the accounts are listed in alphabetical order by customer name. Account balances range from $50 to $10,000. Which of the following selection schemes is most likely to produce a random sample of 75 items? (In choices a. and b., you are to assume that the digit 3 was appropriately chosen from a random number table.)

Answers
A: Select all accounts in which the fourth digit to the left of the decimal point in the account balance (i.e. the thousands digit) is a "3." B: Select the 3rd account, then the 13th, 23rd, and so on, on through the 743rd. C: Select the 75 accounts with the largest total balances. D: Select the 50 accounts with the largest total balances plus the 25 accounts (other than those included in the first 50) with the largest past due balances.

Answer Explanations
Answer (a) is incorrect. This would provide only accounts with balances in the $3,000 to $3,999 range, and thus would not be representative of the population. Answer (b) is the correct answer. Since there appears to be no pattern in the sequencing of this population, use of interval sampling with a random start gives each account an equal chance of being selected and should provide an unbiased sample. Answer (c) is incorrect. While this scheme will provide the maximum dollar coverage, it is not random because large accounts have a greater chance of being selected than small accounts. Answer (d) is incorrect. This scheme may lead to the selection of accounts most likely to be in error or to invoice collection problems. However, it is not random because all accounts do not have an equal chance of being selected.

Question: V2C5-0077
To use stratified variables sampling to evaluate a large, heterogeneous inventory, an appropriate criterion for classi-

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 134 of 262

fying inventory items into strata is

Answers
A: Dollar values. B: Number of items. C: Turnover volume. D: Storage locations.

Answer Explanations
Answer (a) is the correct answer. In variables sampling, the objective is to estimate the dollar value of the inventory. Strata based on dollar values are the usual population characteristic. Answer (b) is incorrect. Dollar values are the usual characteristic to create strata in variables sampling, not number of items. Answer (c) is incorrect. Turnover volume could be a characteristic of interest in attribute sampling but not in variables sampling. Answer (d) is incorrect. Storage location is not a relevant characteristic when creating strata for variables sampling.

Question: V2C5-0078
Which of the following would not be appropriate if the auditor expects a built-in pattern in the population?

Answers
A: Dollar-unit sampling. B: Systematic sampling with multiple random starts. C: Cluster sampling. D: Stratifying the population in anticipation of the pattern.

Answer Explanations
Answer (a) is incorrect. Dollar-unit sampling includes a random start and a selection based on dollar value sampling increments. Answer (b) is incorrect. Multiple random starts overcome the existence of a pattern by using a number of different starting points. Answer (c) is the correct answer. Cluster sampling is a selection method resulting in contiguous sampling units and does not overcome patterns. Answer (d) is incorrect. Stratified sampling is dividing the population into two or more strata using the variability of values; recognizing a pattern in advance permits appropriate sampling techniques.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 135 of 262

Question: V2C5-0079
An auditor designed an attribute sample to test the effectiveness of a control procedure. The auditor designed the sample to achieve an upper precision limit of 4% at a confidence level of 95% with a 1% expected error rate. Based on those factors, the auditor selected 156 items and found three errors. The auditor can conclude that there is

Answers
A: At least a 95% chance that the error rate in the population exceeds 4%. B: At least a 95% chance that the error rate in the population is less than 4%. C: Less than a 95% chance that the error rate in the population is less than 4%. D: More than a 95% chance that the error rate in the population exceeds 1%.

Answer Explanations
Answer (a) is incorrect. The error rate may exceed 4%, but the probability that it does it less than 95%. Answer (b) is incorrect. The error rate may be less than 4%, but that probability is less than 95%. Answer (c) is the correct answer. The auditor knows this because the error rate in the sample was more than 1%. If the error rate was equal to 1%, the auditor would know that the probability was 95% that the error rate in the population was no higher than 4%. Answer (d) is incorrect. The error rate may be higher than 1%, but that probability is less than 95%.

Question: V2C5-0080
Which of the following must be known to evaluate the results of an attributes sample?

Answers
A: Estimated dollar value of the population. B: Standard deviation of the sample values. C: Actual size of the sample selected. D: Finite population correction factor.

Answer Explanations
Answer (a) is incorrect. Dollar values are irrelevant to attributes sampling. Answer (b) is incorrect. Standard deviation is irrelevant to attributes sampling. Answer (c) is the correct answer. Sample size is used to evaluate the actual occurrence rate. Answer (d) is incorrect. The finite population correction factor is used to adjust an initial computed sample size.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 136 of 262

Question: V2C5-0081
In evaluating an attribute sample, the range within which the estimate of the population characteristic is expected to fall is called the

Answers
A: Confidence level. B: Precision. C: Upper error limit. D: Expected error rate.

Answer Explanations
Answer (a) is incorrect. Confidence level is a measure of how reliable the auditor wants the sample results to be. Answer (b) is the correct answer. This is the definition of precision. Answer (c) is incorrect. Precision is the range between the lower and upper error limits. Answer (d) is incorrect. The expected error rate is a measure of how frequently the auditor expects the characteristic of interest to exist in the population prior to selecting and evaluating the sample.

Question: V2C5-0082
An auditor wishes to determine if the error rate on travel reimbursement claims is within the 5% tolerance level set by management. What sampling plan should the auditor use?

Answers
A: Variable sampling. B: Attributes sampling. C: Judgmental sampling. D: Dollar-unit sampling.

Answer Explanations
Answer (a) is incorrect. Variable sampling is used to estimate how much, such as total dollar amount or total weight. Answer (b) is the correct answer. Attribute sampling is used to estimate how many, such as the rate of erroneous claims. Answer (c) is incorrect. Judgmental sampling is not appropriate if inferences are to be made about a population. Answer (d) is incorrect. Dollar-unit sampling, like variable sampling, is used to estimate how much an account balance is in error.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 137 of 262

Question: V2C5-0083
A bank internal auditor wishes to determine if loans that were not funded were rejected using criteria consistent with that contained in bank policies. A lending officer initially processes all loan requests. Those that the officer deems appropriate to be funded are forwarded to the lending committee for its approval. The most efficient audit procedure to address this objective would be to

Answers
A: Select an attribute sample of loans not funded and review the loan applications and the reasons for rejecting them. B: Select an attribute sample of loans that were funded, review the loan applications, and determine if the funded loans complied with bank policies. C: Take a sample of all loan applications, review the applications, and trace them to either a funded or rejected loan to determine if all actions taken were consistent with bank policies. D: Take a sample of loans presented to the lending committee for approval and determine if committee actions taken were consistent with bank policies.

Answer Explanations
Answer (a) is the correct answer. This would be the most appropriate audit procedure because the audit objective only asks for a determination that rejected loans have been rejected for proper reasons. It is not concerned with approval of loans that should not have been made. Answer (b) is incorrect. This only provides information on loans that were funded. The concern is with loans that may have been inappropriately rejected. Answer (c) is incorrect. This is an excellent procedure to determine whether all the loans (both funded and unfunded) are being handled consistent with the stated policies and procedures. However, the audit objective only dealt with loans that were not funded; therefore, this procedure would cause the auditors to review more loans and would not be as efficient as the procedure noted in answer (a). Answer (d) is incorrect. This uses a sample of loans that were presented to the lending committee. It does not include loans that would have already been rejected by an individual lending officer.

Question: V2C5-0084
An auditor has taken an attribute sample of a banks existing loan portfolio. Out of a sample of sixty loans, the auditor finds Four that were not properly collateralized, Five that are not in compliance with bank policies (other than lack of collateralization), and Four that were part of a related-party group, but were set up as separate loan entities. Of the sixty loans selected in the sample, these errors were noted on a total of ten loans. Several loans had multiple problems. Which of the following conclusions can the auditor reach from these findings? I. There is sufficient evidence that fraudulent activity is taking place by one or more of the banks lending officers. II. The financial statements will be misstated as a result of these actions. III. There are significant noncompliance audit findings that should be reported.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 138 of 262

Answers
A: I and II. B: I and III. C: II and III. D: III only.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (d) is the correct answer. These are significant audit findings (item III). Item I is incorrect. Although these findings are significant audit findings, there is not sufficient evidence to conclude fraudulent activity on the part of the banks lending officers. There must be intent to deceive for some personal gain to infer fraud. Item II is incorrect. The financial statements will not necessarily be incorrect as long as the bank can determine that the loans receivable are properly classified as to term and are carried at their net realizable value.

Question: V2C5-0085
In selecting a sample of items for attributes testing, an auditor must consider the confidence level factor, the desired precision, and the

Answers
A: Recorded dollar value of the population. B: Sampling interval. C: Expected occurrence rate. D: Standard deviation in the population.

Answer Explanations
Answer (a) is incorrect. The dollar value of the population relates to a variable often involved in sample selection when testing for variables. Answer (b) is incorrect. The sampling interval is used in monetary-unit sampling to select items based on monetary-unit value distributions. Answer (c) is the correct answer. The expected occurrence rate is one necessary factor in selecting samples for attributes sampling. Answer (d) is incorrect. The standard deviation is not a variable having relevance when selecting samples for attributes sampling.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 139 of 262

Question: V2C5-0086
An auditor is planning to use attributes sampling to test the effectiveness of a specific internal control related to approvals for cash disbursements. In attributes sampling, decreasing the estimated occurrence rate from 5% to 4% while keeping all other sample size planning factors exactly the same would result in a revised sample size which would be

Answers
A: Larger. B: Smaller. C: Unchanged. D: Indeterminate.

Answer Explanations
Answer (a) is incorrect because a smaller estimated occurrence rate results in a smaller sample size when all other factors are the same. Answer (b) is the correct answer. A smaller estimated occurrence rate results in a smaller sample size when all other factors are the same. Answer (c) is incorrect because a smaller estimated occurrence rate results in a smaller sample size when all other factors are the same. Answer (d) is incorrect because a smaller estimated occurrence rate results in a smaller sample size when all other factors are the same.

Question: V2C5-0087
If all other sample size planning factors were exactly the same in attributes sampling, changing the confidence level from 95% to 90% and changing the desired precision from 2% to 5% would result in a revised sample size which would be

Answers
A: Larger. B: Smaller. C: Unchanged. D: Indeterminate.

Answer Explanations
Answer (a) is incorrect because a lower confidence level and a less rigorous precision allow a smaller sample with other factors constant.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 140 of 262

Answer (b) is the correct answer. A lower confidence level and a less rigorous precision allow a smaller sample with other factors constant. Answer (c) is incorrect because a lower confidence level and a less rigorous precision allow a smaller sample with other factors constant. Answer (d) is incorrect because a lower confidence level and a less rigorous precision allow a smaller sample with other factors constant.

Question: V2C5-0088
Which of the following must be known to evaluate the results of an attribute sample?

Answers
A: Estimated dollar value of the population. B: Standard deviation of the sample values. C: Actual size of the sample selected. D: Finite population correction factor.

Answer Explanations
Answer (a) is incorrect. Dollar values are irrelevant to attribute sampling. Answer (b) is incorrect. Standard deviation is irrelevant to attribute sampling. Answer (c) is the correct answer. Sample size is used to evaluate the actual occurrence rate. Answer (d) is incorrect. The finite population correction factor is used to adjust an initial computed sample size.

Question: V2C5-0089
An auditor has to make a number of decisions when using attribute sampling. The term efficiency is used to describe anything that affects sample size. The term effectiveness is used to describe the likelihood that the statistical sample result will be a more accurate estimate of the true population error rate. Assume an auditor expects a control procedure failure rate of 0.5%. The auditor is making a decision on whether to use a 90% or a 95% confidence level and whether to set the tolerable control failure rate at 3% or 4%. Which of the following statements regarding efficiency and effectiveness of an attribute sample is true?

Answers
A: Decreasing the confidence level to 90% and decreasing the tolerable control failure rate to 3% will result in both increased efficiency and effectiveness. B: Decreasing the tolerable failure rate from 4% to 3% will increase audit efficiency. C: Increasing the confidence level to 95% and decreasing the tolerable control failure rate to 3% will increase audit effectiveness. D: Increasing the confidence level to 95% will increase audit efficiency.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 141 of 262

Answer Explanations
Answer (a) is incorrect. Decreasing the confidence level results in a decrease in effectiveness, while decreasing the tolerable failure rate results in a decrease in efficiency. Answer (b) is incorrect. Decreasing the tolerable failure rate will result in a larger sample size, resulting in a decrease in efficiency as defined in the problem. Answer (c) is the correct answer. Increasing the confidence level and decreasing the tolerable failure rate will result in a much larger sample size and will give the auditor a more precise estimate of the population parameters. Answer (d) is incorrect. Increasing the confidence level results in a larger sample size, which decreases audit efficiency.

Question: V2C5-0090
An auditor is testing on a companys large, normally distributed accounts receivable file. The objectives of the audit are to test end-of-period dollar balances and accounts receivable posting exception (error) rates. The expected population exception rate is 3% for the accounts receivable posting processes. If the auditor has established a 5% tolerable rate, the auditor would use which sampling plan for testing the actual exception rate?

Answers
A: Difference or mean per unit estimation. B: Discovery. C: Stratified. D: Attribute.

Answer Explanations
Answer (a) is incorrect. Difference or mean estimation is used when sampling for dollar values. Answer (b) is incorrect. Discovery is only used when exception rates are expected to be very low. Answer (c) is incorrect. Stratified sampling arranges populations for more efficient sampling. Answer (d) is the correct answer. Attribute sampling is used to reach conclusions about exception occurrence rates in populations.

Question: V2C5-0091
An auditor is testing on a companys large, normally distributed accounts receivable file. The objectives of the audit are to test end-of-period dollar balances and accounts receivable posting exception (error) rates. To test the accounts receivable file to compute an estimated dollar total, the auditor could use any one of the following sampling techniques except:

Answers
A: Difference or ratio estimation.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 142 of 262

B: Unstratified mean-per-unit estimation. C: Probability proportional to size. D: Attribute.

Answer Explanations
Answer (a) is incorrect. Difference or ratio estimation can be used to estimate population dollar values. Answer (b) is incorrect. Mean-per-unit estimation can be used to estimate population dollar values. Answer (c) is incorrect. Probability-proportional-to-size (PPS) can be used for estimating population dollar values. Answer (d) is the correct answer. Attribute sampling does not involve dollar-balance estimation.

Question: V2C5-0092
An auditor is testing on a companys large, normally distributed accounts receivable file. The objectives of the audit are to test end-of-period dollar balances and accounts receivable posting exception (error) rates. The accounts receivable file contains a large number of small dollar balances and a small number of large dollar balances and the auditor expects to find numerous errors in the account balances. The most appropriate sampling technique to estimate the dollar amount of errors would be

Answers
A: Difference or ratio estimation. B: Unstratified mean-per-unit. C: Probability proportional to size. D: Attribute.

Answer Explanations
Answer (a) is the correct answer. Difference or ratio estimation is used when estimating dollar amounts of errors for normally distributed populations. Answer (b) is incorrect. Mean-per-unit estimation is used to project a total dollar value for a population, but would be inappropriate since there are a large number of small balance account errors. Answer (c) is incorrect. Probability-proportional-to-size (PPS) is used for estimating dollar values of errors when the expected error frequency is low. Answer (d) is incorrect. Attribute sampling does not involve dollar-balance estimation.

Question: V2C5-0093
An internal auditor planning an attribute sample from a large number of invoices must estimate the tolerable error. Which factor below is the most important for the auditor to consider?

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 143 of 262

A: Audit objective. B: Population size. C: Desired confidence level. D: Population variance.

Answer Explanations
Answer (a) is the correct answer. Tolerable error is the specified precision or the maximum sampling error that will still permit the results to be useful. Since the precision is under the control of the auditor, the audit objective is the most important factor to be considered. Answer (b) is incorrect. Knowing the population is large is sufficient. Answer (c) is incorrect. This factor is independent of precision. Answer (d) is incorrect. It is a consideration but not the most important one.

Question: V2C5-0094
To use stratified sampling to evaluate a large, heterogeneous inventory, which of the following would least likely be used as criteria to classify inventory items into strata?

Answers
A: Dollar values. B: Number of items. C: Turnover volume. D: Storage locations.

Answer Explanations
Answer (a) is incorrect. The extent of risk of misstatement is associated with the dollar values of inventory items. Answer (b) is the correct answer. The number of items is not generally associated with the risk of misstatement. Answer (c) is incorrect. Turnover volume could be associated with the risk of misstatement of the items. Answer (d) is incorrect. Storage location may be associated with the risk of misstatement of the items.

Question: V2C5-0095
Using company policies to establish when approval is needed, an auditor has sampled accounts receivable balances exceeding $1,000 to determine whether the credit department is requiring a credit check for credit sales when appropriate. This is an example of

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 144 of 262

A: Dollar-unit sampling. B: Mean-per-unit sampling. C: Attributes sampling. D: Variables sampling.

Answer Explanations
Answer (a) is incorrect. Dollar-unit sampling is used to estimate dollar amounts. Answer (b) is incorrect. Mean-per-unit sampling is used to estimate dollar amounts. Answer (c) is the correct answer. Attributes sampling typically involve tests of the effectiveness of controls. Answer (d) is incorrect. Variables sampling describes methods used to estimate dollar amounts. The report should be made to management and coordinated with the external auditor.

Question: V2C5-0096
An audit of accounts payable was made to determine if the error rate was within the stated policy of 0.5%. One hundred of the 10,000 accounts payable transactions were randomly selected using a 95% confidence level. No errors were found. With 95% certainty, one can conclude that the sample results

Answers
A: Indicate another sample is needed. B: Prove there are no errors in accounts payable. C: Indicate the null hypothesis is false. D: Fail to prove the error rate is above 0.5%.

Answer Explanations
Answer (a) is incorrect. The sample is adequate. Answer (b) is incorrect. No sample could prove this. Answer (c) is incorrect. Null hypothesis is Error Rate <= 0.5% Answer (d) is the correct answer. This is the definition of 95% confidence level.

Question: V2C5-0097
What is the chief advantage of stop-or-go sampling?

Answers
A: The error rate in the population can be projected to within certain precision limits.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 145 of 262

B: It may reduce the size of the sample that needs to be taken from a population, thus reducing sampling costs. C: It allows sampling analysis to be performed on populations that are not homogeneous. D: It allows the sampler to increase the confidence limits of his analysis without sacrificing precision.

Answer Explanations
Answer (a) is incorrect. Only upper precision limits and statements are made. Answer (b) is the correct answer. Stop-or-go sampling helps prevent oversampling for attributes by permitting the sampler to halt an audit test at the earliest possible moment. Answer (c) is incorrect. The populations must be homogeneous in all attribute-sampling plans. Answer (d) is incorrect. An increase in the confidence limits will result in a loss of precision (assuming contact sample size).

Question: V2C5-0098
A statistical sampling technique which will minimize sample size whenever a low rate of noncompliance is expected is called

Answers
A: Ratio-estimation sampling. B: Difference-estimation sampling. C: Stratified mean-per-unit sampling. D: Stop-or-go sampling.

Answer Explanations
Answer (a) is incorrect. Rate of noncompliance is not applicable to ratio-estimation sampling (a variables-sampling technique). Answer (b) is incorrect. Difference-estimation sampling is used when we want to obtain a corrected estimate of a previously stated book value (a variables-sampling technique). Answer (c) is incorrect. Stratified mean-per-unit sampling is used in substantive testing (a variables-sampling technique). Answer (d) is the correct answer. The stop-or-go sampling technique will yield a smaller sample size if the error rate is low. It is also the only technique listed that is applicable to estimates of rate of compliance (attributes sampling).

Question: V2C5-0099
In order to estimate the value of 2,500 accounts receivable outstanding, the best sampling method would be

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 146 of 262

A: Variables estimation. B: Stop-and-go sampling. C: Cluster sampling. D: Attributes estimation.

Answer Explanations
Answer (a) is the correct answer. Variables sampling method is good for estimating the dollar value. Answer (b) is incorrect. It is an inappropriate plan for drawing samples. Answer (c) is incorrect. It is an inappropriate plan for drawing samples. Answer (d) is incorrect. It is for estimating discrete characteristics, not values.

Question: V2C5-0100
In selecting a sample of items for variables testing, an auditor must consider the desired precision, the standard deviation, and the

Answers
A: Recorded dollar value of the population. B: Acceptable risk level. C: Expected occurrence rate. D: Sampling interval.

Answer Explanations
Answer (a) is incorrect. The recorded dollar value is not needed for variables testing. Answer (b) is the correct answer. Risk level is a necessary criterion to include in the sample selection process for variables. Answer (c) is incorrect. The expected occurrence rate is not a criterion in sample selection for variables. Answer (d) is incorrect. The sampling (skip) interval is the monetary-unit interval when selecting samples using monetary-unit sampling.

Question: V2C5-0101
In a variable-sampling application, if the achieved dollar precision range of the statistical sample at a given confidence level is greater than the desired dollar precision range, this is an indication that the

Answers
A: Occurrence rate was smaller than expected.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 147 of 262

B: Occurrence rate was greater than expected. C: Standard deviation was less than expected. D: Standard deviation was greater than expected.

Answer Explanations
Answer (a) is incorrect. Occurrence rate is irrelevant for computing achieved precision. Answer (b) is incorrect. Occurrence rate is irrelevant for computing achieved precision. Answer (c) is incorrect. A lower actual variability would result in achieved precision being lower than desired precision. Answer (d) is the correct answer. Standard deviation (variability) directly affects the computed precision.

Question: V2C5-0102
In a variables-sampling application, which of the following factors will vary directly with a change in confidence level from 90 to 95%?

Answers
A: Standard error of the mean. B: Nonsampling error. C: Achieved precision. D: Point estimate of the arithmetic mean.

Answer Explanations
Answer (a) is incorrect. The standard error of the mean is dependent on only the standard deviation and sample size. Answer (b) is incorrect. Nonsampling error is not variable according to sampling criteria; it is the result of such as misclassifications. Answer (c) is the correct answer. Achieved precision (sampling error) is equal to the confidence level factor times the standard error of the mean. Answer (d) is incorrect. The point estimate of the sample mean does not include a confidence interval.

Question: V2C5-0103
In determining the sample size for variables sampling, the internal auditor requires some knowledge of the variability of the population. In obtaining this preliminary information the internal auditor

Answers
A: Can seldom rely on the results of prior years' sample results since they pertain only to the prior years'

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 148 of 262

populations. B: Frequently takes a convenience pilot sample of 30 to 50 items and use this to estimate the variability of the population. C: Frequently takes a random pilot sample of 30 to 50 items, applies audit tests to these items, and uses the variability in these items to estimate the variability in the population of audit values. The pilot sample is then discarded and the real sample is taken from the remaining population. D: Will frequently take a random pilot sample of 30 to 50 items, compute the range in this sample, and use this range as an estimate of the population variability for purposes of computing sample size.

Answer Explanations
Answer (a) is incorrect. This is a common practice. Answer (b) is the correct answer. Pilot samples are often used to estimate variability. Answer (c) is incorrect. It would be inefficient to disregard the audit evidence found in the pilot sample. Answer (d) is incorrect. The sample range is not the correct measure of variability for this purpose.

Question: V2C5-0104
An internal auditor wishes to estimate the number of units in a certain class of inventory without counting each one. Which of the following sample plans would be appropriate?

Answers
A: Attributes. B: Discovery. C: Stop-or-go. D: Variables.

Answer Explanations
Answer (a) is incorrect. Attri-bute sampling is for compliance testing. It calls for yes-or-no, right-or-wrong answers. The range of values is limited to 0 through 1. Answer (b) is incorrect. Discovery sampling is used when the internal auditor suspects a gross error or fraud. The plan seeks to select a sample just large enough to include one example of the error or irregularity a specified percentage of the time. Answer (c) is incorrect. Stop-or-go sampling is an attribute-sampling plan. Answer (d) is the correct answer. Variables sampling is used for substantive testing. It allows the verification of values whose range lies between positive and negative infinity.

Question: V2C5-0105

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 149 of 262

Ratio estimation sampling would be inappropriate to use to project the dollar error in a population if

Answers
A: The recorded book values and audited values are approximately proportional. B: A number of observed differences exist between book values and audited values. C: Observed differences between book values and audited values are proportional to book values. D: Subsidiary ledger book balances for some inventory items are unknown.

Answer Explanations
Answer (a) is incorrect. Proportional relationships tend to support the use of ratio estimation. Answer (b) is incorrect. A minimum number of differences must be present to validly use ratio estimation. Answer (c) is incorrect. Ratio estimation is supported by proportional differences. Answer (d) is the correct answer. Individual item amounts must be known to use ratio estimation.

Question: V2C5-0106
The auditor wishes to sample the perpetual inventory records to develop an estimate of the dollar amount of misstatement, if any, in the account balance. The account balance is made up of a large number of small value items and a small number of large value items. The auditor has decided to audit all items over $50,000 plus a random selection of others. This audit decision is made because the auditor expects to find a large amount of errors in the perpetual inventory records, but is not sure that it will be enough to justify taking a complete physical inventory. The auditor expects the errors to vary directly with the value recorded in the perpetual records. The most efficient sampling procedure to accomplish the auditors objectives would be

Answers
A: Dollar-unit sampling. B: Ratio estimation. C: Attribute sampling. D: Stratified mean-per-unit sampling.

Answer Explanations
Answer (a) is incorrect. Dollar-unit sampling becomes less accurate when a large number of errors are expected. Answer (b) is the correct answer. Ratio estimation is the most efficient sampling methodology because the auditor expects a large number of errors and expects the errors to vary directly with size of the account balance on the perpetual record. Answer (c) is incorrect. Attribute sampling is not used to estimate a dollar amount. Answer (d) is incorrect. Stratified mean-per-unit sampling could be used, but it is not as efficient as ratio estimation when a large number of errors are expected in the account balance.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 150 of 262

Question: V2C5-0107
Difference estimation sampling would be appropriate to use to project the dollar error in a population if

Answers
A: Subsidiary ledger book balances for some individual inventory items are unknown. B: Virtually no differences between the individual book values and the audited values exist. C: A number of nonproportional differences between book values and audited values exist. D: Observed differences between book values and audited values are proportional to book values.

Answer Explanations
Answer (a) is incorrect. Individual item amounts must be known to use difference estimation. Answer (b) is incorrect. There must be sufficient errors in the population to generate a reliable sample estimate. Answer (c) is the correct answer. There must be a sufficient number of nonproportional errors to generate a reliable sample estimate. Answer (d) is incorrect. Ratio estimation is supported by proportional differences.

Question: V2C5-0108
An internal auditor is interested in the processing accuracy of a sales invoice preparation system. The monetary amount of individual invoices is highly variable. The internal auditor has sound reasons for believing that the error rate in invoice processing is between 3% and 10% but has no idea of the monetary magnitude of the errors. In evaluating which specific approach to variables sampling to employ, the internal auditor should be aware that

Answers
A: Since the error magnitude is uncertain, a stratified mean per unit estimator will perform poorly in this case. B: With error rates in this range, there is little advantage to stratifying the population. C: Either a difference estimator or a ratio estimator will be more efficient than an unstratified mean per unit estimator in this case. D: Neither a difference or ratio estimator is practical in this case unless an audit value and a book value exist for each item in the population.

Answer Explanations
Answer (a) is incorrect because the stratified mean per unit would work here. The error magnitude is unimportant. Answer (b) is incorrect because the advantage of stratification is not dependent on error rates. Answer (c) is the correct answer. Ratio or difference estimates would be more efficient in this situation. Answer (d) is incorrect because these estimators do not require an audit value for every item in the population. If

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 151 of 262

such values were available, there would be no need to sample at all.

Question: V2C5-0109
An auditor randomly selects 100 items of finished goods perpetual inventory, physically counts them, and computes an audited value for each (calculated as quantity times unit cost per production reports). The internal auditor then compares the audited value with the book value (inventory cost per perpetual inventory records) and uses difference estimation to estimate the correct total for the finished goods inventory. Results of the 100-item sample are as follows: Total audited value Total book value (of these 100 items) Number of items incorrectly stated (out of 100) $605,000 $630,000 17

The total book value of the entire finished goods inventory (1,100 items) is $6,988,000. On the basis of difference estimation, the auditors best guess (point estimate) as to the correct total is

Answers
A: $6,655,000 B: $6,713,000 C: $6,963,000 D: $7,263,000

Answer Explanations
Answer (a) is incorrect. This answer (1,100 items the average audited value of $6,050 per item) is based on mean-per-unit estimation, not difference estimation. Answer (b) is the correct answer. The average overstatement error in the sample is $250 per item ($630,000 $605,000 / 100 items). Thus the projected overstatement is $275,000 (1,100 items $250), and the estimated total is $6,988,000 minus $275,000. Answer (c) is incorrect. This response was obtained by subtracting the $25,000 total sample overstatement from the book value. As explained above, it is the projected overstatement that must be subtracted. Answer (d) is incorrect. This is the book value plus the projected overstatement. Since the difference is an overstatement, it must be subtracted from, not added to, the book value.

Question: V2C5-0110
Using mean-per-unit sampling to estimate the value of inventory, an auditor had the following results: Projected inventory value Confidence level Confidence interval Standard error (Standard error = standard deviation/ square root of sample size) $3,000,000 95% $2,800,000 to $3,200,000 $100,000

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 152 of 262

Z value (approximately) Precision The recorded value of inventory was $3,075,000. Which of the following is a logical conclusion from the sample?

2.0 $200,000

Answers
A: There is a 95% chance that the misstatement of inventory is less than $100,000. B: There is a 5% chance that $200,000 or more misstates the inventory amount. C: Inventory is materially misstated. D: There is a 2.5% chance that the inventory amount is greater than $3,200,000.

Answer Explanations
Answer (a) is incorrect. This conclusion is not supported by the facts given. There is, however, a 95% chance that the true value of inventory is more than $2,800,000 and less than $3,200,000. Answer (b) is incorrect. This conclusion is also not supported by the facts given in the problem. Instead, there is a 5% chance that the true value of inventory is more than $3,200,000 or less $2,800,000. Answer (c) is incorrect. It is not possible to conclude from the information given that inventory is materially misstated. Answer (d) is the correct answer. This is a valid statement about the confidence interval. There is also a 2.5% chance that inventory is less than $2,800,000. There is a 95% chance that the true inventory value falls between $2,800,000 and $3,200,000.

Question: V2C5-0111
Using mean-per-unit sampling to estimate the value of inventory, an auditor had the following results: Projected inventory value Confidence level Confidence interval Standard error (Standard error = standard deviation/ square root of sample size) Z value (approximately) Precision The recorded value of inventory was $3,075,000. Which of the following changes would result in a narrower confidence interval? $3,000,000 95% $2,800,000 to $3,200,000 $100,000

2.0 $200,000

Answers
A: An increase in the confidence level from 95 to 99%. B: A decrease in the confidence level from 95 to 90%.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 153 of 262

C: A decrease in the allowable risk of incorrect acceptance. D: An increase in the precision.

Answer Explanations
Answer (a) is incorrect. Increasing the confidence level would result in a wider confidence interval. Answer (b) is the correct answer. The confidence interval = mean Z value standard error. Decreasing the confidence level would decrease the Z value and that would result in a smaller confidence interval. Answer (c) is incorrect. Decreasing the allowable risk of incorrect acceptance would increase the confidence level, which would result in a wider confidence interval. Answer (d) is incorrect. Increasing the precision would make the confidence interval wider.

Question: V2C5-0112
Using mean-per-unit sampling to estimate the value of inventory, an auditor had the following results: Projected inventory value Confidence level Confidence interval Standard error (Standard error = standard deviation/ square root of sample size) Z value (approximately) Precision The recorded value of inventory was $3,075,000. The standard error of $100,000 reflects $3,000,000 95% $2,800,000 to $3,200,000 $100,000

2.0 $200,000

Answers
A: The projected population error based on errors in the sample. B: The average rate of error in the sample. C: The degree of variation in the dollar amount of sample items. D: The error in the population that the auditor can accept.

Answer Explanations
Answer (a) is incorrect. The standard error is not a projection of error in the population. Answer (b) is incorrect. The standard error is not a measurement of the errors in the sample. Answer (c) is the correct answer. The standard error is a function of the standard deviation, which is a measurement of the average variation from the mean of the sample. The standard error is used to compute precision and the confidence interval. The larger the standard error, the wider the interval. Answer (d) is incorrect. The amount of error that the auditor would be willing to accept (the tolerable error) is the auditors decision; it is not the result of a statistical calculation. The amount of tolerable error has no effect on the standard error.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 154 of 262

Question: V2C5-0113
Using mean-per-unit sampling to estimate the value of inventory, an auditor had the following results: Projected inventory value Confidence level Confidence interval Standard error (Standard error = standard deviation/ square root of sample size) Z value (approximately) Precision The recorded value of inventory was $3,075,000. If the auditor had used nonstatistical sampling instead of statistical sampling, which of the following would be true? $3,000,000 95% $2,800,000 to $3,200,000 $100,000

2.0 $200,000

Answers
A: The confidence level could not be quantified. B: The precision would be larger. C: The projected value of inventory would be less reliable. D: The risk of incorrect acceptance would be higher.

Answer Explanations
Answer (a) is the correct answer. Statistical sampling enables an auditor to quantify the confidence level or the sampling risk. Nonstatistical sampling does not. Answer (b) is incorrect. Unless the auditor uses statistical sampling, the auditor would not be able to quantify precision. Answer (c) is incorrect. The value of inventory could not be projected when nonstatistical sampling is used. Answer (d) is incorrect. The risk of incorrect acceptance could not be quantified when nonstatistical sampling is used.

Question: V2C5-0114
The auditor is performing a test to determine whether the gas and electric appliance company should move its service center from one location to another. The service center houses the service trucks that are used to drive to the customers locations to service their appliances. The auditor wants to determine the reduction in average miles driven as a result of moving to the other location. Which of the following statistical sampling methods would be most appropriate for this test?

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 155 of 262

A: Attribute sampling. B: Discovery sampling. C: Probability proportional to size (dollar-unit) sampling. D: Mean-per-unit sampling.

Answer Explanations
Answer (a) is incorrect. Attribute sampling will not produce a quantitative value. Answer (b) is incorrect. Discovery sampling is used to uncover an attribute that exists in the population with a low rate of occurrence, not to estimate a variable. Answer (c) is incorrect. Individual book values adding up to a total book value is required for this method to be used. Answer (d) is the correct answer. This is the only statistical sampling method designed to estimate a variable for which there are not available individual book values making up the value of a population.

Question: V2C5-0115
An auditor is designing stratified, mean-per-unit variables sampling plan. To which one of the following strata should the auditor allocate the largest proportion of the overall sample size? Number of items 2,000 2,250 3,000 3,100 Expected mean $100 $200 $80 $150 Expected standard deviation $9 $4 $2 $1 Total dollar value $200,000 $450,000 $240,000 $465,000

a. b. c. d.

Answers
A: a. B: b. C: c. D: d.

Answer Explanations
Answer (a) is the correct answer. This stratum has the largest expected standard deviation. Allocating more selections to strata with larger standard deviations decreases the standard error of the mean, which results in a smaller confidence interval. The objective of stratifying a sample is to reduce variation in order to be able to use a smaller sample than would be required without stratification. Answer (b) is incorrect. Although this stratum has the largest mean, it has a smaller standard deviation than stratum defined in the answer (a). Answer (c) is incorrect. Although this stratum has the largest number of items, is has the smallest standard

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 156 of 262

deviation. Answer (d) is incorrect. The total dollar value is directly related to the mean and number of items in a stratum. As explained above, neither of these factors is a normal consideration in allocating sample size to strata.

Question: V2C5-0116
An internal auditor has obtained the following data by selecting a random sample from an inventory population. Number of items 200 5,000 Audited value $220,000 Book value $ 200,000 $5,200,000 Sample Population

The estimate of the population dollar value using mean-per-unit sampling would be

Answers
A: $5,000,000 B: $5,420,000 C: $5,500,000 D: $5,720,000

Answer Explanations
Answer (a) is incorrect. This calculation uses the means of the book value of the sample rather than the mean of the audit sample: $200,000/200 = $1,000; 1,000 5,000 = $5,000,000. Answer (b) is incorrect. This calculation added the audit value of the sample to the book value of the population: $220,000 + 5,200,000 = $5,420,000. Answer (c) is the correct answer. Mean-per-unit = $220,000/200 = $1100 and $1100 (5000) = $5,500,000. Answer (d) is incorrect. Ratio estimation = $220,000/$200,000 = 1.1 and 1.1 ($5,200,000) = $5,720,000.

Question: V2C5-0117
An internal auditor has obtained the following data by selecting a random sample from an inventory population. Number Audited of items value Book value Sample 200 $220,000 $ 200,000 Population 5,000 $5,200,000 The estimate of the population dollar value using difference estimation sampling would be

Answers
A: $4,700,000 B: $5,500,000

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 157 of 262

C: $5,680,000 D: $5,700,000

Answer Explanations
Answer (a) is incorrect. Estimated difference of $500,000 per Answer (d) should be added to $5,200,000, not deducted from $5,200,000. Answer (b) is incorrect. Mean-per-unit = $220,000/200 = $1100 and $1100 (5000) = $5,500,000. Answer (c) is incorrect. This is an incorrect calculation using the difference in units between the population and sample and then adding this incorrect amount to the book value as follows: [(220,000 200,000)/200] (5,000 200) = 480,000 and $5,200,000 + 480,000 = $5,680,000. Answer (d) is the correct answer. Difference estimation = $220,000 $200,000 = $20,000 and $20,000/200 = $100 and $100 (5000) = $500,000 and $500,000 + $5,200,000 = $5,700,000.

Question: V2C5-0118
An internal auditor has obtained the following data by selecting a random sample from an inventory population. Number Audited of items value Book value Sample 200 $220,000 $ 200,000 Population 5,000 $5,200,000 The estimate of the population dollar value using ratio estimation would be

Answers
A: $4,727,273 B: $5,500,000 C: $5,700,000 D: $5,720,000

Answer Explanations
Answer (a) is incorrect. This calculation reverses the correct ratio estimation as: Ratio estimation = $200,000/ $220,000 = .90909091 and .90909091 ($5,200,000) = $4,727,273. Answer (b) is incorrect. Mean-per-unit = $220,000/200 = $1100 and $1100 (5000) = $5,500,000. Answer (c) is incorrect. Difference estimation = $220,000 $200,000 = $20,000 and $20,000/200 = $100 and $100 (5000) = $500,000 and $500,000 + $5,200,000 = $5,700,000. Answer (d) is the correct answer. Ratio estimation = $220,000/$200,000 = 1.1 and 1.1 ($5,200,000) = $5,720,000.

Question: V2C5-0119
The internal auditor for an insurance company is conducting an audit of claims processing and wants to assess the average length of time that it takes to process automobile claims to determine whether processing is being completed within standards set by company policy.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 158 of 262

The auditor plans to take a sample of claims made during the year and perform the needed analysis. The most appropriate sampling method would be

Answers
A: Mean-per-unit variables sampling. B: Probability proportion to size. C: Attribute sampling. D: Discovery sampling.

Answer Explanations
Answer (a) is the correct answer. Mean-per-unit variables sampling is the most appropriate sampling procedure because it allows the auditor to calculate a mean of the processing time and build confidence levels around the mean. The normal sampling distribution will allow the auditor to also estimate the percentage of claims that are not processed within the time limit contained in the companys policy. Answer (b) is incorrect. Probability proportion to size is not appropriate in this situation. Answer (c) is incorrect. Attribute sampling would not lead to an estimate of the average length of time to process the claims. It could, however, be used to estimate the probability that a claim is not processed within the companys defined standard. Answer (d) is incorrect. Discovery sampling is used to determine if an isolated event is occurring in the population. It would be used here only if exceeding the policy for claims processing was expected to be extremely rare and extremely important.

Question: V2C5-0120
What effect does an increase in the standard deviation have on the required sample size of mean-per-unit estimation and probability pro-portion to size sampling? Assume no change in any of the other characteristics of the population and no change in desired precision and confidence. Probability proportional to size (PPS) Increase in sample size Decrease in sample size

a. b. c. d.

Mean-per-unit Increase in sample size No change in sample size Increase in sample size No change in sample size Decrease in sample size No change in sample size

Answers
A: a. B: b.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 159 of 262

C: c. D: d.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is incorrect. A change in the standard deviation has no effect on the required sample size when dollarunit sampling is used, since the sampling units are homogeneousthe individual dollars. Answer (c) is the correct answer. An increase in the standard deviation represents an increase in the variability of the population and therefore the sample size would increase when using mean-per-unit estimation. A change in the standard deviation has no effect on the required sample size when probability proportional to size sampling is used, since the sampling units are homogeneous. Answer (d) is incorrect. An increase in the standard deviation represents an increase in the variability of the population and therefore requires increasing, not decreasing, the sample size.

Question: V2C5-0121
By statistically projecting the population value based on the average value of sampled subsidiary accounts, the auditor has estimated the value of the total equipment account to be $2,800,000. This is an example of

Answers
A: Dollar-unit sampling. B: Mean-per-unit sampling. C: Attributes sampling. D: Statistical difference estimation.

Answer Explanations
Answer (a) is incorrect. Dollar-unit sampling uses individual dollars instead of account balances as the sampling units. Answer (b) is the correct answer. Mean-per-unit sampling uses subsidiary account balances or records as a basis for projecting total account balances. Answer (c) is incorrect. Attributes sampling estimates the presence of a qualitative characteristic, such as internal control errors. Answer (d) is incorrect. Difference estimation uses differences between audit and book values to project population values.

Question: V2C5-0122
An audit of a wholesale companys inventory was conducted to estimate its value. The inventory contained 20,000 items with a book value of $1 million. The audit plan was to estimate inventory value with a precision of plus or minus 2% at a 90% confidence level. The sample results were

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 160 of 262

Sample Size: 300 Sample Mean per unit: $52 Sample Standard Deviation per unit: $10.80 Sample Precision per unit: $1.03 Based on the sample results, the estimated inventory value is between

Answers
A: $784,000 and $1,216,000. B: $844,000 and $1,256,000. C: $1,019,400 and $1,060,600. D: $979,400 and $1,020,600.

Answer Explanations
Answer (a) is incorrect. It uses book plus or minus value mean and standard deviation rather than sample mean and precision to compute the confidence interval. Answer (b) is incorrect. It uses standard deviation instead of precision to compute confidence interval. Answer (c) is the correct answer. 20,000 (52 1.03) = $1,040,000 20,600 or $1,019,400 to $1,060,600. Based on the data given: Precision of sample result = 1.03/52 = 1.98%. This is within the plan goal of 2%. Answer (d) is incorrect. It is centered on book value mean.

Question: V2C5-0123
An auditor is using the mean-per-unit method of variables sampling to estimate the correct total value of a group of inventory items. Based on the sample, the auditor estimates, with a precision of plus or minus 4% and confidence of 90%, that the correct total is $800,000. This means that

Answers
A: There is a 4% chance that the actual correct total is less than $720,000 or more than $880,000. B: There is a 10% chance that the actual correct total is less than $768,000 or more than $832,000. C: The probability that the inventory is not significantly overstated is between 6% and 14%. D: The inventory is not likely to be overstated by more than 4.4% ($35,200) or understated by more than 3.6% ($28,800).

Answer Explanations
Answer (a) is incorrect. The computation underlying this response transposes the correct definitions of precision and confidence. Answer (b) is the correct answer. A 90% confidence level implies that 10% of the time the true population total will be outside the computed range. Precision of plus or minus 4% gives the boundaries of the computed range: 4% $800,000 = $32,000. $800,000 $32,000 provides a range of $768,000 to $832,000.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 161 of 262

Answer (c) is incorrect. This response improperly uses precision to modify confidence and fails to specify a dollar amount for the range within which the correct total is apt to lie. Answer (d) is incorrect. This response improperly uses confidence to modify precision, and the phrase not likely is ambiguous.

Question: V2C5-0124
What effect does an increase in the standard deviation have on the required sample size of mean-per-unit estimation and dollar-unit sampling? Assume no change in any of the other characteristics of the population and no change in desired precision and confidence. Mean-per-unit estimation Decrease in sample size No change in sample size Increase in sample size No change in sample size Dollar-unit sampling No change in sample size Decrease in sample size No change in sample size Increase in sample size

a. b. c. d.

Answers
A: a. B: b. C: c. D: d.

Answer Explanations
Answer (a) is incorrect. An increase in the standard deviation represents an increase in the variability of the population and therefore requires increasing, not decreasing, the sample size. Answer (b) is incorrect. A change in the standard deviation has no effect on the required sample size when dollarunit sampling is used, since the sampling units are homogeneousthe individual dollars. Answer (c) is the correct answer. In mean-per-unit estimation, an increase in the standard deviation increases the sample size since it is used to estimate unknown values, such as inventory. In dollar-unit sampling, an increase in the standard deviation has no effect on the sample size since it yields a smaller sampling error. Answer (d) is incorrect. See explanations for answers (a) and (b).

Question: V2C5-0125
An auditor applied dollar-unit sampling to select a sample of costs charged by a contractor. The sample design and results were as follows: Contract costs charged Number of invoices in population Tolerable error Confidence level Reliability factor $10,000,000 2,000 1% 95% 3.0

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 162 of 262

Sampling interval Sample size Expected error Detected error Which of the following is true about this sample?

$33,333 300 None None

Answers
A: The probability of selecting any particular invoice is 15% (300/2000). B: There is a 1% chance that the contract invoices contain significant errors. C: The sampling risk is acceptable if errors do not exceed $33,333. D: There is a 95% chance that the costs are not overstated more than $100,000 (1% of $10,000,000).

Answer Explanations
Answer (a) is incorrect. The probability of selecting any particular invoice is proportional to the dollar amount of the invoice. Answer (b) is incorrect. The chance is 5% that errors are more than 1% of $10,000,000. Answer (c) is incorrect. The acceptable level of sampling risk is 5%, which is 100% less 95%. Sampling risk is the complement of the confidence level. Answer (d) is the correct answer. No errors were detected in the sample. Therefore, the desired confidence level and precision were achieved.

Question: V2C5-0126
In which of the following situations would monetary-unit sampling be more effective and efficient than ratio estimation?

Answers
A: The population contains a large number of differences between the recorded amount and the actual amount. B: The population is expected to contain few differences between the recorded amount and the actual amount. C: The population has a high degree of variability in dollar amount. D: The population has a low degree of variability in dollar amount.

Answer Explanations
Answer (a) is incorrect. Monetary-unit sampling is generally inefficient and less effective than variables sampling when there are a larger number of differences. The ratio approach, however, tends to be especially efficient in such circumstances. Answer (b) is the correct answer. Monetary-unit sampling is especially efficient and effective when there are a

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 163 of 262

small number of differences. Ratio estimation, however, requires a large number of differences to be effective. Answer (c) is incorrect. A high degree of variability in the dollar amount within the population makes both of these methods efficient relative to alternative statistical methods. A high degree of variability in the dollar amount of the population generally has no effect on the effectiveness of these two methods relative to each other. Answer (d) is incorrect. A low degree of variability among the items in the population reduces the relative efficiency of both of these methods compared to alternative statistical sampling methods. A low degree of variability does not affect the effectiveness of these methods.

Question: V2C5-0127
An auditor is using dollar-unit sampling with a fixed interval to test an account with a balance of $750,000. Sample size is 50. The auditor started the selection process with a random start of 04719. Which of the following items would be the third sample item selected? a. b. c. d. Invoice amount $ 7,985 $ 4,108 $12,305 $ 456 Cumulative amount $31,374 $35,482 $47,787 $48,243

Answers
A: a. B: b. C: c. D: d.

Answer Explanations
Answer (a) is incorrect. The cumulative amount is less than $34,719. Answer (b) is the correct answer. The cumulative amount is the first amount greater than $34,719, which would be the threshold for the third selection (i.e., $4719 + 15,000 + $15,000). The selection interval is $750,000/50 = $15,000. It contains dollars 31,375 through 35,482, thus it contains 34,719. Answer (c) is incorrect. This item would not be selected because it does not contain the 34,719th dollar. Answer (d) is incorrect. This item would not be selected because it does not contain the 34,719th dollar.

Question: V2C5-0128
Monetary-unit sampling is most useful when the internal auditor

Answers
A: Is testing the accounts payable balance. B: Cannot cumulatively arrange the population items.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 164 of 262

C: Expects to find several material errors in the sample. D: Is concerned with overstatements.

Answer Explanations
Answer (a) is incorrect. Monetary-unit sampling is generally not appropriate for testing understatement of liabilities since the more a balance is understated, the less its chance of being included in the sample. Answer (b) is incorrect. This is one of the requirements for using monetary-unit sampling. Answer (c) is incorrect. Again, one of the assumptions for using monetary-unit sampling is the error rate in the population should be small (e.g., less than 10%). The internal auditor should not use this procedure if material errors are expected. Answer (d) is the correct answer. Overstated items have a greater chance of being included in the sample. Additionally, samples under this procedure include more of the higher-dollar accounts because of the way the sample is conducted. Errors in these accounts are more likely to result in material misstatements and are thus more critical to the internal auditor.

Question: V2C5-0129
The book value of a 3,000th item inventory is $3,000,000. An auditor specifies a maximum tolerable error of $60,000 and a 95% confidence level (reliability factor = 3.0). Assuming that no individual item in the population exceeds the monetary value of the interval, the expected sample size for monetary-unit sampling would be

Answers
A: Less than 70. B: From 70 to 140. C: From 140 to 160. D: Greater than 160.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. (3) ($3,000,000/$60,000) = 150, which represents the correct sample size.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0130
An auditor is planning to use monetary-unit sampling for testing the dollar value of a large accounts receivable population. The advantages of using monetary-unit sampling include all of the following except:

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 165 of 262

Answers
A: It is an efficient model for establishing that a low error rate population is not materially misstated. B: It does not require the normal distribution approximation required by variable sampling. C: It can be applied to a group of accounts, since the sampling units are homogenous. D: It results in a smaller sample size than that required when using classical sampling, as errors increase.

Answer Explanations
Answer (a) is incorrect. Monetary unit sampling is being an efficient model; this is an advantage. Answer (b) is incorrect. Monetary unit sampling does not assume normally distributed populations; this is an advantage. Answer (c) is incorrect. Monetary unit sampling uses dollar units as the homogenous units; this is an advantage. Answer (d) is the correct answer. Monetary unit sampling would result in a larger sample size, and this is not an advantage.

Question: V2C5-0131
Which of the following factors would most likely preclude the auditor from using monetary unit sampling?

Answers
A: The auditor expects to find a limited number of understatements of individual account balances. B: The auditor expects to find that a large percentage of items sampled have misstatements. C: Individual accounts are not assigned a number, but are listed only alphabetically. D: The auditor expects to find more errors in the larger dollar value items than in the smaller dollar value items.

Answer Explanations
Answer (a) is incorrect. Monetary unit sampling can effectively handle a small number of understatement errors. Answer (b) is the correct answer. Monetary unit sampling is not as effective in calculating an upper error estimate when a very large number of errors are expected. Answer (c) is incorrect. Account numbers do not have to be assigned to use monetary unit sampling. Answer (d) is incorrect. This would not preclude the use of monetary unit sampling because: (1) most large-dollarvalue items are selected and a census of that data is performed; and (2) the probability of any item being selected is proportional to its size. Thus, monetary unit sampling works especially well in the situation described here.

Question: V2C5-0132
Many firms are beginning to use the statistical processing control techniques as part of their total quality manage-

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 166 of 262

ment approach. Which of the following would not constitute a part of statistical processing control techniques?

Answers
A: Acceptance sampling. B: Dollar-unit sampling. C: Quality control charts. D: Continuous monitoring and feedback.

Answer Explanations
Answer (a) is incorrect. Acceptance sampling is a standard statistical process control technique. Answer (b) is the correct answer. Dollar unit is a sampling technique that has been uniquely applied to auditing. It is not used in statistical processing control. Answer (c) is incorrect. Quality control charts are an integral part of total quality management approaches. Answer (d) is incorrect. Continuous monitoring and frequent feedbacks are two of the important elements of statistical quality control.

Question: V2C5-0133
Dollar-unit sampling is not efficient if

Answers
A: Computerized account balances are being audited. B: Statistical inferences are to be made. C: The audit objective is oriented to understatements. D: The account contains a large number of transactions.

Answer Explanations
Answer (a) is incorrect. The issue of manual or computerized accounts would not have any impact on sampling efficiency. Answer (b) is incorrect. Dollar-unit sampling is an accepted method of estimating the dollar error of an account balance. Answer (c) is the correct answer. Dollar unit sampling, because it samples each individual dollar, automatically stratifies. If the audit objective is to identify understatements, dollar-unit sampling is not appropriate because the larger the understatement, the least likely it is to be identified. Answer (d) is incorrect. The number of transactions is not the issue, the number of dollars is.

Question: V2C5-0134
file://C:\Program Files\Wiley\CIAExam\Print.htm 1/20/2010

Wiley CIA 2006 v1

Page 167 of 262

An internal auditor is considering the use of dollar-unit (probability-proportional-to-size, PPS) sampling. This technique is likely to be especially beneficial if

Answers
A: The auditor is interested in testing the proper valuation of accounts payable. B: The auditor believes that the items to be tested are just as likely to be overstated as understated. C: The auditor is interested in testing the accuracy and valuation of accounts receivable. D: The error rate in the population is believed to be quite large.

Answer Explanations
Answer (a) is incorrect because this technique is ineffective at detecting understatements, which are of significant concern for accounts payable. Answer (b) is incorrect because this technique is ineffective at detecting understatements, which are of significant concern for accounts payable. Answer (c) is the correct answer. Dollar-unit sampling is often used for these purposes. Answer (d) is incorrect. Dollar-unit sampling performs relatively poorly with very large error rates.

Question: V2C5-0135
A sampling plan is needed to test for overstatement of a $3 million accounts payable book balance. The auditor determines that a $100,000 error is material and a 95% confidence level is appropriate. Based on these determinations, the sample of size 90 is needed. The sampling plan most likely used is

Answers
A: Stop and go. B: Cluster sampling. C: Dollar-unit sampling. D: Attributes sampling.

Answer Explanations
Answer (a) is incorrect. A quantitative materiality amount cannot apply to stop or go, a form of attributes sampling. Answer (b) is incorrect. It requires a definition of a cluster. Answer (c) is the correct answer. Dollar-unit sampling is the only quantitative method listed. Answer (d) is incorrect. This question involves a variable and, like answer (a), cannot apply to attributes sampling.

Question: V2C5-0136

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 168 of 262

An internal auditor is preparing to sample accounts receivable for overstatement. A statistical sampling method that automatically provides stratification when using systematic selection is

Answers
A: Attributes sampling. B: Ratio-estimation sampling. C: Dollar-unit sampling. D: Mean-per-unit sampling.

Answer Explanations
Answer (a) is incorrect. It does not automatically stratify. Answer (b) is incorrect. It does not automatically stratify. Answer (c) is the correct answer. It stratifies, in that each dollar is a sampling unit and the larger the account balance, the greater the chance of selection. Answer (d) is incorrect. It does not automatically stratify.

Question: V2C5-0137
An auditor wishes to select a dollar-unit sample of 100 sales invoices that are included in receivables. Total receivables consist of 1,600 invoices, beginning with invoices number 1781, ranging in value from $25 to $3,000 and totaling $700,000. A partial list is Invoice No. 1781 1790 1795 . . . 1804 1805 Amount $ 75 1,400 1,500 . . . 1,470 30 Cumulative amount $ 75 1,475 2,975 . . . 8,450 8,480

Assuming the 4-digit random number 1461 is selected as a starting point, the first two invoice numbers to be included in the sample are

Answers
A: 1790 and 1795. B: 1790 and 1805. C: 1795 and 1804. D: 1795 and 1805.

Answer Explanations

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 169 of 262

Answer (a) is incorrect. The sampling interval is $7,000 (population total of $700,000 / sample size of 100). Thus the first two dollars to be selected are cumulative amounts $1,461 (the starting point) and $8,461 ($1,461 + $7,000). Invoice number 1795 is obtained by adding 1461 to the initial selection and does not reflect the $7,000 interval. Answer (b) is the correct answer. Invoice number 1790 includes cumulative amount $1,461, and invoice number 1805 includes cumulative amount $8,461. Answer (c) is incorrect. Invoice number 1795 includes cumulative amounts $1,476 through $2,975, and thus does not include the starting point of $1,461; and, as explained in Answer (a) above, invoice number 1804 does not include the second cumulative amount of $8,461. Answer (d) is incorrect. See explanation given for the answer (c).

Question: V2C5-0138
Management of a property and casualty insurance company is concerned about the efficiency and effectiveness of the claims processing activities. It has two major concerns: (1) some claims are being paid that should not be paid or are being paid in amounts in excess of the policy; and (2) many claimants are not being paid on a timely basis. In preparing for an audit of the area, the internal auditor decides to perform a preliminary survey to gather more information about the nature of processing and potential problems. Which of the following procedures would be the least effective in gathering information about the nature of the processing and potential problems?

Answers
A: Interview supervisors in the claims department to find out more about the procedures used and the rationale for the procedures, and obtain their observations about the nature and efficiency of processing. B: Send an electronic mail message to all clerical personnel detailing the alleged problems and request them to respond. C: Interview selected clerical employees in the claims department to find out more about the procedures used and the rationale for the procedures, and obtain their observations about the nature and efficiency of processing. D: Distribute a questionnaire to gain a greater understanding of the responsibilities for claims processing and the control procedures utilized.

Answer Explanations
Answer (a) is incorrect. This would be a good method to learn more about the nature of processing and to solicit input from employees as to the potential cause of the situation being investigated. Answer (b) is the correct answer. This is the least effective communication and information-gathering technique of the four responses because it is impersonal and it alleges inefficiencies before there is evidence that the problems are due to inefficiencies in the processing. The impersonal method may have been applicable if the auditor wished open responses, but not enough guidance is given here to lead to that kind of response. Answer (c) is incorrect. This would supplement the supervisors perceptions with those from individuals intimately involved with the processing of transactions. This would be an effective communication technique. Answer (d) is incorrect. This is not as good of a procedure as answers (b) and (c), but would represent an efficient method of gathering preliminary information that would be useful in structuring the interviews.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 170 of 262

Question: V2C5-0139
Management of a property and casualty insurance company is concerned about the efficiency and effectiveness of the claims processing activities. It has two major concerns: (1) some claims are being paid that should not be paid or are being paid in amounts in excess of the policy; and (2) many claimants are not being paid on a timely basis. In preparing for an audit of the area, the internal auditor decides to perform a preliminary survey to gather more information about the nature of processing and potential problems. The auditor used a questionnaire during interviews to gather information about the nature of claims processing. Unfortunately, the questionnaire did not cover a number of pieces of information offered by the person being interviewed. Consequently, the auditor did not document the potential problems for further audit investigation. The primary deficiency with the above process is that

Answers
A: The auditor failed to consider the importance of the information offered. B: The use of a questionnaire in a situation where a structured interview should have been used. C: Questionnaires do not allow for opportunities to document other information. D: All of the above.

Answer Explanations
Answer (a) is the correct answer. The major problem is that the auditor was too oriented to the questionnaire and failed to appropriately consider the other information that was offered. Questionnaires may be limited, but the auditor needs to be flexible enough to gather other information when it is offered. Answer (b) is incorrect. This is not an inappropriate use of a questionnaire. The problem was the auditor did not listen well enough to expand the information-gathering process. Answer (c) is incorrect. Questionnaires are limited, but the problem is with its application, not necessarily the nature of the questionnaires. Answer (d) is incorrect. Answers (b) and (c) are not appropriate conclusions.

Question: V2C5-0140
Management of a property and casualty insurance company is concerned about the efficiency and effectiveness of the claims processing activities. It has two major concerns: (1) some claims are being paid that should not be paid or are being paid in amounts in excess of the policy; and (2) many claimants are not being paid on a timely basis. In preparing for an audit of the area, the internal auditor decides to perform a preliminary survey to gather more information about the nature of processing and potential problems. A clerical employee approaches the auditor and indicates that she has important information about a collusion within her department to process fraudulent claims and split the proceeds among the members of a small group. She is willing to discuss the matter with the auditor, but wishes to remain anonymous. The auditor should

Answers
A: Request that the conversation be videotaped so that it will be available as evidence should fraud be found.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 171 of 262

B: Reply that the matter must be reported to appropriate organizational officials for subsequent followup. C: Document the information and use it to plan the audit. Change the nature of the audit from one of economy and efficiency to one of fraud. D: Obtain the information and develop procedures that could corroborate the information.

Answer Explanations
Answer (a) is incorrect. The employee has requested anonymity. No formal investigation has yet begun. The auditor should not require that the interview be videotaped at this time. Answer (b) is incorrect. The information is strictly hearsay evidence at this point in time. The auditor should gather enough information to determine if there is other evidence available that might corroborate the assertion and provide a basis for further investigation. Answer (c) is incorrect. The auditor should determine if there are available sources to corroborate the assertion made by the employee before changing the nature of the investigation. The auditor will focus on the possibility of fraud, but should not completely change the direction of the investigation without corroborating evidence. Answer (d) is the correct answer. The auditor should attempt to corroborate the oral information before changing the nature of the audit or reporting it to company officials.

Question: V2C5-0141
Management of a property and casualty insurance company is concerned about the efficiency and effectiveness of the claims processing activities. It has two major concerns: (1) some claims are being paid that should not be paid or are being paid in amounts in excess of the policy; and (2) many claimants are not being paid on a timely basis. In preparing for an audit of the area, the internal auditor decides to perform a preliminary survey to gather more information about the nature of processing and potential problems. The auditor conducted an interview with the supervisor. The auditor noted that the supervisor became uncomfortable and nervous and changed the subject whenever the auditor raised questions about certain types of claims. The supervisors answers were consistent with company policies and procedures. When documenting the interview, the auditor should

Answers
A: Document the supervisor's answers, noting the nature of the nonverbal communications. B: Not document the nonverbal communication because it is subjective and is not corroborated. C: Conclude that the nonverbal communication is persuasive and that sufficient evidence exists to charge fraud against the group. D: Ignore the specific answers given in the interview, because they are self-serving.

Answer Explanations
Answer (a) is the correct answer. Auditors frequently encounter and act on nonverbal communication. If the nonverbal communication affects the auditors perception of the information gathered, it should be documented so that it can be considered as the audit proceeds. Answer (b) is incorrect. If the nonverbal communication affects the auditors perception of the information

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 172 of 262

gathered, it should be documented so that it can be considered as the audit proceeds. Answer (c) is incorrect. Nonverbal communication is not sufficient to reach a conclusion that fraud has taken place. However, along with the allegations made by the employee, it may be sufficient to perform a fraud investigation. Answer (d) is incorrect. The answers given should be documented, but the process of only documenting the verbal responses, especially in a situation like this where nonverbal actions may indicate untruthfulness, would result in incomplete documentation of the auditees response.

Question: V2C5-0142
Management of a property and casualty insurance company is concerned about the efficiency and effectiveness of the claims processing activities. It has two major concerns: (1) some claims are being paid that should not be paid or are being paid in amounts in excess of the policy; and (2) many claimants are not being paid on a timely basis. In preparing for an audit of the area, the internal auditor decides to perform a preliminary survey to gather more information about the nature of processing and potential problems. After informing management, the auditor is directed to go ahead with a fraud investigation. The auditor has identified the parties most likely to have been involved in the fraud, if indeed one is taking place. The auditor sends each potential participant a personal electronic mail message indicating the nature of the investigation and urges the individual to come forward and explain the nature of the fraud. The auditor states that this is strictly an audit investigation and legal authorities are not involved. A major problem with this particular communication is

Answers
A: The medium. A paper-based document, such as a letter, should have been used instead of electronic mail message. B: The medium. Personal interviews should have been used instead of electronic mail. C: The nature of the communication. The auditor should have sent a questionnaire to each employee, rather than seeking an open-ended response. D: The nature of the message. The auditor should have detailed the specific allegations against each employee and allowed them the opportunity to respond. The message, as written, is too general.

Answer Explanations
Answer (a) is incorrect. The major problem is with the impersonal form of the communication, not whether it was delivered electronically or on paper. Answer (b) is the correct answer. The nature of the communication is highly sensitive and personal. A more personal form of communication, such as the direct interview, should have been used to elicit the response from the auditees. Answer (c) is incorrect. There is a need for personal communication. Questionnaires are used to gain an understanding about the nature of processing. The auditor has already obtained most of this information and is interested in more specific facts as to how a fraud may have taken place and who was involved in the fraud if one had taken place. Answer (d) is incorrect. The auditor is not in position to detail the allegations against each specific employee. The auditor wants to gain more information about the nature of the fraud, if it exists. It would not be proper to detail allegations to each individual employee at this point.

Question: V2C5-0143
file://C:\Program Files\Wiley\CIAExam\Print.htm 1/20/2010

Wiley CIA 2006 v1

Page 173 of 262

Management of a property and casualty insurance company is concerned about the efficiency and effectiveness of the claims processing activities. It has two major concerns: (1) some claims are being paid that should not be paid or are being paid in amounts in excess of the policy; and (2) many claimants are not being paid on a timely basis. In preparing for an audit of the area, the internal auditor decides to perform a preliminary survey to gather more information about the nature of processing and potential problems. After pursuing the investigation, two clerical employees corroborate the allegations and indicate that it was a plan developed by the supervisor and that they were put under pressure to go along with the scheme. The auditor decides to question the supervisor, who becomes very hostile in responding to the auditors questions. The auditor should

Answers
A: Indicate that if the supervisor will not cooperate, the auditor will turn the matter over to legal authorities for further investigation. B: Indicate this is not a fraud audit and that the purpose is to identify the nature of incorrectly processed transactions and the reason for the problems encountered. Emphasize that the supervisor's cooperation will be documented in the workpapers. C: Respond in a like manner and indicate the evidence the auditor has already obtained. Put pressure on the supervisor to confess to the fraud and to name others involved in the scheme. D: Describe the purpose of the interview and the nature of the evidence sought. Encourage the supervisor to continue the interview.

Answer Explanations
Answer (a) is incorrect. The auditors responsibility is to refer the matter to management and the audit committee. It is up to them to decide whether to turn the investigation over to legal authorities. Answer (b) is incorrect. This would be incorrect communication because the auditor has explicitly embarked on a fraud audit. Answer (c) is incorrect. This is a fraud audit, not a fraud interrogation. The auditor should not respond with hostility or threaten the supervisor to get a confession. The auditor should be prepared to turn the investigation over to proper authorities if the supervisor will not cooperate, but should not act as a fraud interrogator. Answer (d) is the correct answer. The auditor should not react adversely to the hostile actions by the supervisor, but should carefully explain the situation and provide an opportunity for the supervisor to calm down and continue the interview.

Question: V2C5-0144
Management of a property and casualty insurance company is concerned about the efficiency and effectiveness of the claims processing activities. It has two major concerns: (1) some claims are being paid that should not be paid or are being paid in amounts in excess of the policy; and (2) many claimants are not being paid on a timely basis. In preparing for an audit of the area, the internal auditor decides to perform a preliminary survey to gather more information about the nature of processing and potential problems. The supervisor has a change of heart and indicates the amount of fraud was less than $85,000 out of $85 million in claims processed, a clearly immaterial amount in the supervisors opinion. The supervisor makes an offer to: (1) name all employees involved; (2) describe the circumvention of controls that allowed the fraud to take place; and (3) implement the necessary controls if the auditor would agree to describe the situation as a control procedure breakdown and not report it to management as a fraud. The amounts represent less than 0.1 percent of the claims processed. Otherwise, the supervisor will not cooperate in the investigation, will order the others

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 174 of 262

involved not to cooperate, and will engage legal counsel. The auditor is already well over time budget and is intrigued by the opportunity to negotiate an end to the investigation and improve the control procedures. Which of the following would represent an appropriate response to the supervisor? I. Indicate the situation is open to negotiation, but that more details on the nature of the fraud would be needed and the supervisor would have to sign an agreement as to the compromise reached. II. Indicate that the auditor has no authority to negotiate. III. Indicate that if the supervisor wishes to negotiate, the matter must be first reported as a fraud and the negotiations would have to take place with management.

Answers
A: I only. B: II only. C: III only. D: II and III only.

Answer Explanations
Answer (a) is incorrect. This would be an inappropriate response for the auditor. Answer (b) is incorrect. This is a correct communication, but response III is also an appropriate communication. Answer (c) is incorrect. This is a correct communication, but response II is also an appropriate communication. Answer (d) is the correct answer. If the supervisor wants to negotiate, the negotiation should be performed with management and the assigned fraud investigation team.

Question: V2C5-0145
An audit team has been assigned to review the customer satisfaction measurement system that the industrial products division implemented two years ago. This system consists of the divisions customer service office conducting an annual mail survey. A survey is sent to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. The survey is three pages long and its 30 questions use a mixture of response modes (e.g., some questions are open-ended, some multiple choice, and others use a response scale). The customer service office mails the survey in September and tabulates the results for questionnaires returned by October 15. Only one mailing is sent. If the customer does not return the questionnaire, no follow-up is conducted. When the survey was last conducted, 45 of the questionnaires were not returned. Nonresponse bias is often a concern in conducting mail surveys. The main reason that nonresponse bias can cause difficulties in a sample such as the one taken by the customer service office is that

Answers
A: The sample means and standard errors are harder to compute. B: Those who did not respond may be systematically different from those who did. C: The questionnaire is too short.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 175 of 262

D: Confidence intervals are narrower.

Answer Explanations
Answer (a) is incorrect. Formulas are equally easy to compute with bad as with good data. Answer (b) is the correct answer. This can result because people may choose not to respond for reasons related to the purpose of the questionnaire. Answer (c) is incorrect. Longer questionnaires actually increase nonresponse bias. Answer (d) is incorrect. Nonresponse decreases sample size, so, if anything, confidence intervals would be wider rather than narrower.

Question: V2C5-0146
An audit team has been assigned to review the customer satisfaction measurement system that the industrial products division implemented two years ago. This system consists of the divisions customer service office conducting an annual mail survey. A survey is sent to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. The survey is three pages long and its 30 questions use a mixture of response modes (e.g., some questions are open-ended, some multiple choice, and others use a response scale). The customer service office mails the survey in September and tabulates the results for questionnaires returned by October 15. Only one mailing is sent. If the customer does not return the questionnaire, no follow-up is conducted. When the survey was last conducted, 45 of the questionnaires were not returned. One of the steps of the audit program is to review the quality of the questionnaires design. Which of the following is a common error made in designing multiple-choice questions in a survey questionnaire?

Answers
A: Unipolar rather than bipolar labels are used for the response categories. B: The alternative response categories for the questions are not mutually exclusive. C: Likert scaling is used instead of semantic differential scaling. D: The question itself uses terms that are very familiar to the respondent.

Answer Explanations
Answer (a) is incorrect. This is a valid scaling answers for multiple-answer questions. Answer (b) is the correct answer. Overlapping categories frequently cause respondent difficulty. Answer (a) is incorrect. This is a valid scaling answers for multiple-answer questions. Answer (d) is incorrect. This is a desirable feature of a question.

Question: V2C5-0147
An audit team has been assigned to review the customer satisfaction measurement system that the industrial products division implemented two years ago. This system consists of the divisions customer service office conducting an annual mail survey. A survey is sent to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. The survey is three pages long and its 30 questions use a mixture of response modes (e.g., some questions are open-ended, some multiple choice, and others use a response

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 176 of 262

scale). The customer service office mails the survey in September and tabulates the results for questionnaires returned by October 15. Only one mailing is sent. If the customer does not return the questionnaire, no follow-up is conducted. When the survey was last conducted, 45 of the questionnaires were not returned. Which of the following is not an advantage of face-to-face interviews over mail surveys?

Answers
A: The response rate is typically higher. B: Interviewers can increase a respondent's comprehension of questions. C: Survey designers can use a wider variety of types of questions. D: They are less expensive since mailing costs are avoided.

Answer Explanations
Answer (a) is incorrect. Mail surveys often have notoriously low response rates. Answer (b) is incorrect. The interviewers flexibility to interpret responses and rephrase questions increases response quality. Answer (c) is incorrect. Audio-visual aids, complex sequences, and other varieties of questions are made possible by the interactive nature of interviews. Answer (d) is the correct answer. One of the principal advantages of mail surveys is their cost efficiency because mailing costs are less than interview labor costs.

Question: V2C5-0148
An audit team has been assigned to review the customer satisfaction measurement system that the industrial products division implemented two years ago. This system consists of the divisions customer service office conducting an annual mail survey. A survey is sent to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. The survey is three pages long and its 30 questions use a mixture of response modes (e.g., some questions are open-ended, some multiple choice, and others use a response scale). The customer service office mails the survey in September and tabulates the results for questionnaires returned by October 15. Only one mailing is sent. If the customer does not return the questionnaire, no follow-up is conducted. When the survey was last conducted, 45 of the questionnaires were not returned. Many questionnaires are made up of a series of different questions that use the same response categories (e.g., strongly agree, agree, neither, disagree, strongly disagree). Some designs will have different groups of respondents answer alternative versions of the questionnaire that present the questions in different orders and reverse the orientation of the endpoints of the scale (e.g., agree on the right and disagree on the left or vice versa). The purpose of such questionnaire variations is to

Answers
A: Eliminate intentional misrepresentations. B: Reduce the effects of pattern response tendencies. C: Test whether respondents are reading the questionnaire.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 177 of 262

D: Make it possible to get information about more than one population parameter using the same questions.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. There are many known effects of the sequence and format of questions. One method for dealing with these is to use questionnaire variations that cause these biases to average out across the sample.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0149
An audit team has been assigned to review the customer satisfaction measurement system that the industrial products division implemented two years ago. This system consists of the divisions customer service office conducting an annual mail survey. A survey is sent to 100 purchasing departments randomly selected from all customers who made purchases in the prior 12 months. The survey is three pages long and its 30 questions use a mixture of response modes (e.g., some questions are open-ended, some multiple choice, and others use a response scale). The customer service office mails the survey in September and tabulates the results for questionnaires returned by October 15. Only one mailing is sent. If the customer does not return the questionnaire, no follow-up is conducted. When the survey was last conducted, 45 of the questionnaires were not returned. Several of the audit team members are concerned about the low response rate, the poor quality of the questionnaire design, and the potentially biased wording of some of the questions. They suggest that the customer service office might want to supplement the survey with some unobtrusive data collection, such as observing customer interactions in the office or collecting audiotapes of phone conversations with customers. Which of the following is not a potential advantage of unobtrusive data collection compared to surveys or interviews?

Answers
A: Interactions with customers can be observed as they occur in their natural setting. B: It is easier to make precise measurements of the variables under study. C: Unexpected or unusual events are more likely to be observed. D: People are less likely to alter their behavior because they are being studied

Answer Explanations
Answer (a) is incorrect. Observing the phenomenon in its natural setting is a principal advantage of unobtrusive measures. Answer (b) is the correct answer. Lack of experimental control and measurement precision is the chief weaknesses of unobtrusive measures. Answer (c) is incorrect. Unobtrusive measures are useful for exploratory investigations for this reason. Answer (d) is incorrect. Since people are going about their normal business, they are less likely to do what they think the researcher wants, censor their comments, and so on.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 178 of 262

Question: V2C5-0150
An audit team developed a preliminary questionnaire with the following response choices I. Probably not a problem. II. Possibly a problem. III. Probably a problem. The questionnaire illustrates the use of

Answers
A: Trend analysis. B: Ratio analysis. C: Unobtrusive measures or observations. D: Rating scales.

Answer Explanations
Answer (a) is incorrect. Trend analysis is a specialized form of analytical review procedure, used primarily to analyze the changes in account balances over time. Answer (b) is incorrect. Ratio analysis is a subset of trend analysis used in analytical review. It is unrelated to the subject. Answer (c) is incorrect. Observing means seeing, noticing, not passing over. It implies a careful, knowledgeable look at people and things. It means a visual examination with a purpose, a mental comparison with standards, an evaluative sighting. Use of rating scales requires the participant to actively participate, it is not unobtrusive. Answer (d) is the correct answer. The auditors are using a numerical rating for the organization audited (source: Sawyers Internal Auditing IIA).

Question: V2C5-0151
An audit of the quality control department is being planned. Which of the following would least likely be used in the preparation of a preliminary survey questionnaire?

Answers
A: An analysis of quality control documents. B: The permanent audit file. C: The prior audit report. D: Management's charter for the quality control department.

Answer Explanations

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 179 of 262

Answer (a) is the correct answer. Such analysis is a part of fieldwork, which comes after the preliminary survey. Answer (b) is incorrect. This file probably contains information, such as questions used in prior audits and problems detected in prior years, that will help in the development of appropriate questions to ask this year. Answer (c) is incorrect. The report will identify prior findings and recommendations that should be followed up on this year. Answer (d) is incorrect. Knowing what the department is supposed to do will help the auditor develop knowledgeable questions.

Question: V2C5-0152
In advance of a preliminary survey, an audit director sends a memorandum and questionnaire to the supervisors of the department to be audited. What is the most likely result of that procedure?

Answers
A: It creates apprehension about the audit. B: It involves the auditee's supervisory personnel in the audit. C: It is an uneconomical approach to obtaining information. D: It is only useful for audits of distant locations.

Answer Explanations
Answer (a) is incorrect. Greater knowledge of the upcoming audit is more likely to remove some of the apprehension about it. Answer (b) is the correct answer. This helps involve the supervisors of the auditees department and encourages a more collegial approach to the audit. Answer (c) is incorrect. It will normally be more economical since the legwork will be done by those most competent to do it rapidly. Answer (d) is incorrect. Even though it is very useful for audits of distant locations, it can also be advantageous in other circumstances.

Question: V2C5-0153
Management answered yes to every question when filling out an internal control questionnaire and stated that all listed requirements and control activities were part of its procedures. An internal auditor retrieved this questionnaire from management during the preliminary survey visit but did not review the responses with management while on site. The auditors supervisor should be critical of the above procedure based on the fact that

Answers
A: Audit information must be corroborated in some way. B: Internal control questionnaires cannot be relied on.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 180 of 262

C: The auditors were not present while the questionnaire was being filled out. D: The questionnaire was not designed to address accounting operations and controls.

Answer Explanations
Answer (a) is the correct answer. Self-audit questionnaires provide indirect evidence, which must be confirmed. Answer (b) is incorrect. The ability to adapt general-purpose internal control questionnaires (ICQs) to different organizational units, personnel, and functional units is one of the strengths of these audit tools. Answer (c) is incorrect. ICQs can be designed so that the auditee can answer the questions without the auditor being present. Answer (d) is incorrect. An ICQ does not need to address accounting information to ensure integrity.

Question: V2C5-0154
Management answered yes to every question when filling out an internal control questionnaire and stated that all listed requirements and control activities were part of its procedures. An internal auditor retrieved this questionnaire from management during the preliminary survey visit but did not review the responses with management while on site. The auditors supervisor is writing the performance assessment for the auditor on this preliminary survey assignment. The supervisor cites the need to review managements responses on the control questionnaire. The auditor should have interviewed management for additional information because the interview technique

Answers
A: Provides the opportunity to insert questions to probe promising areas. B: Is the most efficient way to upgrade the information to the level of objective evidence. C: Is the least costly audit technique when a large amount of information is involved. D: Is the only audit procedure that does not require confirmation and walk-through of the information that is obtained.

Answer Explanations
Answer (a) is the correct answer. During face-to-face contact, a skilled interviewer can react to potential problems and expand questioning of more relevant subjects. Answer (b) is incorrect. Interviews do not produce objective evidence unless the information corroborates facts already in evidence. Answer (c) is incorrect. Interviews tend to be more costly in relation to the amount of information that must be included because of the preparation and discussion time involved. Answer (d) is incorrect. Critical information obtained during an interview must be followed up and confirmed.

Question: V2C5-0155
An auditor is considering developing a questionnaire to research employee attitude toward control procedures. Which of the following represents criteria that should not be considered in designing the questionnaire?

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 181 of 262

Answers
A: Questions must be worded to ensure a valid interpretation by the respondents. B: Questions must be reliably worded so that they measure what was intended to be measured. C: The questionnaire should be short to increase the response rate. D: Questions should be worded such that a "no" answer indicates a problem.

Answer Explanations
Answer (a) is incorrect. Validity and reliability of this question is extremely important. Answer (b) is incorrect. Validity and reliability of this question is extremely important. Answer (c) is incorrect. When questionnaires are too long, people tend not to fill them out. Answer (d) is the correct answer. Questions can be multiple answer, fill-in-the-blank, essay, Likert scales, and so on.

Question: V2C5-0156
Which of the following statements describes an internal control questionnaire? It

Answers
A: Provides detailed evidence regarding the substance of the control system. B: Takes less of the auditee's time to complete than other control evaluation devices. C: Requires that the auditor be in attendance to properly administer it. D: Provides indirect audit evidence that might need corroboration.

Answer Explanations
Answer (a) is incorrect. Yes and no answers may be very general and not specific as to degree. Answer (b) is incorrect. They are tiring for auditees to complete due to their length. Answer (c) is incorrect. The structured questionnaire asks for specific yes or no answers plus brief explanations. Answer (d) is the correct answer. The evidence provided is indirect and therefore could require corroboration in some way.

Question: V2C5-0157
Which of the following best describes the major disadvantage of using a questionnaire rather than a flowchart to evaluate internal controls?

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 182 of 262

A: Questionnaires usually take more time to complete and are more cumbersome. B: Responses do not efficiently flag potential internal control weaknesses. C: It is difficult for auditors to develop or obtain questionnaires that are appropriate for most internal control systems. D: Auditors may complete questionnaires without really understanding overall operations of internal control systems.

Answer Explanations
Answer (a) is incorrect. The opposite is true. Answer (b) is incorrect. This is an advantage of questionnaires. Answer (c) is incorrect. Such are readily obtained or developed. Answer (d) is the correct answer. This is the major disadvantage of using questionnaires. Developing or reviewing flowcharts is an extremely effective way to gain an overall understanding of the system and pinpoint control points and the lack of controls.

Question: V2C5-0158
Which of the following is the primary advantage of using an internal control questionnaire?

Answers
A: It provides a clear picture of the interrelationships that exist between the various controls. B: It reduces the risk of overlooking important aspects of the system. C: It forces an auditor to acquire a full understanding of the system. D: The negative responses indicate the only areas needing further audit work.

Answer Explanations
Answer (a) is incorrect because it is an advantage of a flowchart. Answer (b) is the correct answer. It can be prepared in advance and functions very much like a checklist. Answer (c) is incorrect because it is an advantage of a flowchart. Answer (d) is incorrect because positive responses must also be tested to determine compliance.

Question: V2C5-0159
An audit manager is conducting the annual meeting with manufacturing division management to discuss proposed audit plans and activities for the next year. After some discussion about the past years audit activity at twelve plants in the division, the divisional vice president agrees that all significant recommendations made by the audit staff refer to key controls and related operating activities that are correctly described for local management within the volume of standard operating procedures for the division. The vice president proposes to transcribe key control activities from the divisions extensive written procedures to a self-audit standard operating procedure (SOP)

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 183 of 262

questionnaire. What significance should the audit manager attach to such SOP questionnaires in relation to the proposed audit schedule for the next year?

Answers
A: The SOP questionnaires should improve control adequacy, but the auditors need to verify that controls are working as documented in the SOP. B: Adding this control should eliminate significant audit recommendations in the coming year, so the scope of audit activities can be reduced accordingly. C: Audit activity can be reduced if the vice president agrees to require internal auditing department approval on all divisional standard operating procedures. D: SOP questionnaires must be mailed and controlled by the internal auditing department to be considered in relation to the proposed audit schedule.

Answer Explanations
Answer (a) is the correct answer. A specific advantage of a SOP questionnaire is that it may be used by local management to periodically ensure that employee practices remain current with relevant, valid, and up-to-date standard operating procedures; this improves the overall level of control and the control environment when followup is included to ensure performance. Answer (b) is incorrect. These SOP questionnaires have no impact on inherent risk, and there is no evidence that such a control would be effective; there is no basis in fact for reducing the proposed scope. Answer (c) is incorrect. Standard operating procedures, as described, are providing directive controls, which appear to be adequate; adding internal auditing department approval does not impact the effectiveness of these controls. Answer (d) is incorrect. Control of SOP questionnaires by the internal auditing department would not affect the level of evidence obtained in this manner; information obtained via questionnaires must be verified to be considered objective.

Question: V2C5-0160
Checklists used to assess audit risk have been criticized for all of the following reasons except:

Answers
A: Providing a false sense of security that all relevant factors are addressed. B: Inappropriately implying equal weight to each item on the checklist. C: Decreasing the uniformity of data acquisition. D: Being incapable of translating the experience or sound reasoning intended to be captured by each item on the checklist.

Answer Explanations
Answer (a) is incorrect because this answer is a criticism of checklists.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 184 of 262

Answer (b) is incorrect because this answer is a criticism of checklists. Answer (c) is the correct answer. Checklists increase the uniformity of data acquisition. Answer (d) is incorrect because this answer is a criticism of checklists.

Question: V2C5-0161
When an internal auditor is interviewing to gain information, the auditor will not be able to remember everything that was said in the interview. The most effective way to record interview information for later use is to

Answers
A: Write notes quickly, trying to write down everything in detail, as it is said; then highlight important points after the meeting. B: Tape-record the interview to capture everything that everyone says; then type everything said into a computer for documentation. C: Hire a professional secretary to take notes, allowing complete concentration on the interview; then delete unimportant points after the meeting. D: Organize notes around topics on the interview plan and note responses in the appropriate area, reviewing the notes after the meeting to make additions.

Answer Explanations
Answer (a) is incorrect. Extensive note taking may interfere with your communication with your respondent, since you cannot maintain eye contact or notice nonverbal as well when you are occupied with your own notes. Answer (b) is incorrect. Tape recording might be used for controversial material, but generally will not elicit positive feelings from your respondent. For most organizational purposes, you will not need exact quotes, the major benefit of a recording. Answer (c) is incorrect. Aside from cost, this option would not work because of confidentiality and negative reaction from your respondent. This interview is your job, not someone elses. Answer (d) is the correct answer. Organizing note taking ahead of time helps you have time during the interview to listen and evaluate the responses and the reactions of your respondent.

Question: V2C5-0162
As part of the test of the effectiveness of a disaster recovery plan, the auditor plans to interview five employees from each of five different departments (25 employees in all). After the first few interviews, what would be the best way for the auditor to remain attentive during the remaining interviews?

Answers
A: Make up completely different questions to stay interested. B: Ask the questions in a slightly different format and in a different sequence. C: Have the rest of the employees write down their responses.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 185 of 262

D: Interview the remaining employees in groups of four or five.

Answer Explanations
Answer (a) is incorrect. The results of the auditors test depend on comparing responses to the same questions. Answer (b) is the correct answer. Changing the wording of the questions and the sequence in which they are asked may eliminate some of the tedium associated with a series of interviews and may also allow the auditor to refine the technique during the process. Answer (c) is incorrect. Written responses to questions are often very different from verbal responses, and the interviewer does not have the option of immediately pursuing a particular answer. Answer (d) is incorrect. Employees are less likely to be forthcoming in a group, particularly when their responses may be critical of management.

Question: V2C5-0163
When conducting interviews during the early stages of an internal audit, it is more effective to

Answers
A: Ask for specific answers that can be quantified. B: Ask people about their jobs. C: Ask surprise questions about daily procedures. D: Take advantage of the fact that fear is an important part of the audit.

Answer Explanations
Answer (a) is incorrect. Later fieldwork will cover information that can be quantified. Building rapport is more important in the early interviews. Answer (b) is the correct answer. Individuals feel more important when they are asked people questions rather than control questions. This will improve the important interpersonal part of building the audit relationship. Answer (c) is incorrect. Unless fraud is suspected or the audit deals with cash or negotiable securities, it is more effective to defuse the anxiety of anticipating the audit by providing information ahead of time explaining the audit process and how to prepare for it. Answer (d) is incorrect. Auditee fear may be a natural part of anticipating the audit, but the auditor should keep it from being an important continuing part of the audit by using good interpersonal skills to build a positive participative relationship with auditees.

Question: V2C5-0164
The current audit of disbursement activities shows a significant number of errors made during the accounts payable vouchering process that have resulted in lost discounts and an extraordinary number of adjustments and credit memos. To date the causes have not been fully identified for all types of errors noted. The most appropriate course of action for the auditor to take related to these problems is to

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 186 of 262

A: Interview accounts payable clerks and those involved in processing these transactions. B: Expand sample sizes for attributes already tested in transactions entered by accounts payable and purchasing. C: Concentrate on audit program requirements for cash disbursements testing to discover any related information from those tests. D: Describe the transaction-related problems identified to date in a special report to management without expressing a cause or an auditor's conclusion about the situation.

Answer Explanations
Answer (a) is the correct answer. The three methods of gathering feedback include observing, analyzing, and questioning; questioning the personnel and others affected within the organization represents the remaining method. Answer (b) is incorrect. Expanding sample sizes will generate more factual information about error rates in these attributes, but it will not provide feedback. Answer (c) is incorrect. The cash disbursements testing will show results of transaction processing after the vouchering process has been performed and corrections have been posted to the system; this information will not provide additional feedback. Answer (d) is incorrect. The auditor is looking to gather feedback.

Question: V2C5-0165
Interviewing techniques are used frequently by internal auditors. When considering the potential use of interviewing techniques to gather audit evidence, auditors should be aware those interviews

Answers
A: Are more objective than questionnaires in gathering data. B: Provide a systematic format to ensure audit coverage. C: Should be corroborated by gathering objective data. D: Are best suited to reaching audit conclusions.

Answer Explanations
Answer (a) is incorrect. Interviews are not more objective than questionnaires. Answer (b) is incorrect. Interviews do not provide a systematic format. Answer (c) is the correct answer. Evidence obtained by interviews should be corroborated. Answer (d) is incorrect. Evidence from interviews is not conclusive.

Question: V2C5-0166

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 187 of 262

Management has requested an audit of promotional expenses. The sales department has been giving away expensive items in conjunction with new product sales to stimulate demand. The promotion seems successful, but management believes the cost may be too high. Which of the following audit procedures would be the least useful to determine the effectiveness of the promotion?

Answers
A: A comparison of product sales during the promotion period with sales during a similar nonpromotion period. B: A comparison of the unit cost of the products sold before and during the promotion period. C: An analysis of marginal revenue and marginal cost for the promotion period, compared to the period before the promotion. D: A review of the sales department's reasons for believing that the promotion has been successful.

Answer Explanations
Answer (a) is incorrect. This comparison would help highlight the effectiveness of the promotion in increasing sales. Answer (b) is the correct answer. There is no indication that cost of the products sold has changed. The challenge is to address the effectiveness of the promotion. Answer (c) is incorrect. This is the key analysis, as it would show the extent of additional revenue versus cost. Answer (d) is incorrect. This would be helpful because the sales department may have useful information on new customers and repeat purchases.

Question: V2C5-0167
An internal auditor plans to use an analytical review to verify the correctness of various operating expenses in a division. The use of an analytical review as a verification technique would not be a preferred approach if

Answers
A: The auditor notes strong indicators of a specific fraud involving this account. B: The company has relatively stable operations that have not changed much over the past year. C: The auditor would like to identify large, unusual, or nonrecurring transactions during the year. D: The operating expenses vary in relation to other operating expenses, but not in relation to revenue.

Answer Explanations
Answer (a) is the correct answer. If the auditor already suspects fraud, a more directed audit approach would be appropriate. Answer (b) is incorrect. Relatively stable operating data are a good scenario for using analytical review. Answer (c) is incorrect. Analytical review would be useful in identifying whether large, nonrecurring, or unusual transactions occurred.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 188 of 262

Answer (d) is incorrect. Analytical review only needs to have accounts related to other accounts or other independent data. It does not require that they be related to revenue.

Question: V2C5-0168
During an audit, the internal auditor should consider the following factor(s) in determining the extent to which analytical procedures should be used:

Answers
A: Adequacy of the system of internal control. B: Significance of the area being examined. C: Precision with which the results of analytical audit procedures can be predicted. D: All of the above.

Answer Explanations
Answer (a) is incorrect. Adequacy of the system of internal control would be used to determine the extent of analytical audit procedures to be completed. Answer (b) is incorrect. The significance of the area being examined would be a factor in determining the extent of the analytical audit procedures to be used. Answer (c) is incorrect. The precision of the prediction of the internal audit results would be a factor in determining the extent of analytical audit procedures to be used. Answer (d) is the correct answer. All of the above factors would be considered in determining the extent of analytical audit procedures to be used.

Question: V2C5-0169
A restaurant food chain has over 680 restaurants. All food orders for each restaurant are required to be input into an electronic device that records all orders by food servers and transmits the order to the kitchen for preparation. All food servers are responsible for collecting cash for all their orders and must turn in cash at the end of their shift equal to the sales value of food ordered for their ID number. The manager then reconciles the cash received for the day with the computerized record of food orders generated. All differences are investigated immediately by the restaurant. Corporate headquarters has established monitoring controls to determine when an individual restaurant might not be recording all its revenue and transmitting the applicable cash to the corporate headquarters. Which one of the following would be the best example of a monitoring control?

Answers
A: The restaurant manager reconciles the cash received with the food orders recorded on the computer. B: All food orders must be entered on the computer, and there is segregation of duties between the food servers and the cooks.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 189 of 262

C: Management prepares a detailed analysis of gross margin per store and investigates any store that shows a significantly lower gross margin. D: Cash is transmitted to corporate headquarters on a daily basis.

Answer Explanations
Answer (a) is incorrect. This is an example of a reconciliation control applied at the store level. Monitoring refers to an overall control, which will tell management whether its other controls are operating effectively. Answer (b) is incorrect. These are operational and segregation controls. Answer (c) is the correct answer. Monitoring is a process that assesses the quality of the internal control structures performance over time. It involves appropriate personnel assessing the design and operation of controls on a timely basis and taking necessary actions. Monitoring can be done through ongoing activities or separate evaluations. Ongoing monitoring procedures are built into the normal recurring activities of an entity and include regular management and supervisory activities. Answer (d) is incorrect. This is a daily operational control.

Question: V2C5-0170
The auditor of a construction company that builds foundations for bridges and large buildings performed a review of the expense accounts for equipment (augers) used to drill holes in rocks to set the foundation for the buildings. During the review, the auditor noted that the expenses related to some of the auger accounts had increased dramatically during the year. The auditor spoke to the construction manager, who explained that the augers last two to three years and are expensed when purchased. Thus, the auditor should see a decrease in the expense accounts for these augers in the next year, but would expect an increase in the expenses of other augers. The auditor also found out that the construction manager is responsible for the inventorying and receiving of the augers and is a part owner of a company that supplies augers to the company. To improve the quality of equipment, the president of the company approved the supplier. Which of the following procedures would be the least appropriate audit procedure to address these analytical findings?

Answers
A: Note the explanation in the working papers for investigation during the next audit and perform no further work at this time. B: Develop a comparative analysis of auger expense over the past few years to determine if the relationship held in previous years. C: Take a sample of debits to the auger expense account and trace to independent shipping documents and to invoices for the augers. D: Arrange to take an inventory of augers to determine if the augers purchased this year were on hand and would be available for use in the next two years.

Answer Explanations
Answer (a) is the correct answer. This is the least appropriate audit procedure because it just defers the investigation to the following year. If a fraud was being conducted, it would not be appropriate to defer investigative action to the following year.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 190 of 262

Answer (b) is incorrect. This would be an effective procedure to establish the face validity of the managers explanation. If the relationship is valid, it should also hold for the previous years. Answer (c) is incorrect. This would be an appropriate attempt to establish some independent evidence as to whether the goods were received, because the construction manager has a conflict of interest. The auditor should look for the existence of receiving reports signed by someone other than the construction manager and should verify that the individuals signing the reports exist. Answer (d) is incorrect. This would be a good procedure to determine if the augers exist since they are supposed to be used over a two- to three-year period.

Question: V2C5-0171
The auditor of a construction company that builds foundations for bridges and large buildings performed a review of the expense accounts for equipment (augers) used to drill holes in rocks to set the foundation for the buildings. During the review, the auditor noted that the expenses related to some of the auger accounts had increased dramatically during the year. The auditor spoke to the construction manager, who explained that the augers last two to three years and are expensed when purchased. Thus, the auditor should see a decrease in the expense accounts for these augers in the next year, but would expect an increase in the expenses of other augers. The auditor also found out that the construction manager is responsible for the inventorying and receiving of the augers and is a part owner of a company that supplies augers to the company. To improve the quality of equipment, the president of the company approved the supplier. Assume the auditor did not find a satisfactory explanation for the results of the analytical procedures performed and has conducted the appropriate follow-up procedures. The audit of the area is otherwise complete. Which of the following would be the most appropriate action to take?

Answers
A: Note the actions and follow-up next year. Defer the reporting to management until a satisfactory explanation can be obtained. B: Expand audit procedures by observing the receipt of all augers during a reasonable period of time and trace the receipts to the appropriate accounts. Determine causes of any discrepancies. C: Report the findings, as they are, to management and recommend an investigation for possible irregularities. D: Report the findings to the construction manager and insist that appropriate internal controls, such as independent receiving reports, be implemented. Follow up to see if the controls are properly implemented.

Answer Explanations
Answer (a) is incorrect. This would only delay the reporting of an important finding. Answer (b) is incorrect. The results should be reported to management. The suggested audit procedure is incomplete and would not likely answer the question on the causes of the problem. Answer (c) is the correct answer. The IIA Standards states: Results, or relationships from applying analytical auditing procedures that are not sufficiently explained should be communicated to the appropriate levels of management. Answer (d) is incorrect. The results should be reported to other levels of management because the auditor has already noted that the construction manager has a conflict of interest. Further, the auditor cannot insist that controls be implemented; the auditor can only recommend.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 191 of 262

Question: V2C5-0172
An auditor performs an analytical review by comparing the gross margins of various divisional operations with those of other divisions and with the individual divisions perfor-mance in previous years. The auditor notes a significant increase in the gross margin at one division. The auditor does some preliminary investigation and also notes that there were no changes in products, production methods, or divisional management during the year. Based on the above information, the most likely cause of the increase in gross margin would be

Answers
A: An increase in the number of competitors selling similar products. B: A decrease in the number of suppliers of the material used in manufacturing the product. C: An overstatement of year-end inventory. D: An understatement of year-end accounts receivable.

Answer Explanations
Answer (a) is incorrect. An increase in the number of competitors would result in price competition and a likely decrease in gross margin. Answer (b) is incorrect. A decrease in the number of suppliers would cause less price competition on the incoming side and, all else being equal, would result in a decreased gross margin. Answer (c) is the correct answer. An overstatement of year-end inventory would result in an increase in the gross margin. Answer (d) is incorrect. A decrease in accounts receivable would be very unlikely to signal an increase in the gross margin.

Question: V2C5-0173
During an operational audit, an auditor compares the inventory turnover rate of a subsidiary with established industry standards in order to

Answers
A: Evaluate the accuracy of the subsidiary's internal financial reports. B: Test the subsidiary's controls designed to safeguard assets. C: Determine if the subsidiary is complying with corporate procedures regarding inventory levels. D: Assess the performance of the subsidiary and indicate where additional audit work may be needed.

Answer Explanations
Answer (a) is incorrect. Comparison with industry standards will not test the accuracy of internal reporting. Answer (b) is incorrect. Comparison with industry standards will not test the controls designed to safeguard the

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 192 of 262

inventory. Answer (c) is incorrect. Comparison with industry standards will not test compliance. Answer (d) is the correct answer. Such an analytical procedure will provide an indication of the efficiency and effectiveness of the subsidiarys management of the inventory.

Question: V2C5-0174
During an audit of a smaller division, the auditor notes the following regarding the purchasing function: There are three purchasing agents. Agent 1 is responsible for ordering all large component parts, Agent 2 is responsible for electric motors, and Agent 3 is responsible for smaller parts, such as fasteners. There are separate accounts payable and receiving departments. In order to hold vendors more responsible, all invoices are sent to the purchasing agent placing the order. The purchasing agent matches the vendor invoice, receiving slip, and purchase order. If all match, the purchasing agent sends the documents forward to the accounts payable department. The purchasing agent investigates differences. Only the accounts payable department has the ability to authorize an item for payment. All recorded receipts are immediately recorded into a perpetual inventory record by the department to which the goods are transferred after receipt. The auditor interviewed both management and the purchasing agents. Both groups were very satisfied with the current system because it helped maintain vendor accountability and provided sufficient segregation of duties since only the accounts payable department can authorize an item for payment. Which of the following audit procedures would be most effective in determining whether material fraud was taking place?

Answers
A: Take a random sample of cash disbursements and trace to approved purchase orders and receiving slips. B: Reconcile the perpetual inventory to the general ledger and investigate any differences. C: Take a random sample of purchase orders. Trace each purchase order to a receiving slip, vendor invoice, and approval by the accounts payable department. D: Perform an analytical review of inventory by product line to determine whether a particular product line has increased. Inquire of the purchasing agent as to the reason for the inventory increase.

Answer Explanations
Answer (a) is incorrect. This would not be an effective procedure because, by definition, all cash disbursements would be accompanied by approved documents. Answer (b) is the correct answer. A fraud would result in an overstatement of inventory in the ledger, but the perpetual inventory would reflect actual purchases. Answer (c) is incorrect. This procedure would only verify that purchase orders were processed. It would not indicate the existence of fictitious purchase orders. Answer (d) is incorrect. This procedure would provide limited evidence on the possibility of fraud, but would not be as complete as answer (a).

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 193 of 262

Question: V2C5-0175
During an audit of a smaller division, the auditor notes the following regarding the purchasing function: There are three purchasing agents. Agent 1 is responsible for ordering all large component parts, Agent 2 is responsible for electric motors, and Agent 3 is responsible for smaller parts, such as fasteners. There are separate accounts payable and receiving departments. In order to hold vendors more responsible, all invoices are sent to the purchasing agent placing the order. The purchasing agent matches the vendor invoice, receiving slip, and purchase order. If all match, the purchasing agent sends the documents forward to the accounts payable department. The purchasing agent investigates differences. Only the accounts payable department has the ability to authorize an item for payment. All recorded receipts are immediately recorded into a perpetual inventory record by the department to which the goods are transferred after receipt. The auditor interviewed both management and the purchasing agents. Both groups were very satisfied with the current system because it helped maintain vendor accountability and provided sufficient segregation of duties since only the accounts payable department can authorize an item for payment. The auditor is responsible for evaluating the control structure to determine if the structure would allow for undetected fraud. Based on the above scenario, the most likely undetected fraud, if any, would be

Answers
A: The purchasing agents could be purchasing the majority of products from a favorite vendor since rotation among purchasing agents is not mandatory. B: The purchasing agents could be sending fake purchase orders to a dummy vendor, inserting a receiving slip, and having payments made to the dummy vendor. C: The receiving department could be diverting receipts to different locations and failing to create receiving reports. D: The production department could be deflating the price of products purchased and thereby increasing the reported gross margin of sales.

Answer Explanations
Answer (a) is incorrect. There may be good reason to purchase most goods from a particular vendor. Nothing in the scenario suggests fraudulent activities. Answer (b) is the correct answer. This type of fraud would not be detected by the control system since the purchasing agent could insert the fictitious receiving slip. Answer (c) is incorrect. This possible fraud would be detected because no receiving report would be available to support the vendors invoice. Answer (d) is incorrect. This response is unrelated to the purchasing environment described above.

Question: V2C5-0176
Which of the following control procedures, if properly implemented, would best decrease the likelihood of fraud in the environment described above?

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 194 of 262

A: Require periodic rotation of purchases among different vendors. B: Require rotation of duties among the three purchasing agents. C: Require receiving reports be sent directly to accounts payable. D: Require that the receiving department make the updates to the perpetual inventory record.

Answer Explanations
Answer (a) is incorrect. This might partially deal with the problem, but the purchasing agent could just develop new dummy vendors. Further, this would be a trend away from establishing long-term relationships with key vendors as part of many TQM programs. Answer (b) is incorrect. Rotation of duties would not affect the type of fraud that could take place in this environment. The purchasing agent could just develop another dummy vendor for the new product line. Answer (c) is the correct answer. This change in procedures would make it difficult for the purchasing agent to insert a fictitious receiving report. An even better procedure would be to have both the receiving reports and vendor invoices be sent to accounts payable. Answer (d) is incorrect. This would just create an additional opportunity for fraud by the receiving department.

Question: V2C5-0177
Analytical procedures

Answers
A: Are considered direct evidence of the assertion being evaluated. B: Are compelling evidence when they involve recomputation. C: May provide the best available evidence for the completeness assertion. D: Are not sufficient by themselves for management assertions, but should be used for fraud.

Answer Explanations
Answer (a) is incorrect. Although relevant, analytical evidence is not direct. Answer (b) is incorrect. It is not a recomputation or compelling. Answer (c) is the correct answer. Analytical relationships provide evidence that related transactions have been recorded. Answer (d) is incorrect. For assertions and accounts of low materiality, analytical evidence is often considered sufficient.

Question: V2C5-0178
A company makes a practice of investing excess short-term cash in marketable equity securities. A reliable test of the valuation of those securities would be a

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 195 of 262

Answers
A: Comparison of cost data with current market quotations. B: Confirmation of securities held by the broker. C: Recalculation of investment carrying value using the equity method. D: Calculation of premium or discount amortization.

Answer Explanations
Answer (a) is the correct answer. This procedure would provide most competent evidence about value of the marketable equity securities. Answer (b) is incorrect. This procedure would not provide evidence about value. Answer (c) is incorrect. Marketable equity investments held for the short term are not subject to the equity method of accounting. Answer (d) is incorrect. There is no amortization of premium or discount on equity investments only on bonds and other debtor investments held for long-term purposes.

Question: V2C5-0179
Analytical procedures in which current financial statements are compared with budgets or previous statements are primarily intended to determine

Answers
A: Adequacy of financial statement disclosure. B: Existence of specific errors or omissions. C: Overall reasonableness of statement contents. D: Use of an erroneous cutoff date.

Answer Explanations
Answer (a) is incorrect. Analytical procedures do not generally provide evidence regarding the adequacy of disclosure. Answer (b) is incorrect. Analytical procedures do not disclose specific errors or omissions. Answer (c) is the correct answer. A determination of overall reasonableness can be made based on analytical procedures. Answer (d) is incorrect. Analytical procedures will not disclose specific errors of cutoff.

Question: V2C5-0180
During an internal audit, the auditor experienced difficulty obtaining required information from a specific em-

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 196 of 262

ployee. When this situation continued for one week, the auditor requested a private meeting with the employee for the purpose of identifying the problem and resolving the difficulty through open discussion. Which conflict management technique was the auditor applying?

Answers
A: Problem solving. B: Expansion of resources. C: Authoritative command. D: Altering the human variable.

Answer Explanations
Answer (a) is the correct answer. Problem solving involves face-to-face meetings. Answer (b) is incorrect. Expansion or resources requires more resources. Answer (c) is incorrect. The auditor does not use formal authority. Answer (d) is incorrect. The organizational structure has not changed.

Question: V2C5-0181
An audit supervisor is preparing the annual evaluation of a senior auditors overall performance. For each of the following criteria, select the one statement the supervisor could make that addresses the criterion and is appropriate for an evaluation. Problem-solving skills.

Answers
A: You need to further analyze alternatives before selecting a solution. B: Your ability to communicate ideas clearly is exemplary. C: You could expedite your problem solving by focusing on logic instead of reasoning activities. D: You are able to reduce conflict with ease and without putting individuals on the defensive.

Answer Explanations
Answer (a) is the correct answer. These skills are part of the problem-solving process. Answer (b) is incorrect because this is an interpersonal skill. Answer (c) is incorrect because both logic and reasoning skills are critical components of problem solving. Answer (d) is incorrect because this skill falls into the interpersonal category.

Question: V2C5-0182

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 197 of 262

An audit supervisor is preparing the annual evaluation of a senior auditors overall performance. For each of the following criteria, select the one statement the supervisor could make that addresses the criterion and is appropriate for an evaluation. Human resources management.

Answers
A: Your ability to effectively socialize within the organization has had a positive impact on the department. B: You have successfully handled numerous issues that have challenged your decision-making abilities. C: You have developed quite a strong reputation outside the department thereby increasing your credibility. D: Your motivational skills in the field increased morale within this department.

Answer Explanations
Answer (a) is incorrect because this is an activity found in networking. Answer (b) is incorrect because decision making is an activity associated with traditional management. Answer (c) is incorrect because this activity is found in networking. Answer (d) is the correct answer. This is a primary activity in human resource management.

Question: V2C5-0183
An organizations executive committee, meeting to solve an important problem, spent 30 minutes analyzing data and debating the cause of the problem. Finally, members agreed and could move on to the next step. Possible steps in the creative problem-solving process are listed below. Which step should the committee perform next?

Answers
A: Select a solution. B: Generate alternative solutions. C: Identify the problem. D: Consider the reaction of competitors to various courses of action.

Answer Explanations
Answer (a) is incorrect. This is the third step and cannot be taken prior to identifying alternatives. Answer (b) is the correct answer. This is the second step in the process and the one the group should take up next. Answer (c) is incorrect. Identifying the problem includes three parts: what is the actual situation, what is the desired situation, and, finally, identifying the cause of the problem. The stem describes completion of this step. Answer (d) is incorrect. This would be part of evaluating alternative solutions.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 198 of 262

Question: V2C5-0184
The president of an organization believes employees should be rewarded for innovative ideas and has established a formal method for employees to submit their ideas for consideration by top management. All employees who submit ideas are praised, and those whose ideas increase profits receive cash bonuses. Why do programs like this often result in greater innovation?

Answers
A: Innovation is intrinsically rewarding because it results in personal satisfaction and the pleasure derived from a job. B: The employees have been classically conditioned to be innovative. C: Employees who do not contribute innovative ideas are essentially punished because they do not receive praise and bonuses. D: Positive reinforcements, such as praise and cash bonuses, increase the probability that employees will submit innovative ideas.

Answer Explanations
Answer (a) is incorrect due to explanation given for the Answer (d). Answer (b) is incorrect because classical conditioning applies to reflexive behavior. The desired employee behavior in this probleminnovationis voluntary. Answer (c) is incorrect because programs like the one described in this problem do not punish anyone. They merely reward innovators and encourage all employees to participate voluntarily. Answer (d) is the correct answer. Although innovation is intrinsically rewarding to many people, employees of many companies do not believe innovation will be rewarded so they do not try to innovate or they keep their ideas to themselves. Programs like the one described in this problem offer extrinsic rewards.

Question: V2C5-0185
An operational audit of your organizations budget process has revealed that department heads frequently circumvent budget controls by actions such as padding their budgets and concealing opportunities to cut costs. One of the audit recommendations involves forming a group comprised of department heads to find a solution for this problem. Which one of the following methods is likely to generate a high level of commitment to the solution among members of the group?

Answers
A: The brainstorming technique in which group members orally identify as many alternatives as possible without criticism from other members. B: A mandate from top management. C: The Delphi technique in which a series of questionnaires is used to arrive at a consensus. D: An open discussion of the problem and potential solutions until a consensus is reached.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 199 of 262

Answer Explanations
Answer (a) is incorrect. Brainstorming is a good technique for generating a large number of ideas because it helps group members overcome the pressure to conform while the group is identifying options. It has no predictable effect, however, on the groups commitment to the solution. Answer (b) is incorrect. Top management mandates are unlikely to result in a high level of commitment, and they make group formation pointless. Answer (c) is incorrect. The Delphi technique is effective for generating a large number of ideas and for arriving at a consensus. It is not designed, however, for obtaining a high level of group commitment to the solution. Answer (d) is the correct answer. Open discussion in which the members reach consensus is the most effective technique for obtaining commitment to the solution.

Question: V2C5-0186
The auditor has recognized that a problem exists because the organizational unit has been too narrow in its definition of goals. The goals of the unit focus on profits, but the overall organizational goals are much broader. The auditor also recognizes that the auditee will resist any recommendations about adopting broader goals. The best course of action would be to

Answers
A: Avoid conflict and present only those goals that are consistent with the auditee's views since all others will be ignored. B: Identify the broader organizational goals and present a set of recommendations that attempts to meet both the organizational and auditee goals. C: Subtly mix the suggested solution with the problem definition so that the auditee will identify the solution apparently independently of the auditor. D: Only report the conditions found and leave the rest of the analysis to the auditees.

Answer Explanations
Answer (a) is incorrect. Organizations cannot avoid conflict. It is now becoming accepted that some levels of conflict are necessary in order for organizations to grow and adapt to a changing environment. Answer (b) is the correct answer. The auditor is responsible to the organization, not just the auditee, and should therefore report the problem to the auditee. Answer (c) is incorrect. Mixing solutions with problem identification is a frequent problem cited in the managerial literature, but is not an effective means of dealing with the problem identified. Answer (d) is incorrect. This would be a violation of the Standards, which specify reporting criteria.

Question: V2C5-0187
Which of the following problem-solving tools is an idea-generating and consensus-building technique?

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 200 of 262

A: Brainstorming. B: Synectics. C: Systems analysis. D: Nominal group technique.

Answer Explanations
Answer (a) is incorrect because brainstorming is a technique to generate a great number of ideas. Answer (b) is incorrect because synectics involves the use of nontraditional activities such as excursions, fantasies, and analogies. Answer (c) is incorrect because systems analysis breaks down a large problem into many smaller problems. Answer (d) is the correct answer. The nominal group technique is an idea-generating and consensus-building problem solving tool. This technique gives everyone an opportunity to express ideas without being interrupted by others in the group.

Question: V2C5-0188
A company has recently introduced total quality management (TQM). The director of internal auditing is faced with determining a new and innovative approach to auditing in this new environment. The director should

Answers
A: Seek isolation from all distractions in order to think the problem through. B: Bring the audit team together for a brainstorming session. C: Rely on the audit supervisor to develop a new approach. D: Use a disciplined problem-solving approach.

Answer Explanations
Answer (a) is incorrect. Group decisions tend to be more creative than individual decisions because they bring many points of view to bear on the problem. Answer (b) is the correct answer. Group decisions tend to be more creative than individual decisions. Answer (c) is incorrect. The supervisor is still an individual. Answer (d) is incorrect. The best way to enhance creativity is to involve other people.

Question: V2C5-0189
A company has four manufacturing plants spread throughout the country. Major decisions regarding production, product pricing, and strategic directions are controlled and coordinated through central headquarters. Two manufacturing plants (C and D) serve as suppliers to the other two plants (A and B) that produce the companys two major lines of industrial products. Since there are many interdependencies between the plants, a great deal of production, sales, and intracompany product transfers are controlled through central headquarters.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 201 of 262

Each plant is responsible for its own computer systems and for making purchases to support production. Sales orders come from sales representatives located throughout the country and can be transmitted directly to the production plant for processing or can be transmitted through central headquarters to the production plant for shipping and billing. All sales prices are determined at central headquarters. During the preliminary survey in conjunction with an upcoming audit of plant B, the auditor discovers that the plant has experienced production problems with costs far in excess of what management had planned and with finished goods inventory levels that are clearly excessive. Which of the following management control procedures would have best brought the problems to managements attention earlier?

Answers
A: Standard costing procedures are implemented at each plant with a summary of variances reported to central headquarters on a weekly basis. B: Perpetual inventory control procedures are implemented at each plant. A report is prepared detailing any inventory items with levels in excess of two weeks' production. The report goes to plant management and central headquarters. C: Production plans based on management forecasts are sent to the plants on a monthly basis. A weekly report compares actual production with forecasted production and weekly costs with budgeted costs. D: A weekly report is prepared which compares actual sales with forecasted sales and budgeted gross margin with actual gross margins. Inventory costs going into cost of goods sold should be computed on a last in, first out basis to be the most up-to-date.

Answer Explanations
Answer (a) is incorrect. A good standard cost system would assist management in identifying the causes of the cost overruns, but a report on variances, by itself, would not totally address the cost overruns or the excess production problems. Answer (b) is incorrect. Perpetual inventory records would be useful but not sufficient to address the cost overrun and the excessive inventory level. There is no rationale given for the criteria to be used in developing the management report. The Answer of two weeks of production in inventory may be low, or it may be excessive. It appears to be an arbitrary judgment that should be better justified. Answer (c) is the correct answer. This is a type of management control that, if implemented correctly, should have brought the problem to managements attention much sooner. Since there is a great deal of central coordination needed, it is important that management establish a reporting and control system to compare actual performance with budgeted performance. Answer (d) is incorrect. The problem is with production levels and production costs. Data on sales and gross margin do not provide timely input into the nature of the problem.

Question: V2C5-0190
A company has four manufacturing plants spread throughout the country. Major decisions regarding production, product pricing, and strategic directions are controlled and coordinated through central headquarters. Two manufacturing plants (C and D) serve as suppliers to the other two plants (A and B) that produce the companys two major lines of industrial products. Since there are many interdependencies between the plants, a great deal of production, sales, and intracompany product transfers are controlled through central headquarters. Each plant is responsible for its own computer systems and for making purchases to support production. Sales orders come from sales representatives located throughout the country and can be transmitted directly to the production plant for processing or can be transmitted through central headquarters to the production plant for

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 202 of 262

shipping and billing. All sales prices are determined at central headquarters. All sales prices are determined centrally and are electronically sent to the plant to update their sales price table (file). All sales transactions should be based on the prices in the computerized table. Any pricing deviations must be approved by the plant-marketing manager and by a manager in the marketing department at central headquarters for updating the tables. The internal auditor wishes to know how this processing is functioning. The most appropriate audit procedure and audit tools to use would be to

Answers
A: Document the flow of sales price information from headquarters to the plant, how the table is accessed and updated, and the use of the table in the billing program. B: Develop a flowchart of the sales order process to determine how orders are taken and priced. C: Use a questionnaire to identify who approves the shipment of goods and how the goods are priced. D: Obtain a copy of the existing program flowchart from the plant to determine how price data are accessed.

Answer Explanations
Answer (a) is the correct answer. This is the most complete answer. There are three potential problems: (1) the correct transfer of the data to the plants; (2) the ability to access and/or change the price data that are used by the computer program to develop sales invoices; and (3) the use of the tables in the billing program. This procedure develops information on all aspects of the process. Answer (b) is incorrect. This procedure provides information on the sales order process, but only limited information on how individual invoices are priced. It does not gather as much information as Answer (a). Answer (c) is incorrect. This is a limited procedure. Answer (d) is incorrect. This procedure would provide information about how the computer program is supposed to work, but may not be up-to-date and does not provide information on how the data are entered into the price tables.

Question: V2C5-0191
A company has four manufacturing plants spread throughout the country. Major decisions regarding production, product pricing, and strategic directions are controlled and coordinated through central headquarters. Two manufacturing plants (C and D) serve as suppliers to the other two plants (A and B) that produce the companys two major lines of industrial products. Since there are many interdependencies between the plants, a great deal of production, sales, and intracompany product transfers are controlled through central headquarters. Each plant is responsible for its own computer systems and for making purchases to support production. Sales orders come from sales representatives located throughout the country and can be transmitted directly to the production plant for processing or can be transmitted through central headquarters to the production plant for shipping and billing. All sales prices are determined at central headquarters. The auditor wishes to develop a flowchart of (1) the process of receiving sales order information at headquarters; (2) the transmission of the data to the plants to generate the shipment; and (3) the plants processing of the information for shipment. The auditor should

Answers
A: Start with management's decisions to set sales prices. Gather internal documentation on the approval process for changing sales prices. Complement documentation with a copy of the program flowchart.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 203 of 262

Prepare an overview flowchart that links these details. B: Start with a shipment of goods and trace the transaction back through the origination of the sales order as received from the sales representative. C: Start with the receipt of a sales order from a sales representative and walk-through both the manual and computerized processing at headquarters and the plant until the goods are shipped and billed. D: Obtain a copy of the plant's systems flowchart for the sales process, interview relevant personnel to determine if any changes have been made, then develop an overview flowchart that will highlight the basic process.

Answer Explanations
Answer (a) is incorrect. This is a good procedure to understand the process of making changes to the sales price data, but does not cover the processing of sales orders. Answer (b) is incorrect. Starting with the completed transaction does not provide as complete an understanding the full process. It will not identify flows where documents or data were peeled off and processed separately. Answer (c) is the correct answer. This provides the most complete description of the total process. Additionally, starting with the initiation of the transaction and tracing it through to the completion of the transaction allows the auditor to walk through and define both the processing and the relevant control procedures. Answer (d) is incorrect. This is a good procedure, but focuses only on the part of the processing that takes place at the plant level.

Question: V2C5-0192
A manager recently transferred from a manufacturing company to a service-oriented affiliate. When the manager unexpectedly announced a set of production standards, two employees quit on the spot, three others transferred out within a week, and the remaining employees were openly hostile. Select the best method for resolving this dysfunctional conflict situation.

Answers
A: Conflict triggering. B: Forcing. C: Smoothing. D: Problem solving.

Answer Explanations
Answer (a) is incorrect. A conflict trigger is a means of stimulating conflict. Answer (b) is incorrect. This method may submerge the conflict for a period of time, but it will not resolve the hurt feelings and mistrust. Answer (c) is incorrect. This is a stopgap measure and, like forcing, will not get to the root of the problem. Answer (d) is the correct answer. Problem solving is the only method that can remove the source of the conflict. However, it does require time.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 204 of 262

Question: V2C5-0193
A chief executive officer (CEO) believes that a major competitor may be planning a new campaign. The CEO sends a questionnaire to key personnel asking for original thinking concerning what the new campaign may be. The CEO selects the best possibilities then sends another questionnaire asking for the most likely option. The process employed by the CEO is called the

Answers
A: Least squares technique. B: Delphi technique. C: Maximum likelihood technique. D: Optimizing of expected payoffs.

Answer Explanations
Answer (a) is incorrect. The least squares method refers to regression analysis and involves specified variables. Answer (b) is the correct answer. The Delphi approach seeks to obtain group consensus on a relatively narrow set of alternatives through a series of iterations such as those described in the stem. Answer (c) is incorrect. The maximum likelihood technique is a complex alternative to least squares. Answer (d) is incorrect. Optimizing expected payoffs is used in decision-making alternatives, which relies on historical information.

Question: V2C5-0194
Listed below are situations and techniques for generating creative alternatives in solving problems. For each question, identify the technique most appropriate for each situation. (Answers are only used once.) A company wishes to determine what advertising mix among radio, television, and newspapers offers the optimal desired result in increased sales and improved public image.

Answers
A: Synectics. B: Value analysis. C: Brainstorming. D: Forced relationship.

Answer Explanations
Answer (a) is incorrect. Synectics is a highly structured approach to problem solving. It uses excursions, fantasies, and analogies. Answer (b) is the correct answer. Value analysis is primarily designed to optimize performance at a minimum

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 205 of 262

cost. Answer (c) is incorrect. The purpose of brainstorming is to generate a great number of ideas. Answer (d) is incorrect. Forced relationship involves the identification of a problem, the factors or forces contributing to making it a problem, and steps for generating solutions.

Question: V2C5-0195
Listed below are situations and techniques for generating creative alternatives in solving problems. For each question, identify the technique most appropriate for each situation. (Answers are only used once.) A company cannot identify why production has been decreasing at a particular plant. All efforts to isolate the cause with conventional accounting and administrative systems have failed. As a final effort before closing the plant, you need to gain the cooperation of selected employees from all levels. A small group will be formed to identify and solve this significant problem. All group-member suggestions will be evaluated equally, regardless of their position.

Answers
A: Brainstorming. B: Synectics. C: Blast then refine. D: Operations research.

Answer Explanations
Answer (a) is the correct answer. Brainstorming is a group approach to breaking down broadly based problems into essential elements. Answer (b) is incorrect. Synectics is a highly structured approach to problem solving. It uses excursions, fantasies, and analogies. Answer (c) is incorrect. Blasting, creating, and refining are used when a completely new way of thinking or speculation is required or when answering a question such as What else will do the job? Answer (d) is incorrect. Operations research is a management science discipline attempting to find optimal solutions to business problems.

Question: V2C5-0196
Listed below are situations and techniques for generating creative alternatives in solving problems. For each question, identify the technique most appropriate for each situation. (Answers are only used once.) Costs of a specific department must be cut by 40% and quality must improve or it cannot compete in the marketplace. This drastic charge was recently given to your department. You do not have time for more traditional techniques. You must come up with something quickly. Conventional cost-cutting techniques have been attempted but to no avail. You decide to employ a radical new production arrangement.

Answers
A: Blast then refine.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 206 of 262

B: Edisonian. C: Morphological matrix analysis. D: Operations research.

Answer Explanations
Answer (a) is the correct answer. Blast then refine is the technique being utilized. The old ways were completely disregarded and an entirely new approach was devised to meet the objectives of cost cutting and improved quality. Answer (b) is incorrect. Edisonian technique involves trial-and-error experimentation toward reaching a solution. Answer (c) is incorrect. Morphological matrix analysis is a system involving the methodical interrelating of all elements of a problem in order to discover new approaches to a solution. Answer (d) is incorrect. Operations research is a management science discipline attempting to find optimal solutions to business problems.

Question: V2C5-0197
Listed below are situations and techniques for generating creative alternatives in solving problems. For each question, identify the technique most appropriate for each situation. (Answers are only used once.) All attempts to solve a problem based on affirmative action program goals have failed. A very structured group to view the problem from management and various minority group perspectives has been created. All group members will be required to study the complaints and slogans of the various minority groups in order to produce a new program.

Answers
A: Synectics. B: Forced relationship. C: Brainstorming. D: Attribute listing.

Answer Explanations
Answer (a) is the correct answer. Synectics is a highly structured group approach utilizing various analogies and metaphors to assist in viewing problems from widely divergent viewpoints. Answer (b) is incorrect. Forced relationship involves the identification of a problem, the factors or forces contributing to making it a problem, and steps for generating solutions. Answer (c) is incorrect. The purpose of brainstorming is to generate a great number of ideas. Answer (d) is incorrect. Attribute listing emphasizes the detailed observation of each particular characteristic or quality of an item or situation.

Question: V2C5-0198
Listed below are situations and techniques for generating creative alternatives in solving problems. For each

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 207 of 262

question, identify the technique most appropriate for each situation. (Answers are only used once.) A company is about to introduce a new service and wishes to develop a new slogan and logo to be utilized in advertising and on company publications. You have been chosen to participate in this process and to look at past slogans, logos, and suggestions given by the advertising agency. You are not limited to the suggested ideas and have been encouraged to suggest original ideas of your own.

Answers
A: Brainstorming. B: Value analysis. C: Free association. D: Attribute listing.

Answer Explanations
Answer (a) is incorrect. The purpose of brainstorming is to generate a great number of ideas. Answer (b) is incorrect. Value analysis is primarily designed to optimize performance at a minimum cost. Answer (c) is the correct answer. Free association is the approach to idea stimulation whereby other symbols and ideas are to be freely associated with a problem. Answer (d) is incorrect. Attribute listing emphasizes the detailed observation of each particular characteristic or quality of an item or situation.

Question: V2C5-0199
Listed below are situations and techniques for generating creative alternatives in solving problems. For each question, identify the technique most appropriate for each situation. (Answers are only used once.) A company has a computer that it no longer needs because of a discontinued operation. Currently there are several computer projects that may be able to utilize the machine, but some modification will be necessary if such new application is to be successful.

Answers
A: Attribute listing. B: Operations research. C: Morphological matrix analysis. D: Synectics.

Answer Explanations
Answer (a) is the correct answer. Attribute listing is applied primarily to improve tangible objects by listing the parts and essential features of the object and systematically analyzing modifications to improve the object. Answer (b) is incorrect. Operations research is a management science discipline attempting to find optimal solutions to business problems.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 208 of 262

Answer (c) is incorrect. Morphological matrix analysis is a system involving the methodical interrelating of all elements of a problem in order to discover new approaches to a solution. Answer (d) is incorrect. Synectics is a highly structured approach to problem solving. It uses excursions, fantasies, and analogies.

Question: V2C5-0200
Listed below are situations and techniques for generating creative alternatives in solving problems. For each question, identify the technique most appropriate for each situation. (Answers are only used once.) A company has experienced numerous complaints because a passenger door has not opened smoothly. All attempts to repair the door have failed. The item is no longer under warranty and the manufacturer has informed the company that a very expensive new door must be purchased and installed to solve the problem. You have been asked to supervise an attempt by your engineering department to come up with less expensive alternative solutions.

Answers
A: Free association. B: Operations research. C: Blast then refine. D: Edisonian.

Answer Explanations
Answer (a) is incorrect. Free association is the approach to idea stimulation whereby other symbols and ideas are to be freely associated with a problem. Answer (b) is incorrect. Operations research is a management science discipline attempting to find optimal solutions to business problems. Answer (c) is incorrect. Blasting, creating, and refining are used when a completely new way of thinking or speculation is required or when answering a question such as What else will do the job? Answer (d) is the correct answer. The Edisonian approach has been chosen here. Edisonian technique involves trial-and-error experimentation toward reaching a solution.

Question: V2C5-0201
Listed below are situations and techniques for generating creative alternatives in solving problems. For each question, identify the technique most appropriate for each situation. (Answers are only used once.) A company is concerned that spare parts inventories are too large. It has attempted to keep critical parts for its fleet in stock so that equipment will have minimal downtime. Management wants to know what the optimal spare parts inventory should be if downtime is estimated to cost $150 per day. Carrying cost and order cost have not been measured. You have been asked to make a formal recommendation on spare parts stocking levels.

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 209 of 262

A: Operations research. B: Value analysis. C: Attribute listing. D: Brainstorming.

Answer Explanations
Answer (a) is the correct answer. Operations research attempts to find optimal solutions utilizing classical concepts such as statistics, simulation, and logical thinking to develop and test hypothesis. This application closely fits the problem and charge given. Answer (b) is incorrect. Value analysis is primarily designed to optimize performance at a minimum cost. Answer (c) is incorrect. Attribute listing emphasizes the detailed observation of each particular characteristic or quality of an item or situation. Answer (d) is incorrect. The purpose of brainstorming is to generate a great number of ideas.

Question: V2C5-0202
Management activities can be classified in three levels: strategic planning, management control, and operational control. Information requirements vary with the level of management activity. Which of the following best describes the information requirements for strategic planning?

Answers
A: Frequent use, external, aggregate information. B: Future-oriented, outdated, detailed information. C: Highly current, accurate, largely internal information. D: Wide scope, aggregate, future-oriented information.

Answer Explanations
Answer (a) is incorrect. It is not a frequent use. Answer (b) is incorrect. It is not detailed or necessarily outdated. Answer (c) is incorrect. None applies. Answer (d) is the correct answer. The focus of a strategic planning is on broad issues dealing with a time horizon of five to ten years and looking at a macro level.

Question: V2C5-0203
The control self-assessment (CSA) is a

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 210 of 262

A: Directive auditing tool. B: Preventive auditing tool. C: Detective auditing tool. D: Corrective auditing tool.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. The CSA is a preventive auditing tool in that it identifies issues and problems earlier before they get bigger.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0204
The control self-assessment (CSA) is a

Answers
A: Compliance audit engagement. B: Consulting engagement. C: Financial audit engagement. D: Operational audit engagement.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. The CSA is not a traditional audit engagement applied to financial, operational, and compliance areas. It is a consulting engagement in identifying problems and solving them for the benefit of the organization.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0205
The most popular approach to control self-assessment (CSA) is the

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 211 of 262

Answers
A: Workshop approach. B: Questionnaire approach. C: Survey approach. D: "Wall-writing" approach.

Answer Explanations
Answer (a) is the correct answer. The workshop is the most popular approach to CSA in assessing risks and evaluating controls for a given objective or process. In the wall-writing approach, meeting participants respond to questions posed by the facilitator of the workshop (meeting). The questionnaire approach and the survey approach are the same.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0206
When the culture of an organization is supportive of candid employee responses in a control self-assessment workshop, which of the following is favored by most organizations?

Answers
A: Audit-facilitated workshops. B: Client-facilitated workshops. C: Questionnaire approach. D: Management-produced analyses.

Answer Explanations
Answer (a) is the correct answer. A CSA approach using facilitated workshops (meetings) with the internal auditors as facilitators is favored by most organizations. This approach is especially good when the culture of the organization is supportive of candid participant responses in the workshops. Self-certification is an output of management-produced analyses.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 212 of 262

Question: V2C5-0207
When the culture of an organization is not supportive of candid employee responses in a control self-assessment workshop, which of the following can be suggested to organizations?

Answers
A: Audit-facilitated workshops. B: Client-facilitated workshops. C: Questionnaire approach. D: Meeting approach.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. When an organizations culture does not support a participative approach like facilitated workshops, questionnaires and management-produced analyses of controls can be used. The meeting approach is the facilitated workshop approach, whether it is an audit or client facilitated.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0208
Which of the following is used when an organization wants to investigate a control breakdown?

Answers
A: Management-produced analyses. B: Surveys. C: Questionnaires. D: Workshops.

Answer Explanations
Answer (a) is the correct answer. Management-produced analysis is a special type of self-assessment and used in self-certification of internal controls, annual representation letter required by external auditors, during a new computer system development project, during business combinations, or during an investigation into the reasons why a particular control breakdown or fraud occurred.

This answer is incorrect. Refer to the correct answer explanation.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 213 of 262

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0209
Which of the following control self-assessment (CSA) approaches or formats are used about 70% of the time? I. Workshops. II. Surveys. III. Questionnaires. IV. Interviews.

Answers
A: I or II. B: II or III. C: I or IV. D: III or IV.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. Workshops or interviews are used in about 70% of CSA efforts; surveys or questionnaires are used about 30% of the time.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0210
The work flow in the control self-assessment (CSA) workshops objectives-risks-controls-residual risksassessment is referred to as

Answers
A: Objective-based approach. B: Risk-based approach. C: Control-based approach. D: Process-based approach.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 214 of 262

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. The risk-based approach examines risks first in achieving an objective, looks at controls next, and finally identifies any significant residual risks. The risk-based workshop takes the participants through the entire sequence of objectives-risks-controls. The work flow in the objective-based approach is objectives-controls-residual risks-assessment. The work flow in the control-based approach is objectives-riskscontrols-assessment. The work flow in the process-based approach is overall objectives-activity-level objectivesrisks-controls-assessment.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0211
Which of the following components of the enterprise risk management (ERM) framework addresses processes and people in an organization?

Answers
A: Strategic risks. B: Operational risks. C: Financial risks. D: Hazard risks.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. The operational risk is related to the organizations internal systems, products, services, processes, technology, and people. The strategic risks include risks related to strategy, political, economic, regulatory, and global market conditions. It also includes reputation risks, leadership risks, brand management risks, and customer risks. The financial risk includes risks from volatility in foreign currencies, interest rates, and commodities. It also includes credit risk, liquidity risk, and market risk. The hazard risk includes risks that are insurable, such as natural disasters, various insurable liabilities, impairment of physical assets and property, and terrorism. The ERM includes both upside and downside risks.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0212
Which of the following is not the goal of enterprise risk management (ERM) initiatives?

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 215 of 262

Answers
A: Integrating risks. B: Creating shareholder value. C: Protecting shareholder value. D: Enhancing shareholder value.

Answer Explanations
Answer (a) is the correct answer. The ERM approach is more than just integrating risks, where risks are a part of uncertainty. The goal of an ERM initiative is to create, protect, and enhance shareholder value by managing the uncertainties that could influence in achieving the organizations objectives.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0213
The scope of enterprise risk management (ERM) encompasses which of the following? I. Creating opportunities. II. De-risking opportunities. III. Analyzing strengths. IV. Focusing on weaknesses.

Answers
A: I and II. B: I and III. C: III and IV. D: I, III, and IV.

Answer Explanations
Answer (a) is the correct answer. According to the IIA Research Foundation, ERM defines risk as any event or action that could adversely influence an organizations ability to achieve its objectives. ERM encompasses the more traditional view of potential hazards (threats) as well as opportunities. Management must consider derisking the opportunities when creating and evaluating new opportunities. Risks and opportunities move together, and the key is to determine if the potential of a given opportunity exceed the risks. Items III and IV are part of the strength, weaknesses, opportunity, and threat (SWOT) analysis used in strategic management. When companies fail to manage risks, opportunities are missed, and shareholder value can be lost, which creates great pressure on management to improve corporate governance.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 216 of 262

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0214
The enterprise risk management (ERM) focuses on which of the following?

Answers
A: Value-added potential. B: Risk management process. C: Asset management principles. D: Management accountability.

Answer Explanations
Answer (a) is the correct answer. According to the IIA Research Foundation, the chief audit executives (CAEs) of the study companies understand the value-added potential of ERM, which made them very effective ERM champions. ERM adds value because it is both inward-looking and forward-thinking. The other three Answers are part of the value-added potential.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0215
The role and focus of the internal audit function in enterprise risk management (ERM) with the objective of improving corporate governance includes which of the following? I. Follow-up on ERM scorecards. II. Internal controls for ERM. III. The IIAs Standards on ERM. IV. Follow-up on ERM metrics.

Answers
A: I and II. B: II and III. C: I and IV. D: III and IV.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 217 of 262

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. Traditionally, the internal audits role has been to provide reliable, overall assessment of risks and internal control effectiveness. In light of ERM implementation in improving corporate governance, internal auditors now (1) take a more business-oriented approach to audit companys operations, (2) change their audit approach to focus on business risk, (3) perform more effective follow-up on open ERM scorecards and metrics to increase management accountability, and (4) review formal action plans developed by management as part of the ERM implementation. Scorecards, metrics, and formal action plans are key part of the ERM infrastructure.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0216
Which of the following attributes of the internal audit department can hinder the implementation of enterprise risk management (ERM) in the auditors organization? I. Control-based audit approach. II. Use of traditional auditing tools. III. Consultant role. IV. Facilitation skills.

Answers
A: I and II. B: II and III. C: I and IV. D: III and IV.

Answer Explanations
Answer (a) is the correct answer. In order to meet the ERM implementation challenge, the internal auditor should (1) use a risk-based audit approach (not a control-based approach), (2) be a consultant to the ERM implementation team (not as a policeman), (3) focus on future events (not past events), and (4) acquire competent skills to become an ERM facilitator (not use traditional accounting and auditing tools and skills).

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0217

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 218 of 262

According to the control self-assessment (CSA) approach, which of the following address soft controls?

Answers
A: Control self-assessment techniques. B: Dual controls. C: Authorization techniques. D: Traditional audit techniques.

Answer Explanations
Answer (a) is the correct answer. Control self-assessment (CSA) is a management technique where an organizations members identify and analyze controls and risks within business processes for continuous improvement. CSA techniques address soft controls while traditional audit techniques focus on hard controls. Soft controls are informal while hard controls are formal. Soft controls are more difficult to assess than hard controls. An example of a hard control is: Is there a code of ethics in place? An example of a soft control is: Are the employees willing to follow it?

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0218
The role of an internal auditor in introducing a control self-assessment (CSA) program into the organization is that of a(n)

Answers
A: Enabler. B: Reviewer. C: Evaluator. D: Enforcer.

Answer Explanations
Answer (a) is the correct answer. The internal auditor is an enabler (facilitator) in introducing the control selfassessment program into his or her organization. The roles mentioned in the other answers reflect the various roles in traditional audits.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 219 of 262

Question: V2C5-0219
In the implementation of control self-assessment (CSA), which of the following examines a given business process in depth?

Answers
A: Horizontal sessions. B: Diagonal sessions. C: Vertical sessions. D: Individual sessions.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. The implementation of the CSA program is categorized as either vertical or horizontal. Vertical sessions are process-specific sessions that examine a given business process in depth. Horizontal sessions are organization-wide (or division-wide) sessions that cut across departmental responsibilities to identify and control risks that have a broader effect. Diagonal and individual sessions are distracters.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0220
The major purpose of control self-assessment (CSA) is

Answers
A: Control. B: Improvement. C: Documentation. D: Auditing.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. Most people react badly to the concept of being controlled and audited. The

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 220 of 262

chore of documentation is not exciting to many either. Improvement resulting from a self-assessment exercise where interested parties in the organization are involved from the beginning in the evaluation process will lead to effective results and outcomes.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0221
Control self-assessment (CSA) is a process that involves employees in assessing the adequacy of controls and identifying opportunities for improvement within an organization. Which of the following are reasons to involve employees in this process? I. Employees become more motivated to do their jobs right. II. Employees are objective about their jobs. III. Employees can provide an independent assessment of internal controls. IV. Managers want feedback from their employees.

Answers
A: I and II. B: III and IV. C: I and IV. D: II and IV.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. Items I and IV are the reasons for involving employees in the process. Item II is incorrect. Employees in general are not felt to be objective about their jobs and/or performance. Item III is incorrect. Although employees can be involved in assessing internal controls, these would not be considered independent assessments.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0222
An auditor becomes concerned that fraud in the form of payments to bogus companies may exist. Buyers, who are responsible for all purchases for specific product lines, are able to approve expenditures up to $50,000 without any other approval. Which of the following audit procedures would be most effective in addressing the auditors concerns?

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 221 of 262

A: Use generalized audit software to list all purchases over $50,000 to determine whether they were properly approved. B: Develop a "snapshot" technique to trace all transactions by suspected buyers. C: Use generalized audit software to take a random sample of all expenditures under $50,000 to determine whether they were properly approved. D: Use generalized audit software to list all major vendors by product line; select a sample of paid invoices to new vendors and examine evidence which shows that services or goods were received.

Answer Explanations
Answer (a) is incorrect. This would provide evidence only on purchases above $50,000, which must be approved by someone other than the buyer. Answer (b) is incorrect. This would only provide information on whether the transactions that were authorized by the buyer were properly processed. It does not provide evidence on whether the transaction should have been processed. Answer (c) is incorrect. This would provide information on whether transactions under $50,000 contained the buyers authorization. That is not the question here; the question is whether there is support for the expenditure. Further, this procedure is limited because it is not directed to the specific indicators that a fraud might exist. Answer (d) is the correct answer. This is the most comprehensive procedure because it identifies major vendors, concentrates on new vendors, and searches for underlying support that goods or services were provided by the vendor.

Question: V2C5-0223
An auditor wishes to determine the extent to which invalid data could be contained in a human resources computer system. Examples would be an invalid job classification, age in excess of retirement age, or an invalid ethnic classification. The best approach to determine the extent of the potential problem would be to

Answers
A: Submit test data to test the effectiveness of edit controls over the input of data. B: Review and test access controls to ensure that access is limited to authorized individuals. C: Use generalized audit software to develop a detailed report of all data outside specified parameters. D: Use generalized audit software to select a sample of employees. Use the sample to determine the validity of data items and project the result to the population as a whole.

Answer Explanations
Answer (a) is incorrect. Test data would provide evidence on whether the edit controls are currently working. The concern, however, is that data may have entered the system earlier and may be corrupted. Answer (b) is incorrect. Access controls are important, but they do not address the auditors major concern, which is to determine the extent of the potential problem as a precursor for planning the extent to which additional audit work is necessary. Answer (c) is the correct answer. This is both the most effective and the most efficient procedure as it provides a

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 222 of 262

comprehensive analysis of the extent that obviously incorrect data is included in the database. Answer (d) is incorrect. This is a valid procedure, but given the auditors more limited objective, answer (c) provides more comprehensive and efficient evidence.

Question: V2C5-0224
A bank internal auditor wishes to determine whether all loans are backed by sufficient collateral, properly aged as to current payments, and properly categorized as current or noncurrent. The best audit procedure to accomplish this objective would be to

Answers
A: Use generalized audit software to read the total loan file, age the file by last payment due, and take a statistical sample stratified by the current and aged population. Examine each loan selected for proper collateralization and aging. B: Take a block sample of all loans in excess of a specified dollar limit and determine if they are current and properly categorized. For each loan approved, verify aging and categorization. C: Take a discovery sample of all loan applications to determine whether each application contains a statement of collateral. D: Take a sample of payments made on the loan portfolio and trace them to loans to see that the payments are properly applied. For each loan identified, examine the loan application to determine that the loan has proper collateralization.

Answer Explanations
Answer (a) is the correct answer. This is the best procedure because it takes a sample from the total loan file and tests to determine that the loan is properly categorized as well as properly collateralized. Answer (b) is incorrect. This sample only deals with large-dollar items and does not test for proper collateralization. Answer (c) is incorrect. This is an inefficient audit procedure because it samples from loan applications, not loans approved. Answer (d) is incorrect. This would be an ineffective procedure because it is based only on loans in which payments are currently being madeit does not include loans that should have been categorized differently because payments are not being made.

Question: V2C5-0225
A retail company uses electronic data interchange (EDI) to order all of its merchandise. The goods are received at a central warehouse, where they are electronically scanned into the computer to determine that a purchase order had been issued and to record the goods. The goods are price-marked at the warehouse and shipped to individual stores within twenty-four to forty-eight hours. Inventory and accounts payable is updated when the goods are received. The company receives an invoice electronically from the vendor. A computer program matches the invoice with the applicable purchase order and receiving information. If the items match, the invoice is scheduled for payment and a report is made to the treasurer. If the invoice does not match the other items within predefined ranges, a report is generated and sent to accounts payable for further investigation. All the applicable documents are electronically marked, cross-referenced, and retained in open files.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 223 of 262

The auditor wants to determine whether the computer program is appropriately matching the purchase receipts and vendor invoices throughout the year. Which one of the following computerized audit techniques would be most efficient and effective in accomplishing this objective?

Answers
A: Use the test data method during the last quarter. B: Use an integrated test facility throughout the year. C: Use "parallel simulation" technique and apply on a monthly basis. D: Use the SCARF (systems control audit review file) on a daily basis.

Answer Explanations
Answer (a) is incorrect. The test data method is limited to a point in time in which the testing is accomplished. Using it only during the last quarter of the year would not be effective unless there was also a test of program changes. Answer (b) is the correct answer. The integrated test facility would allow the auditor to submit data periodically during the year to determine how well the program worked throughout the year. Answer (c) is incorrect. Parallel simulation would not be an efficient technique because it would cause the auditor to develop a massive parallel system. Answer (d) is incorrect. The SCARF method is used to identify outliers (transactions with unusual characteristics or transactions that are processed when they do not pass normal edit controls). It simply writes these transactions out to a file for further audit investigation. It would not be a good technique for addressing the audit objective.

Question: V2C5-0226
A retail company uses electronic data interchange (EDI) to order all of its merchandise. The goods are received at a central warehouse, where they are electronically scanned into the computer to determine that a purchase order had been issued and to record the goods. The goods are price-marked at the warehouse and shipped to individual stores within twenty-four to forty-eight hours. Inventory and accounts payable is updated when the goods are received. The company receives an invoice electronically from the vendor. A computer program matches the invoice with the applicable purchase order and receiving information. If the items match, the invoice is scheduled for payment and a report is made to the treasurer. If the invoice does not match the other items within predefined ranges, a report is generated and sent to accounts payable for further investigation. All the applicable documents are electronically marked, cross-referenced, and retained in open files. The auditor wants to determine the extent to which items are not matched at year-end and investigate the potential cause of the nonmatching items. Which one of the following audit procedures would be most effective in determining the items to investigate?

Answers
A: Submit test data to identify attributes of nonmatching items. Follow up by investigating the attributes identified. B: Use generalized audit software to read the purchase order file for the year. Select a statistical sample of purchase orders and trace to applicable receiving and vendor invoice files.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 224 of 262

C: Use SCARF to identify unusual items. Take an attribute sample and trace to the underlying paper documents. D: Use generalized audit software to read the electronically marked unmatched items.

Answer Explanations
Answer (a) is incorrect. The test data method would only tell us whether the computer program is working correctly at one point in time. It would not identify all the problems encountered during the year. Answer (b) is incorrect. Generalized audit software is a good tool, but it would not be used efficiently here since it is reading the purchase order file only. Many of the items selected may have been appropriately matched and some may not have been filled. Answer (d) is more efficient. Answer (c) is incorrect. SCARF would not be an effective audit tool because the auditor wishes to identify nonmatched items. Answer (d) is a more encompassing solution. Answer (d) is the correct answer. This would be the best method because it would sample from a population that has been explicitly identified as nonmatching. It allows the auditor to analyze the potential problems before investigating further.

Question: V2C5-0227
Governmental auditors have been increasingly called on to perform audits to determine whether individuals are getting extra social welfare payments. One common type of welfare fraud is individuals receiving more than one social welfare payment. This is often accomplished by filing multiple claims under multiple names, but using the same address. Which of the following computer audit tools and techniques would be most helpful in identifying the existence of this type of fraud?

Answers
A: Tagging and tracing. B: Generalized audit software. C: Integrated test facility. D: Spreadsheet analysis.

Answer Explanations
Answer (a) is incorrect. Tagging and tracing is most effective to determine that items properly submitted are processed correctly. Answer (b) is the correct answer. Generalized audit software could be used to develop a list of multiple recipients at one address. The list could then be investigated further to determine the possibility of fraud. Answer (c) is incorrect. The ITF is most effective to determine that items properly submitted are processed correctly. Answer (d) is incorrect. This would not be the most effective technique.

Question: V2C5-0228

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 225 of 262

The auditor determines that a major user application is implemented on a spreadsheet. The spreadsheet takes input regarding projected freight deliveries from the mainframe computer and develops an optimal freight-dispatching plan. When first used two years ago, the spreadsheet helped reduce costs dramatically. However, freight costs have been increasing, and no one, other than the developer, has reviewed the spreadsheet. The freight-dispatching algorithm is complicated, but the auditor has researched the area and understands the algorithm and its correct computation. The auditor wishes to gain assurance on whether the spreadsheet has properly implemented the freight-dispatching algorithm. Which of the following audit procedures would accomplish the task? I. Develop an independent spreadsheet and run test data through it and through the users spreadsheet. Compare the results. II. Use a product to print out the logic of the user spreadsheet. Examine the logic to determine if it has been correctly incorporated into the spreadsheet. III. Develop a set of test data and manually calculate the expected results. Run the test data through the user application.

Answers
A: II only. B: I and III. C: I, II, and III. D: I only.

Answer Explanations
Answer (a) is incorrect because all three of the procedures would work. Answer (b) is incorrect because all three of the procedures would work. Answer (c) is the correct answer. All three audit approaches would work. If we were to rank order the effectiveness, it would be I, III, then II. However, if properly implemented, procedure II would work. Answer (d) is incorrect because all three of the procedures would work.

Question: V2C5-0229
The auditor determines that a major user application is implemented on a spreadsheet. The spreadsheet takes input regarding projected freight deliveries from the mainframe computer and develops an optimal freight-dispatching plan. When first used two years ago, the spreadsheet helped reduce costs dramatically. However, freight costs have been increasing, and no one, other than the developer, has reviewed the spreadsheet. The freight-dispatching algorithm is complicated, but the auditor has researched the area and understands the algorithm and its correct computation. Assume the audit testing performed in the previous question indicates that the spreadsheet has correctly implemented the freight-dispatching algorithm. Which of the following conclusions is(are) justified from the audit evidence? I. The spreadsheet must be obtaining incorrect data when it is downloaded from the mainframe. II. Although the algorithm is correctly implemented, it is not the most efficient algorithm. III. The increased freight costs must be due to some other cause than the spreadsheet calculation.

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 226 of 262

A: III only. B: I, II, and III. C: I and II. D: II only.

Answer Explanations
Answer (a) is the correct answer. The only justifiable conclusion that can be reached based on the audit tests is that something other than the calculation is causing the increase in freight costs. Answer (b) is incorrect. Although hypotheses I and II may be potential explanations, they would need to be tested. They represent hypotheses, not conclusions. Answer (c) is incorrect. Although hypotheses I and II may be potential explanations, they would need to be tested. They represent hypotheses, not conclusions. Answer (d) is Incorrect because the auditor has researched the potential algorithms and did not conclude that the one implemented is not sufficient. There is not enough evidence to justify this conclusion.

Question: V2C5-0230
The auditor wishes to test controls over computer program changes. The specific objective to be addressed in the following audit step is that only authorized changes have been made to computer programs (i.e., there are no unauthorized program changes). The organization uses an automated program library system, and the auditor obtains copies of the table of contents of the program library system at various periods of time. The table of contents indicates the date a change was last made to the program, the version number of the program, and the length of the program. Which of the following audit procedures would best address the stated objective?

Answers
A: Use generalized audit software to randomly select a sample of current applications. Trace those selected to program change authorization forms. B: Take a sample of all program change requests. Trace the requests to proper authorization and to changes in the program library. C: Use generalized audit software to compare the table of contents of the program library currently with an auditor copy made previously. Compare and identify differences. Select a sample of the differences for further investigation. D: Obtain a list of programming projects implemented by the data processing manager during the last six months. Take a sample from the list and trace to program change authorization forms.

Answer Explanations
Answer (a) is incorrect. This would be an inefficient procedure. Many programs will not have changes made to them during the applicable time period. Thus, there will not be program change request forms for many items selected. Answer (b) is incorrect. Sampling from authorized changes will tell the auditor only that authorized changes had been made. The auditor is searching for unauthorized changes.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 227 of 262

Answer (c) is the correct answer. This would be the best procedure. Since the auditor is looking for unauthorized changes, the auditor must first identify all changes that have taken place. The auditor then investigates the changes to see if they had been authorized. Answer (d) is incorrect. Similar to response (b), the population only identifies those projects that have been authorized. The auditor is concerned with unauthorized changes.

Question: V2C5-0231
Auditors have learned that increased computerization has created more opportunities for computer fraud, but has also led to the development of computer audit techniques to detect frauds. A type of fraud that has occurred in the banking industry is a programming fraud where the programmer designs a program to calculate daily interest on savings accounts to four decimal points. The programmer then truncates the last two digits and adds it to his or her account balance. Which of the following computer audit techniques would be most effective in detecting this type of fraud?

Answers
A: Parallel simulation. B: Generalized audit software that selects account balances for confirmation with the depositor. C: Snapshot. D: SCARF (systems control and audit review file).

Answer Explanations
Answer (a) is the correct answer. This method would work best because the amounts credited to each account would be compared to that calculated by the auditors parallel program. Answer (b) is incorrect. It is doubtful that confirmation of an account balance would detect errors less than 1 cent made on a daily basis. Answer (c) is incorrect. Snapshot is a technique for tracing the processing of transactions through a system. It would not be applicable here. Answer (d) is incorrect. SCARF is an audit technique that captures unusual transactions (or transactions in excess of edit checks) that have been submitted for processing. The auditor can later evaluate the items. It is not applicable here.

Question: V2C5-0232
While performing analytical procedures related to an audit of a social services agency of a government entity, the auditor noted that there was an unusually large increase in payments to individual recipients who are under the direction of a particular social worker in the agency. Which of the following audit procedures would be the best procedure to investigate this observation?

Answers
A: Use generalized audit software to sort payments to recipients by social worker. Then sort the payments by common addresses and names.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 228 of 262

B: Implement an integrated test facility and monitor transactions throughout the year to identify unusual items. C: Implement the snapshot approach and tag transactions that are related to the social worker identified with the unusually large increases. D: Use generalized audit software to take a random sample of recipients and investigate by sending confirmations to each recipient to determine if they had received proper payments.

Answer Explanations
Answer (a) is the correct answer. This would be the best procedure because it would be an efficient manner to determine if there were any easily seen fraudulent pattern associated with the payments under the control of the social worker. Answer (b) is incorrect. The integrated test facility is designed to test the correctness of processing, not whether only valid recipients are receiving payment. Answer (c) is incorrect. This is a future-oriented approach and would not provide much information about the possibility of fraudulent items currently contained in the file. Like the ITF, snapshot concentrates on the processing of data, not the addition of new recipients to the files. Answer (d) is incorrect. Sending confirmations to the recipients listed on the file would not be the first approach that is being used for two reasons: (1) response (a) better establishes whether there is a defined pattern of potential fraud; (2) if the recipients are indeed fraudulent, the social worker will receive the confirmation (all sent to a common address) and will be able to respond positively.

Question: V2C5-0233
While performing analytical procedures related to an audit of a social services agency of a government entity, the auditor noted that there was an unusually large increase in payments to individual recipients who are under the direction of a particular social worker in the agency. The auditor is considering making a recommendation on appropriate controls to address a potential problem of fictitious recipients. The auditor has identified the following control procedures as potential items to include in the recommendation. I. Require that all additions to the recipient file be independently investigated and approved by a supervisor of the social workers. II. Require the use of self-checking digits on the account numbers of all recipients so that any duplicates will be immediately noted by the system. III. Incorporate a code into the computer program to search for duplicate names and addresses. Develop an exception report that will go the section supervisor whenever duplicates are noted. IV. Require social workers to be rotated among recipients. Which of the following control combinations would effectively address the auditors concerns and improve control over valid recipients?

Answers
A: I, II, III, and IV. B: I, II, and III. C: I and IV.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 229 of 262

D: I, III, and IV.

Answer Explanations
Answer (a) is incorrect. Item II would not add to the control. Answer (b) is incorrect. The self-checking digit would not improve the control procedure. Each recipient set up in the system would have a unique self-checking digit. The concern is over the process of setting up valid recipients. Answer (c) is incorrect. Item III would also contribute. Answer (d) is the correct answer. All three of these responses would be effective in dealing with the audit and control concern identified by the auditor: Item I segregates duties, Item III incorporates an important computer check, and Item IV rotates duties so that a new worker will find that some recipients are not valid.

Question: V2C5-0234
Many public utility companies operate complex customer service systems (CSS) to manage their customer service function. CSS operate in an online, real-time environment, which allows customer service data to be directly entered online from customer telephone calls. Which of the following IT auditing techniques provides the auditor with the capability to continuously monitor customer service data that are collected from telephone calls in CSS?

Answers
A: Generalized audit software. B: Control flowcharting. C: Embedded audit data collection. D: Integrated test facility (ITF).

Answer Explanations
Answer (a) is incorrect because generalized audit software can be used for data collection, but operates independentlyand thus not continuouslyfrom an application. Answer (b) is incorrect because control flowcharting is developed to document and/or review the controls in an application system. Answer (c) is the correct answer. Embedded audit data collection provides the auditor with the capability to continuously monitor the operation of an application. Answer (d) is incorrect because ITF is used to test programs, not to collect data.

Question: V2C5-0235
Which of the following information systems auditing techniques processes real transaction data (or a copy of the real data) through auditor-developed test programs?

Answers
A: Integrated test facility.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 230 of 262

B: Tracing. C: Parallel simulation. D: Mapping.

Answer Explanations
Answer (a) is incorrect. The integrated test facility involves the use of test data and also the creation of fictitious entities (e.g., vendors and employees) on master files. Answer (b) is incorrect. Tracing provides a detailed listing of the sequence of program statement execution. Answer (c) is the correct answer. Parallel simulation processes real transaction data through auditor-developed test programs. Answer (d) is incorrect. Mapping is a procedure for reporting code usage within a program.

Question: V2C5-0236
To determine if there have been any unauthorized program changes since the last authorized program update, the best IT audit technique is for the auditor to conduct a(n)

Answers
A: Code comparison. B: Code review. C: Test date run. D: Analytical review.

Answer Explanations
Answer (a) is the correct answer. Code comparison is the process of comparing two versions of the same program to determine whether the two correspond. It is an efficient technique because it is performed by software. Answer (b) is incorrect. Code review is the process of reading program source code listings to determine whether the code contains potential errors or inefficient statements. Code review can be used as a means of code comparison but is inefficient. Answer (c) is incorrect. Test data runs permit the auditor to verify the processing of preselected transactions. It gives no evidence about unexercised portions of the program. Answer (d) is incorrect. Analytical review is the process of creating and evaluating ratios between numbers, often in the context of financial statements.

Question: V2C5-0237
In auditing an online perpetual inventory system, an auditor selected certain file-updating transactions for detailed testing. The audit technique that will provide a computer trail of all relevant processing steps applied to a specific transaction is described as

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 231 of 262

Answers
A: Simulation. B: Snapshot. C: Code comparison. D: Tagging and tracing.

Answer Explanations
Answer (a) is incorrect. Simulation permits comparisons of live data processing but does not produce a trail of processing steps. Answer (b) is incorrect. Snapshot is a technique for taking a picture of computer memory to aid in verifying a decision process. Answer (c) is incorrect. Code comparison verifies that program changes and maintenance are correctly followed. Answer (d) is the correct answer. Tagging is an audit technique to obtain a computer trail of processing steps relevant to a given transaction.

Question: V2C5-0238
Which of the following statements is not true concerning the tasks that generalized audit software is able to perform?

Answers
A: Provide totals of unusual items. B: Check for duplications, missing information, or ranges of values. C: Specify which data elements will be tested and the criteria to be used. D: Verify calculation totals and analyses produced.

Answer Explanations
Answer (a) is incorrect because it is an example of functions that generalized audit software is able to perform. Answer (b) is incorrect because it is an example of functions that generalized audit software is able to perform. Answer (c) is the correct answer. This is a manual function that must be performed by the auditor. Answer (d) is incorrect because it is an example of functions that generalized audit software is able to perform.

Question: V2C5-0239
Generalized audit software can be used to

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 232 of 262

A: Examine the existence and consistency of data maintained on files. B: Perform concurrent auditing of data files. C: Verify processing logic of operating systems software. D: Access complex data structures without using host language extensions.

Answer Explanations
Answer (a) is the correct answer. The software compares two files for data consistency. Answer (b) is incorrect. Generalized audit software only permits ex-post (after the fact) auditing. Answer (c) is incorrect. Generalized audit software cannot verify operating system logic. Answer (d) is incorrect. Using a host language extension, an auditor can gain direct access to the database.

Question: V2C5-0240
A primary reason auditors are reluctant to use integrated test facility (ITF) is that it requires them to

Answers
A: Reserve specific master file records and process them at regular intervals. B: Collect transaction and master file records in a separate file. C: Notify user personnel so they can make manual adjustments to output. D: Identify and reverse the fictitious entries to avoid contamination of the master file.

Answer Explanations
Answer (a) is incorrect. Reserving specific master file records and processing them at regular intervals pertains to base case system evaluation instead of ITF. Answer (b) is incorrect. Collecting transaction and master file records in a separate file is a feature of embedded audit data collection, not ITF. Answer (c) is incorrect. Making manual adjustments to output does not reverse the fictitious entries in the master file. Answer (d) is the correct answer. This is the major reason for not using ITF.

Question: V2C5-0241
Embedded audit modules

Answers
A: Identify unexecuted computer code.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 233 of 262

B: Aid in debugging application systems. C: Analyze the efficiency of programming. D: Enable continuous monitoring of transaction processing.

Answer Explanations
Answer (a) is incorrect because it is a characteristic of snapshot. Answer (b) is incorrect because it is a characteristic of tracing. Answer (c) is incorrect because it is a characteristic of mapping. Answer (d) is the correct answer. They can be continuously monitored or specifically activated.

Question: V2C5-0242
An internal auditing department implemented an integrated test facility (ITF) to test its payroll processing. The auditing department identified the key controls, processing steps built into the computer program, and developed test data to test them. The department submitted test transactions throughout the year. Assuming the auditors did not find any differences in their test results, the auditors can conclude

Answers
A: The system is properly capturing the hours worked by employees during the year and the hours have been properly submitted to payroll and processed correctly. B: All employees were correctly paid during the year and their pay was correctly computed. C: The computer application and its control procedures were processing payroll transactions correctly during the past year. D: All of the above.

Answer Explanations
Answer (a) is incorrect. The ITF only provides audit evidence on the correctness of processing of data that has been submitted to the computer application. Thus, it does not provide evidence that all hours worked have been entered into the system for processing. Answer (b) is incorrect. The auditor cannot conclude that all employees were paid correctly and that their pay was correctly recorded because to do so the auditor would need evidence that all employees were correctly classified as to pay rate and that all their time was correctly submitted to the computer program. Answer (c) is the correct answer. The auditors inference can only be to the operation of computerized controls and the correctness of computer processing during the year because the integrated test facility tests only tests the computerized portion of the application, not that all data have been entered correctly. Answer (d) is incorrect. Response (b) and (c) are not correct.

Question: V2C5-0243
The greatest impact information technology has had on the audit process is

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 234 of 262

Answers
A: Its use to track personnel performance and development of audit staff. B: Its use in the audit reporting process, such as automated working paper packages. C: Its use to conduct audits utilizing various computer-assisted techniques. D: Its use as a strategic tool to develop the audit plan.

Answer Explanations
Answer (a) is incorrect. This task can be performed manually without the use of information technology. Answer (b) is incorrect. While it has changed audit documentation, it has not impacted the audit scope or test procedures. Answer (c) is the correct answer. Computer-assisted techniques have had the greatest impact on the audit process. They have changed the audit scope and test procedures, and so on. Answer (d) is incorrect. Whether using information technology or not, the audit risk is the same.

Question: V2C5-0244
Generalized audit software is designed to allow auditors to

Answers
A: Monitor the execution of application programs. B: Process test data against master files that contain real and fictitious entities. C: Select sample data from files and check computations. D: Insert special audit routines into regular application programs.

Answer Explanations
Answer (a) is incorrect. This is a function of mapping. Answer (b) is incorrect. This is a function of an integrated test facility. Answer (c) is the correct answer. This is a function of generalized audit software. Answer (d) is incorrect. This is a function of an embedded audit routine.

Question: V2C5-0245
An internal auditor was assigned to confirm whether operating personnel had corrected several errors in transaction files that were discovered during a recent audit. Which of the following automated tools is the auditor most likely to use?

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 235 of 262

A: Online inquiry. B: Parallel simulation. C: Mapping. D: Tracing.

Answer Explanations
Answer (a) is the correct answer. Online inquiry is an interactive procedure that allows an auditor or other authorized personnel to select and view individual records or transactions. Answer (b) is incorrect. Parallel simulation processes real data through audit programs so simulated output and regular output can be compared. Answer (c) is incorrect. Mapping monitors the execution of a program. Answer (d) is incorrect. Tracing provides an audit trail of the instructions that are executed when a program is run.

Question: V2C5-0246
An audit test to substantiate that a company is complying with software copyright requirements is to

Answers
A: Review the corporate policy on copyrights. B: Compare the software on a sample of microcomputers with the purchase documentation. C: Inventory all the software that is being run on microcomputers. D: Review the minutes of the MIS steering committee or similar body.

Answer Explanations
Answer (a) is incorrect. Reviewing the policy will not determine compliance with copyright limitations. Answer (b) is the correct answer. Comparing a sample of software being run on personal computers with purchase documentation will establish a basis for determining compliance. Answer (c) is incorrect. An inventory of software alone cannot determine compliance without comparing it to supporting purchase documentation. Answer (d) is incorrect. Reviewing the minutes may determine the intent to comply with copyright laws but cannot establish compliance.

Question: V2C5-0247
A principal disadvantage of auditing around rather than through the computer is

Answers

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 236 of 262

A: The time involved in testing controls for simulation programs is extensive. B: The costs involved in testing controls over computer processing are high. C: The integrity of the audit trail through the computer is not tested. D: The technical expertise to compensate for auditing around the computer is extensive.

Answer Explanations
Answer (a) is incorrect. Simulation programs involve computer applications and require auditing through the computer. Answer (b) is incorrect. High costs are not involved with testing controls when auditing around the computer. Answer (c) is the correct answer. Auditing around the computer does not involve testing the transaction (audit) trail. Answer (d) is incorrect. A high level of technical expertise is a disadvantage of auditing through the computer not around the computer.

Question: V2C5-0248
An accounting clerk developed a scheme to input fraudulent invoices for nonexistent vendors. All the payments were sent to the same address. The auditor suspects a possible fraud. The most effective computer audit technique to investigate the fraud would be to

Answers
A: Use test-data for multiple vendors and investigate unexpected results. B: Perform a complete audit of computer program changes. C: Use generalized audit software to compare addresses across multiple files and print out duplicates for investigation. D: Test application controls through an integrated test facility and investigate unexpected results.

Answer Explanations
Answer (a) is incorrect. Test data would check the processing of information, not the validity of the input information. Answer (b) is incorrect. The fraud did not involve a program change. Answer (c) is the correct answer. This software could check the mailing addresses of vendors and detect common address, or other commonalities of the billings. Answer (d) is incorrect. This test is not designed to test for the processing of invalid information.

Question: V2C5-0249
In the audit example described in the previous question, the auditor would test all of the vendor information rather than a sample of the vendor transactions because

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 237 of 262

Answers
A: Although nonsampling error is reduced, sampling error is larger when computers are used to draw the sample. B: The audit procedures used to compare vendor information require the reading of all records. C: Audit standards prohibit the use of sampling if fraud is expected. D: The only effective procedures require auditing through the computer.

Answer Explanations
Answer (a) is incorrect. Sampling error is not larger when computers are used to draw the sample. Answer (b) is the correct answer. The audit procedure to be applied in this case requires a matching of all records to identify vendor addresses that are the same. Answer (c) is incorrect. Standards do not prohibit the use of sampling. Answer (d) is incorrect. This is not an example of auditing through the computer. The test uses audit software to extract and compare data.

Question: V2C5-0250
To achieve cost-effective audits of computer-based systems where similar audit tasks are required to meet a variety of objectives, the auditor should use

Answers
A: Comparison programs. B: Custom audit software. C: Query functions and report writers. D: Generalized audit software.

Answer Explanations
Answer (a) is incorrect. Comparison programs compare source versions of operational programs with authorized copies and identify only changes or deviations in logic. Answer (b) is incorrect. Custom audit software is written for a specific audit and cannot be used on different systems. Answer (c) is incorrect. It requires the auditor to learn rules of each environmentusually limited to retrieval. Answer (d) is the correct answer. Generalized audit software allows many different audits to be done where similar audit tasks are required. It is cost effective.

Question: V2C5-0251

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 238 of 262

Which of the following is an appropriate audit procedure that may be used to test the adequacy of application controls over computer-based accounts payable?

Answers
A: Observing the computer library and operations area to obtain evidence to support an opinion about the security of accounts payable data files. B: Manually comparing vendor invoice numbers with those listed on computer-generated lists of accounts payable to assess the effectiveness of computer-based sequence checks. C: Testing purchase transactions using a test-data approach. D: Using a computer-generated questionnaire to obtain reliable information about the accuracy and completeness of input and update of accounts payable data from the organization's computer management personnel.

Answer Explanations
Answer (a) is incorrect. Data file security is a general control concern. The question deals with application controls. Answer (b) is incorrect. Computer-based sequence checks are applications controls. It is appropriate for an internal auditor to seek to determine whether the checks are working. However, this question involves the document numbers on vendor invoices. Since the vendors generate these document numbers, the purchasing firm has no access to a sequencing of such invoices. Answer (c) is the correct answer. The use of test data is a useful audit procedure to test application controls. Answer (d) is incorrect. It is never acceptable for an internal auditor to rely on the representations of an auditee.

Question: V2C5-0252
The internal auditing department has begun an audit of an automated payroll system. Audit staff members have been trained in the use of an audit software package and have a working knowledge of the database employed for this system but do not have programming experience. In the system being audited, employees report their hours on time sheets, which are keyed each week by an assigned individual in each department. The transaction file of payroll hours is maintained by the system as a primary source of payroll input. After the department manager reviews the gross hours, the information is released to the online payroll system. The payroll is then processed and pay stubs are printed and distributed to the employees. All payments are through direct deposit. In order to preserve the confidentiality of the payroll information of employees, detailed reports that reconcile payroll expenses charged to the department are not generated. Management wants to know whether the payroll program is reliable. Given the skill level of the assigned staff, which of the following methods will most likely be applied to test the accuracy of the payroll calculation?

Answers
A: Parallel simulation. B: Integrated test facility. C: Tagging and tracing.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 239 of 262

D: Mapping and program analysis.

Answer Explanations
Answer (a) is the correct answer. Use of audit software to perform parallel simulation is an acceptable audit application. Answer (b) is incorrect. Use of an integrated facility usually requires advanced planning before a system is implemented. Installing an integrated test facility after the fact can be quite costly and time consuming. Answer (c) is incorrect. Tagging and tracing is more difficult to employ than parallel simulation. Answer (d) is incorrect. Mapping and program analysis requires a strong programming background, something not available on this audit team.

Question: V2C5-0253
To identify lost or incomplete sales accounting record updates using the computer, the most appropriate approach is

Answers
A: Test data. B: Parallel simulation. C: Controlled reprocessing. D: Integrated test facility.

Answer Explanations
Answer (a) is incorrect. Test data checks specific controls, but would not allow identification of lost or incomplete updates. Answer (b) is incorrect. Parallel simulation is quite expensive and is inappropriate for a one-time identification of lost or incomplete updates. Answer (c) is the correct answer. Controlled reprocessing allows update inputs to be inexpensively reprocessed and compared to original update results. Answer (d) is incorrect. An integrated test facility tests the system on a continuous basis, but may contaminate actual transaction data.

Question: V2C5-0254
You have been assigned to review the propriety of the duplicate payments edit control in the accounts payable system of a public agency. The agency purchases spare parts from approximately 2,000 vendors. In addition, the agency is building a heavy rail system and makes payments to contractors and subcontractors for this $2 billion project. You have been told that vendors have recently reported several duplicate payments. Management believes that some unreported duplicate payments may exist for which the agency should seek refund. The director of management information systems (MIS) stated that the duplicate payments were isolated instances that would eventually have been discovered by controls outside of the computer system. All payments are matched against a 60-day payment history file. Whenever there is a match on amount, invoice number, and vendor number,

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 240 of 262

duplicate payments warning is sent to the accounts payable clerk. Only the manager of accounts payable is capable of overriding this edit. Which of the following is the best computer-assisted audit technique or tool to use in this situation?

Answers
A: Statistical sampling. B: Source code desk checking. C: Integrated test facility. D: Generalized audit software.

Answer Explanations
Answer (a) is incorrect. Statistical sampling is most useful in estimating the size of a population (variables sampling) or the degree of error (attribute sampling). Specific identification of duplicate payments is the problem here. Answer (b) is incorrect. While desk checking the source code might detect a program error, it is not the solution to the problem at hand. Answer (c) is incorrect. An integrated test facility is useful for passing test data through a production system, but it does not address the duplicate payments problem. Answer (d) is the correct answer. Generalized audit software can be utilized to review 100% of the file for duplicate payments using any matching requirements and thus help identify potential duplicate payments claims.

Question: V2C5-0255
When concerned with the validity of certain recurring transactions, which of the following computer-assisted audit techniques would allow the auditor to select predefined transactions for audit during normal processing?

Answers
A: Extended records. B: Tracing. C: Mapping. D: Embedded audit data collection.

Answer Explanations
Answer (a) is incorrect. Extended records combine elements from different files into a single record. Answer (b) is incorrect. Tracing is used to identify the execution and sequence of computer instructions. Answer (c) is incorrect. Mapping is used to determine if any unexecuted code exists. Answer (d) is the correct answer. Embedded audit data collection requires screening routines be inserted within production runs and thus allows identification and selection of transactions meeting predefined criteria.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 241 of 262

Question: V2C5-0256
To test that all inventory shipments are billed to customers, an auditor would compare computer-generated

Answers
A: Receivables ledger updates with detailed sales invoices. B: Shipping records with detailed sales invoices. C: Shipping records with original customer orders. D: Shipping records with customer credit limits.

Answer Explanations
Answer (a) is incorrect. Comparing entries in the receivable ledger with sales invoices only demonstrates that the prepared invoices were posted. Answer (b) is the correct answer. Comparing shipping records with sales invoices would disclose any shipments that were not billed. Answer (c) is incorrect. Comparing shipping records with original customer orders only demonstrates that shipments were made to customersnot those customers were billed. Answer (d) is incorrect. Comparing shipping records with credit limits demonstrates only that credit limits might not have been exceeded.

Question: V2C5-0257
Which of the following best describes the operation of an integrated test facility (ITF)?

Answers
A: Establishing a dummy entity against which test data are processed and stored. B: Developing a simulation program to compare actual data and test data. C: Using specially coded inputs to trace test data through the transaction trail. D: Translating business transactions into a format that the operating system processes.

Answer Explanations
Answer (a) is the correct answer. An integrated test facility uses a fictitious or dummy entity against which data are processed and stored. Answer (b) is incorrect. Simulation programs are techniques using separate programs to process actual data and then compare results. Answer (c) is incorrect. Snapshot is a technique using specially coded inputs to trace the transaction trail. Answer (d) is incorrect. Data conversion is the process of translating transactions into a form compatible with an operating system.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 242 of 262

Question: V2C5-0258
An internal auditor identifies a situation where there is doubt whether all overhead is completely allocated to cost centers by the computer program. The best procedure to test the completeness of the allocation by the program is

Answers
A: Use of control flowcharting. B: Inquiry of the systems programmers. C: Use of extended records and mapping. D: The test-data approach.

Answer Explanations
Answer (a) is incorrect. Control flowcharting is generally at the systems level rather than the program level. Answer (b) is incorrect. Inquiry of the systems programmer would be of little help in relation to specific program logic problems. Answer (c) is incorrect. Extended records are used to capture an audit trail through a system. Answer (d) is the correct answer. The test data approach inputs data into the application and allows output to be compared to predetermined results, thus identifying the degree of completeness of the allocation.

Question: V2C5-0259
Modern computer technology makes it possible to perform paperless audits. For example, in an audit of computer-processed customer accounts receivable balances, an auditor might utilize a microcomputer to directly access the accounts receivable files and copy selected customer records into the microcomputer for audit analysis. Which of the following is an advantage of this type of paperless audit of accounts receivable balances?

Answers
A: It reduces the amount of substantive testing required. B: It allows immediate processing of audit data on a spreadsheet working paper. C: It increases the amount of technical skill required of the auditor. D: It allows direct confirmation of customer account balances.

Answer Explanations
Answer (a) is incorrect. Audit technology has no direct effect on the amount of substantive testing required. Answer (b) is the correct answer. A major advantage of this type of auditing is the ability to immediately process data using microcomputer software without first having to manually enter the data into the microcomputer.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 243 of 262

Answer (c) is incorrect. While this is true, it is not an advantage. Answer (d) is incorrect. Processing computer files does not in itself provide confirmation of customer account balances.

Question: V2C5-0260
To ensure that goods received are the same as those shown on the purchase invoice, a computerized system should

Answers
A: Match selected fields of the purchase invoice to goods received. B: Maintain control totals of inventory value. C: Calculate batch totals for each input. D: Use check digits in account numbers.

Answer Explanations
Answer (a) is the correct answer. Computer matching of fields such as goods received number, product code, supplier code, and quantity assures agreement between goods received and goods invoiced.
Answer (b) is incorrect. Control totals do not identify specific item-by-item differences. Answer (c) is incorrect. Batch totals only provide a total value for a field and do not allow for detail matching. Answer (d) is incorrect. Check digits only provide for validation of predefined account numbers.

Question: V2C5-0261
Which of the following is a disadvantage of using an integrated test facility (ITF) when auditing a computer application?

Answers
A: The ITF may be useful in verifying the correctness of account balances, but not in determining the presence of processing controls. B: The test transactions could enter the live data environment. C: The ITF technique cannot be used with simulated master file records, during application testing. D: The test data must be processed by IT staff with substantial technical skills.

Answer Explanations
Answer (a) is incorrect. The ITF is utilized to test programs in operation, including the presence of processing controls. Answer (b) is the correct answer. An acknowledged risk of using the ITF is the contamination of live master files.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 244 of 262

Answer (c) is incorrect. The ITF technique can be used for both system development and application testing. Answer (d) is incorrect. Minimal technical skill is required to process test data when using an ITF.

Question: V2C5-0262
Which of the following is one purpose of an embedded audit module?

Answers
A: Enable continuous monitoring of transaction processing. B: Identify program code that may have been inserted for unauthorized purposes. C: Verify the correctness of account balances on a master file. D: Review the contents of a specific portion of computer memory.

Answer Explanations
Answer (a) is the correct answer. An embedded audit module enables continuous monitoring and analysis transaction processing, including the functioning of processing controls. Answer (b) is incorrect. Mapping is a technique for determining whether a computer program contains any unexecuted code that should be examined. Answer (c) is incorrect. Retrieval and analysis programs such as generalized audit software offer the features and flexibility suitable for verifying the correctness of information on a computer file. Answer (d) is incorrect. The snapshot method is a technique utilized to capture and print all data pertinent to the analysis of a specific moment in the processing cycle.

Question: V2C5-0263
Which of the following is true of a horizontal flowchart as compared to a vertical flowchart?

Answers
A: It provides more room for written descriptions that parallel the symbols. B: It brings into sharper focus the assignment of duties and independent checks on performance. C: It is usually longer. D: It does not provide as broad a picture at a glance.

Answer Explanations
Answer (a) is incorrect. A vertical flowchart is usually designed to provide for written descriptions. Answer (b) is the correct answer. By emphasizing the flow of processing between departments and/or people, it more clearly shows any inappropriate separation of duties and lack of independent checks on performance.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 245 of 262

Answer (c) is incorrect. It is usually shorter because space for written descriptions is not provided. Answer (d) is incorrect. More of the flow of processing can be depicted on one page than in a vertical flowchart with written descriptions.

Question: V2C5-0264
Of the following, which is the most efficient source for an auditor to use to evaluate a companys overall control system?

Answers
A: Control flowcharts. B: Copies of standard operating procedures. C: A narrative describing departmental history, activities, and forms usage. D: Copies of industry operating standards.

Answer Explanations
Answer (a) is the correct answer. Control flowcharting provides an efficient and comprehensive method of describing relatively complex activities, especially those involving several departments. Answer (b) is incorrect. Copies of procedures and related forms do not provide an efficient method of reviewing the processing activities. Answer (c) is incorrect. A narrative review covering the history and forms usage of the department is not as efficient or comprehensive as flowcharting for communicating relevant information about controls. Answer (d) is incorrect. Industry standards do not provide a picture of existing practice for subsequent audit activity.

Question: V2C5-0265
Which of the following tools would best give a graphical representation of a sequence of activities and decisions?

Answers
A: Flowchart. B: Control chart. C: Histogram. D: Run chart.

Answer Explanations
Answer (a) is the correct answer. The definition of a flowchart is that it is a graphical representation of a sequence

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 246 of 262

of activities and decisions. Answer (b) is incorrect. A control chart is used to monitor actual versus desired quality measurements during repetition operation. Answer (c) is incorrect. A histogram is a bar chart showing conformance to a standard bell curve. Answer (d) is incorrect. A run chart tracks the frequency or amount of a given variable over time.

Question: V2C5-0266
Of the techniques available to an auditor, which is the most valuable in providing a summary outline and overall description of the process of transactions in an information system?

Answers
A: Flowcharts. B: Transaction retrievals. C: Test decks. D: Software code comparisons.

Answer Explanations
Answer (a) is the correct answer. A flowchart is most valuable in providing a summary outline and description of transaction flows. Answer (b) is incorrect. Transaction retrievals are used to select items for testing and review. Answer (c) is incorrect. Test decks are used to verify processing accuracy. Answer (d) is incorrect. Software code comparisons are used to validate that programs in production correspond to an authorized copy of the software.

Question: V2C5-0267
An auditor reviews and adapts a systems flowchart to understand the flow of information in the processing of cash receipts. Which of the following statements is true regarding the use of such flowcharts? The flowcharts

Answers
A: Show specific control procedures used, such as edit tests that are implemented and batch control reconciliations. B: Are good guides to potential segregation of duties. C: Are generally kept up to date for systems changes. D: Show only computer processing, not manual processing.

Answer Explanations

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 247 of 262

Answer (a) is incorrect. The systems flowchart shows the overall flow, but would not identify the specific edit tests implemented. Those would be found in a programming flowchart. Answer (b) is the correct answer. Systems flowcharts show segregation of duties and the transfer of data between different segments in the organization. Answer (c) is incorrect. The flowcharts are generally not kept up-to-date for changes. Therefore, the auditor will have to interview key personnel to determine changes in processing since the flowchart was developed. Answer (d) is incorrect. A systems flowchart should show both the manual processing and the computer processing.

Question: V2C5-0268
In documenting the procedures used by several interacting departments, the internal auditor will most likely use

Answers
A: A horizontal (or systems) flowchart. B: A vertical flowchart. C: A Gantt chart. D: An internal control questionnaire.

Answer Explanations
Answer (a) is the correct answer. It highlights the interaction between departments. Answer (b) is incorrect because it does not highlight the interaction of departments. Answer (c) is incorrect because it is not a procedure-oriented documenting tool. Answer (d) is incorrect because it does not highlight the interaction of departments.

Question: V2C5-0269
Which method of evaluating internal controls during the preliminary review provides the auditor with the best visual grasp of a system and a means for analyzing complex operations?

Answers
A: A flowcharting approach. B: A questionnaire approach. C: A matrix approach. D: A detailed narrative approach.

Answer Explanations

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 248 of 262

Answer (a) is the correct answer. A flowchart provides a visual grasp of the system and a means of analysis that cannot be achieved by other methods. Answer (b) is incorrect. A questionnaire approach provides only an agenda for evaluation. Answer (c) is incorrect. A matrix approach does not provide the visual grasp of the system that a flowchart does. Answer (d) is incorrect. A detailed narrative does not provide the means of evaluating complex operations that a flowchart does.

Question: V2C5-0270
From enterprise risk management (ERM) viewpoint, control processes are implemented in which of the following?

Answers
A: Risk assessment. B: Risk mitigation. C: Risk financing. D: Risk monitoring.

Answer Explanations
Answer (a) is incorrect. Risk assessment includes identification, analysis, measurement, and prioritization of risks Answer (b) is the correct answer. Controls are implemented in the risk mitigation phase in order to reduce the effects of risks. Answer (c) is incorrect. Risk financing deals with internal funding and external transfer of risk Answer (d) is incorrect. Risk monitoring addresses internal and external reporting and feedback into risk assessment

Question: V2C5-0271
From enterprise risk management (ERM) viewpoint, the scope of traditional risk management includes which of the following?

Answers
A: Insurance. B: Earnings growth. C: Revenue growth. D: Corporate governance.

Answer Explanations

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 249 of 262

Answer (a) is the correct answer. Traditionally, risk management has been focused more narrowly in terms of scope of risks, types of risk management strategies, and the impact and nature of risk. The strategies have concentrated on insurance solutions primarily. Now the focus of ERM is broad, covering areas such as earnings growth, revenue growth, and corporate governance.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0272
In implementing enterprise risk management (ERM), most organizations are following a(n)

Answers
A: Layered approach. B: Total risk approach. C: Early wins approach. D: Pilot project approach.

Answer Explanations
Answer (a) is incorrect. Some organizations are using a layered approach of risk, one at a time, into their risk assessment and risk mitigation processes. Answer (b) is incorrect. Some organizations are embracing all sources of risk at the outset, but are tackling the processes one at a time, with most starting with risk assessment. Answer (c) is the correct answer. Most organizations are seeking early wins that will help build momentum and promote further development toward their ideal ERM process. Answer (d) is incorrect. Other organizations taking on all risk sources and all processes, but on a small, manageable subset of their operations as a pilot project.

Question: V2C5-0273
From enterprise risk management (ERM) viewpoint, all of the following can oversee risk management activities except

Answers
A: Chief financial officer. B: Chief executive officer. C: Chief audit executive.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 250 of 262

D: Chief risk officer.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. According to the IIA survey respondents, 30% felt that chief audit executive is responsible for overseeing enterprise risk management or compliance activities. The chief financial officer was second with 24% and the chief risk officer was third with 21%. Chief executive officer was not involved in this activity.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0274
Organizations do not view enterprise risk management (ERM) as a(n)

Answers
A: Analytical tool. B: Risk mapping tool. C: Optimization software tool. D: Performance management system tool.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (d) is the correct answer. The IIA survey indicated that some organizations see ERM as an analytical tool rather than as a performance management system. Other tools of importance include risk mapping or optimization software.

Question: V2C5-0275
Which of the following is the primary driver for enterprise risk management (ERM) activity?

Answers
A: Corporate governance guidelines. B: Desire for a unifying framework.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 251 of 262

C: Competitive pressure. D: Desire for earnings stability.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. More than half of the IIA survey respondents cited the desire for a unifying framework is the primary driver for ERM, and 38% cited corporate governance guidelines as another important driver.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0276
According to the IIA survey regarding enterprise risk management (ERM), which of the following is ranked as the highest business issue today?

Answers
A: Earnings consistency. B: Expense control. C: Earnings growth. D: Revenue growth.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. Earnings growth received the highest rating. Similarly, revenue growth was the second highest ranked business issue. Expense control or reduction was ranked as the third most important issue today; however, few years from now earnings consistency will be viewed to be the third most important issue.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0277
Enterprise resource management (ERM) is seen as providing immediate value in which of the following areas? I. Capital management. II. Earnings consistency. III. Contingency planning.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 252 of 262

IV. Expense control.

Answers
A: I only. B: II only. C: I and III. D: II and IV.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. The IIA survey respondents indicated that capital management and contingency plans provide significant and immediate value. They also believed that ERM could assist with earnings consistency and expense control.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0278
Which of the following is the major barrier to implementing enterprise risk management (ERM) program?

Answers
A: Unclear benefits. B: Lack of tools. C: Organizational turf battles. D: Organizational culture.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (d) is the correct answer. The IIA survey respondents indicated that organizational culture is the top barrier followed by unclear benefits to senior management, lack of formalized process, organizational turf battles, and lack of tools.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 253 of 262

Question: V2C5-0279
Comprehensive risk assessment does not exist in which of the following functions?

Answers
A: Human resources. B: Finance. C: Operations. D: Internal audit.

Answer Explanations
Answer (a) is the correct answer. The IIA survey respondents reported that most internal auditing, finance, and operations functions have a formal, comprehensive risk assessment process in place. In contrast, only 21% of respondents reported that risk assessment activity related to the human resource function.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0280
Risk management has evolved from which of the following?

Answers
A: Operations research. B: Decision theory. C: Insurance management. D: Management science.

Answer Explanations
Answer (a) uses a scientific approach to decision making. Decision theory provides a basis for judging the goodness or badness of decisions before the outcome is known. Decision theory has its roots in operations research and management science. Answer (b) uses a scientific approach to decision making. Decision theory provides a basis for judging the goodness or badness of decisions before the outcome is known. Decision theory has its roots in operations research and management science. Answer (c) is the correct answer. Risk management has evolved from insurance management. The strategic factor in the transition from insurance management to risk management was the evolution of decision theory, operations

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 254 of 262

research, and management science disciplines. Answer (d) uses a scientific approach to decision making. Decision theory provides a basis for judging the goodness or badness of decisions before the outcome is known. Decision theory has its roots in operations research and management science.

Question: V2C5-0281
Risk management is concerned primarily with

Answers
A: Dynamic risks. B: Pure risks. C: Speculative risks. D: Fundamental risks.

Answer Explanations
Answer (a) is incorrect. Dynamic risks are those that arise from changes in the economy (e.g., unemployment, high interest rates, and high inflation rates). Answer (b) is the correct answer. Pure risks are those in which there is a chance of loss or no loss only. Pure risks are of several types, including personal risks, property risks, liability risks, and performance risks. Examples include personal risks (death, sickness, or disability), property risks (damage to or destruction of property, and the loss of use of property that has been damaged), liability risks (liability suits arising out of automobiles), performance risks (risks resulting from human failure of a contractor to complete a project, default of a debtor). Risk management deals with both insurable and uninsurable risks. Although the major focus of most risk managers is on insurable risks, the more appropriate realm of risk management is pure risk. The risk manager cannot ignore those pure risks that are not insurable (e.g., shoplifting losses in a retail store that are rarely insurable). Answer (c) is incorrect. Speculative risks involve the chance of loss or gain (e.g., hedging, options, and derivatives). Answer (d) is incorrect. Fundamental risks are those that are impersonal in origin and consequencesthey are generally beyond the control of the individual. They are group risks, caused for the most part by economic, social, and political phenomena, although they may also result from physical occurrences.

Question: V2C5-0282
A business firm with an inventory of obsolete stock that is overinsured might represent which of the following?

Answers
A: A moral hazard. B: A morale hazard. C: A physical hazard.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 255 of 262

D: A legal hazard.

Answer Explanations
Answer (a) is the correct answer. A hazard is a condition that increases the probability of loss from a peril. Examples include faulty wiring and improper storage of flammables. Moral hazard is a dishonest tendency, and examples include businesses that are losing money, obsolete inventory that is overinsured, and false claims to defraud an insurer. Answer (b) is incorrect. Morale hazard is reflected in a careless attitude that may accompany the existence of insurance, or the inflated losses that occur simply because the loss is insured. Answer (c) is incorrect. Physical hazards include conditions such as faulty housekeeping, defective wiring, storage of flammables, and road conditions. Answer (d) is incorrect. Legal hazards include statutes, court decisions, and the legal environment that can influence the probability of loss.

Question: V2C5-0283
Which of the following techniques for dealing with risk may represent a special variation of other techniques?

Answers
A: Risk financing. B: Risk retention. C: Risk sharing. D: Risk transfer.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. Risk sharing is viewed as a special case of risk transfer, in which the risk is transferred from the individual to the group. It may also be a form of risk retention, depending on the success of the risk-sharing arrangement. Both risk retention and risk transfer and part of risk financing.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0284
Risk avoidance should be used in those instances in which

Answers
A: The severity of loss is high.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 256 of 262

B: The exposure has catastrophic potential and the risk cannot be reduced or transferred. C: The frequency of loss is high. D: The frequency or severity cannot be determined.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. Risk situations that have high severity and high frequency should be either avoided or reduced. Reduction is appropriate when it is possible to reduce either the severity or the frequency to a manageable level. Otherwise, the risk should be avoided or transferred.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0285
The term enterprise risk management (ERM) refers to which of the following?

Answers
A: Risks related to financial derivatives and futures. B: Market risk, financial risk, and operational risks. C: Pure, financial, operational, strategic, and speculative risks. D: Dynamic risks, static risks, and pure risks.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. ERM is a broad concept that includes many areas, such as pure risks, financial risks, operational risks, strategic risks, and speculative risks. Pure risks are those in which there is a chance of loss or no loss only (e.g., default of a debtor, disability). Financial risks include credit risk and interest rate risk. Operational risks include risks related to systems, processes, technology, and people. Strategic risks include reputation risk and leadership risk. Speculative risks involve the chance of loss or gain (e.g., hedging, options, and derivatives).

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0286

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 257 of 262

The two broad approaches to dealing with risk management are

Answers
A: Risk retention and risk transfer. B: Risk avoidance and risk transfer. C: Risk avoidance and risk reduction. D: Risk control and risk financing.

Answer Explanations
Answer (a) is incorrect. Risk financing includes risk retention and risk transfer. Answer (b) is incorrect. It is meaningless in that it combines parts of the two categories. Answer (c) is incorrect. Risk control includes risk avoidance and risk reduction. Answer (d) is the correct answer. Risk management is broken down into two major categories: risk control and risk financing. Risk control focuses on minimizing the risk of loss to which the organization is exposed. Risk financing concentrates on arranging the availability of funds to meet the losses that do occur.

Question: V2C5-0287
Which of the following steps in the risk management process is most likely to be overlooked?

Answers
A: Evaluation of risks. B: Determination of objectives. C: Identification of risks. D: Selection of risk treatments.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. Despite its importance, determining the objectives of the program is the first step in the risk management process that is most likely to be overlooked. Consequently, the risk management efforts of many firms are fragmented and inconsistent. The risk management process properly handles the other answers.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0288
file://C:\Program Files\Wiley\CIAExam\Print.htm 1/20/2010

Wiley CIA 2006 v1

Page 258 of 262

The ultimate goal of risk management is to

Answers
A: Minimize insurance expenditures. B: Minimize uninsured losses. C: Minimize the adverse effects of losses and uncertainty connected with pure risks. D: Eliminate financial and operational losses.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. Risk management is concerned with pure risk. Minimizing the adverse effects of losses and uncertainty connected with pure risks is necessary. Risk management is a process that involves managing the pure risks.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0289
Risk retention is most appropriate for situations in which there is a

Answers
A: Low frequency and a high severity. B: High frequency and a high severity. C: Low frequency and a low severity. D: High frequency and a low severity.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. Risk retention is most appropriate for situations in which there is a low probability of occurrence (frequency) with a low potential severity. Severity dictates whether a risk should be retained. If the potential severity is more than the organization can afford, retention is not recommended. Frequency determines whether the risk is economically insurable. The higher the probabilities of loss, the higher the expected value of loss and the higher the cost of transfer.

This answer is incorrect. Refer to the correct answer explanation.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 259 of 262

Question: V2C5-0290
Insurance is most appropriate for situations in which there is a

Answers
A: Low frequency and a high severity. B: High frequency and a high severity. C: Low frequency and a low severity. D: High frequency and a low severity.

Answer Explanations
Answer (a) is the correct answer. Insurance is most appropriate for situations in which there is a low frequency and a high severity. The high severity implies a catastrophic impact if the loss should occur, and a low probability (frequency) implies a low expected value and a low cost of transfer.

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0291
Regarding enterprise resource management (ERM) framework, the cost of financing risk is a(n)

Answers
A: Marginal cost. B: Opportunity cost. C: Average cost. D: Interest cost.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation.
Answer (b) is the correct answer. Financing involves paying for the losses out of current income or existing assets, by earmarking funds or by the purchase of insurance. The cost of financing losses is the amount of funds that is paid for the losses that occur. The cost of risk for retained risks is the opportunity cost on the funds that must be earmarked and that cannot be used for other purposes.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 260 of 262

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0292
From an enterprise risk management (ERM) viewpoint, the term hazard refers to

Answers
A: The same thing as risk. B: The same thing as exposure. C: A condition that increases the chance of loss. D: Uncertainty regarding loss.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. A hazard is a condition that increases the probability (chance) of loss from a peril. Perils are causes of loss, and examples include fire and flood. Uncertainty can exist where there is no risk. Risk or exposure is the possibility of loss.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0293
When creating new businesses, organizations must consider

Answers
A: Delinking opportunities. B: Desizing opportunities. C: Derisking opportunities. D: Desourcing opportunities.

Answer Explanations

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 261 of 262

This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. As organizations think about the future and actually create the future of their business, they must consider derisking opportunities. In capitalizing on opportunities, the goal is to be a market leader but yet reduce risk.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0294
Which of the following enterprise risk management (ERM) frameworks address market risk?

Answers
A: Strategic risks. B: Operational risks. C: Financial risks. D: Hazard risks.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. Financial risk includes risks from volatility in foreign currencies, interest rates, and commodities. It also includes credit risk, liquidity risk, and market risk.

This answer is incorrect. Refer to the correct answer explanation.

Question: V2C5-0295
Regarding enterprise risk management (ERM), which of the following are more difficult to identify and assess? I. Hazard risks. II. Financial risks. III. Strategic risks. IV. Operational risks.

Answers
A: I only. B: II only. C: I and II.

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010

Wiley CIA 2006 v1

Page 262 of 262

D: III and IV.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (d) is the correct answer. ERM integrates the management of all risks, including the more traditional hazard and financial risks, with operational and strategic risks. The latter two risks are new and are more difficult to identify, assess, and evaluate.

Question: V2C5-0296
Enterprise risk management (ERM) should encompass which of the following? I. Hazards. II. Opportunities. III. Strengths. IV. Weaknesses.

Answers
A: I only. B: II only. C: I and II. D: III and IV.

Answer Explanations
This answer is incorrect. Refer to the correct answer explanation. This answer is incorrect. Refer to the correct answer explanation.
Answer (c) is the correct answer. It is important to emphasize that the uncertainties could have a potential upside or downside so that ERM encompasses the more traditional view of potential hazards as well as opportunities. Hazard risks include both insurable and uninsurable risks.

This answer is incorrect. Refer to the correct answer explanation. Wiley CIA Examination Review, 1.0, John Wiley & Sons, Inc. 2006

file://C:\Program Files\Wiley\CIAExam\Print.htm

1/20/2010