Professional Documents
Culture Documents
The IIA Standards require that the director of internal auditing or designee decide to whom
the final audit report will be distributed. Findings concerning significant internal control
weakness are included in an audit report on the accounts payable system of a company
whose securities are publicly traded. The director of internal auditing has chosen to send
copies of this audit report to the audit committee and the external auditor.
Which of the following is the most likely reason for distributing copies to the audit
committee and the external auditor?
A
The audit committee and external auditor are normally sent copies of all internal audit
reports as a courtesy.
The audit committee and external auditor will need to take corrective action on the
deficiency findings.
The activities of the audit committee and external auditor may be affected because of
the potential for misstated financial statements.
A regulatory agency's guidelines require such distribution.
B
C
D
The revenue per representative is higher this year than last year.
The number of sales calls is higher this year than last year.
The ratio of the number of new customers to the number of prospects contacted is
higher this year than last year.
Unit sales increased at a higher rate this year than last year.
The purchasing manager of a manufacturing company was concerned with the rising
prices of some direct materials provided by a supplier. The purchasing manager told the
supplier to either maintain the current prices or withdraw as a supplier for the company's
direct materials. The supplier devised a plan to circumvent the purchasing manager's
intent without actually violating the purchasing manager's mandate. Which one of the
following is the probable action taken by the supplier?
A
B
C
D
The supplier maintained prices in the short run but later returned to a pattern of
increasing prices.
The supplier decided to stop providing the direct materials to the manufacturing
company, since holding the line on prices would have a negative impact.
The supplier maintained prices but substituted a lower grade of direct materials.
The supplier worked through the president of the manufacturing company to force
the purchasing manager to cancel the mandate.
Which of the following techniques would best result in sufficient evidence with regard to an
audit of the quantity of fixed assets on hand in a particular department?
A Physical observation.
B Analytical review of purchase requests and subsequent invoices.
C Interviews with department management.
D Examination of the account balances contained in general and subsidiary ledgers.
An internal auditor is auditing the corporate advertising function. The company has
engaged a medium-size local advertising agency to place advertising in magazine
publications. As part of the review of the audit working papers, the internal auditing
supervisor is evaluating the evidence collected.
The auditor reviewed the language in the advertising for its legality and compliance with
fair trade regulations by interviewing the firm's advertising manager, the products
marketing director (who may not have been objective), and five of the firm's largest
customers (who may not have been knowledgeable). The supervisor can justifiably conclude
that the evidence is
A
B
C
D
During an audit of cash controls, an auditor compared a sample of cash receipts lists with
(1) the total of daily cash receipts journal entries and (2) daily bank deposit slip amounts.
The comparison revealed that (1) each cash receipts list equaled cash journal entry totals
but not daily bank deposit amounts and (2) totals for cash receipts lists equaled bank
deposit totals in the long run.
To support a finding that "Cash receipts are not deposited intact daily," the above evidence
is:
A
B
C
D
Competent.
Irrelevant.
Conclusive.
Insufficient.
Assume that divisional management stated that the gross margin increase is due to
increased efficiency in manufacturing operations. The auditor wishes to investigate this
assertion. Which of the following audit procedures would be most relevant to the assertion?
A
B
C
D
Which of the following procedures would provide the most relevant evidence to determine
the adequacy of the allowance for doubtful accounts receivable?
A
B
C
D
10
An internal auditing supervisor, when reviewing a staff member's working papers, identified
an unsupported statement that the auditee's unit was operating inefficiently. What action
should the supervisor direct the auditor to take?
A
B
C
D
Chapter 2
C
D
2
Assume that, with regard to item B, the vice president asks the loan committee to
review the loans on an after-the-fact basis. Assume further that, upon this subsequent
review the loan committee approves the loans on the after-the-fact basis. Which of the
following conclusions would be correct regarding the reporting of the audit finding in
the auditor's report?
I.
The sample deviation rate would drop to 0%.
II.
The item should still be reported in the audit report because it was not
approved in a timely manner in accordance with company policies.
III.
The item should be reported as a non deviation because subsequent action
validated the vice president's approach.
A
B
C
D
I only.
II only.
III only.
I, II, and III.
Regarding item C, which of the following actions would be inappropriate on the part of
the auditor?
A
C
D
The deviation rate is under 4%; therefore, the finding need not be reported to
management and the audit committee.
II.
The auditor should review appropriate regulations and possibly get legal counsel
opinion on the finding prior to including the finding in the final audit report.
III.
The auditor should report the finding to the vice president who approved the
loans and ask for a follow-up report during the audit scheduled next year. No
further action need be taken at this time.
IV.
Review a plan by the loan committee to prevent such occurrences in the future
and include a summary and analysis of the plan in the final audit report.
A I only.
B III only.
C II and IV.
D II only.
C
D
There is no audit finding since the loan committee approved all of the loans.
Before issuing a final audit report, the auditor should investigate to determine the
reasons for the lack of documentation and timely submittal to the loan committee
and include that analysis in the report.
The auditor should include the audit findings in the report only if the auditor is able
to determine the cause of the findings.
Both choice (B) and (C) are correct.
Inquiry of management.
Observation of auditee's procedures.
Physical examination.
Documentation prepared externally.
The most persuasive evidence to test the existence of newly acquired computers for
the sales department would be
A Inquiry of management
B Observation of auditee's procedures
C Physical examinations
D Documentation prepared externally
The most persuasive evidence regarding the asset value of the acquired computers
would be
A Inquiry of management
B Observation of auditee's procedures
C Physical examinations
D Documentation prepared externally
Which of the following represents the general order of persuasiveness, from most to
least, for the evidence types listed above?
A
B
C
D
10
The director of internal auditing is reviewing the working papers that were produced by
an auditor during a fraud investigation Among the items contained in the working papers
is a description of an item of "physical evidence." Which of the following is the most
probable source of this item of evidence?
A
B
C
D
11
Observing conditions.
Interviewing people.
Examining records.
Computing variances.
12
The auditor examined the company's advertising agency's internal controls and, based
on the preliminary survey, has determined that there are no problems. The supervisor
believes there should be substantive testing and has decided that the evidence
gathered to date is not
A
B
C
D
13
Competent.
Relevant.
Sufficient.
Useful.
The auditor examined a statistical sample of the agency's billings to clients for
newspaper advertising space. The agency specializes in newspaper advertising that is
predominantly typeset plates or mats; however, the agency's work for the company is
essentially artwork for magazine advertising. The supervisor, concerned with the
relationship of the sample to the work performed for the company, has decided that
the evidence is not
A
B
C
D
Competent.
Relevant.
Sufficient.
Reliable.
14
The auditor reviewed the language in the advertising for its legality and compliance
with fair trade regulations by interviewing the firm's advertising manager, the products
marketing director (who may not have been objective), and five of the firm's largest
customers (who may not have been knowledgeable). The supervisor has decided that
the evidence is
A Competent.
B Relevant.
C Conclusive.
D Insufficient.
15
In evaluating the validity of different types of audit evidence, which of the following
conclusions is incorrect?
A
B
C
D
16
An internal auditor is discussing an audit problem with an auditee. While listening to the
auditee, the internal auditor should
A Prepare a response to the auditee.
B Take mental notes on the speaker's nonverbal communication, as it is more
important than what is being said.
C Make sure all details, as well as the main ideas of the auditee, are remembered.
D Integrate the incoming information from the auditee with information that is
already known.
17
When reviewing audit working papers, the primary responsibility of an audit supervisor
is to determine that
A Each worksheet is properly identified with a descriptive heading.
B Working papers are properly referenced and kept in logical groupings.
C Standard departmental procedures are adhered to with regard to workpaper
preparation and technique.
D Working papers adequately support the audit findings, conclusions, and reports.
for effectiveness of the system of internal control, or (4) the review for quality of
performance.
18
The first page you select documents a compliance test performed during the course of
the audit. This page belongs with the following activity:
A Preliminary survey.
B Review for adequacy of the system.
C Review for effectiveness of the system.
D Review for quality of performance.
19
The second page you select documents an interview with a salesperson discussing the
overall sales cycle. This page belongs with the following activity:
A Preliminary survey.
B Review for adequacy of the system.
C Review for effectiveness of the system.
D Review for quality of performance.
20
The third page you select is a blank copy of the sales contract form now in use by the
firm. Annotated on the form in several places are the words "key control" followed by a
brief explanation. You recognize the writing as that of the staff auditor who performed
the audit. This document belongs with the following activity:
A Preliminary survey.
B Review for adequacy of the system.
C Review for effectiveness of the system.
D Review for quality of performance.
21
Which of the following would seem to be a message characteristic that the auditor who
prepared the above report overlooked?
A Sequence of message.
B Nature of the audience.
C Noise.
D Prior encounters with the auditee.
22
The following elements are usually included in final audit reports: purpose, scope,
results, conclusions, and recommendation Which of the following describes all of the
elements missing from the above report?
A Scope, conclusion, recommendation.
B Purpose, result, recommendation.
C Result, conclusion, recommendation.
D Purpose, scope, recommendation.
Chapter 3
Which of the following techniques could be used to estimate the standard deviation
for a sampling plan?
A Difference estimation.
B Pilot sample.
C Regression.
D Discovery sampling.
A company with 14,344 customers determines that the mean and median accounts
receivable balances for the year are $15,412 and $10,382, respectively. From this
information, the auditor can conclude that the distribution of the accounts
receivable balances is continuous and
A Negatively skewed.
B Positively skewed.
C Symmetrically skewed.
D Evenly distributed between the mean and median.
The probability that an estimate based on a random Sample falls within a specified
range is known as the
A Error rate.
B Lower precision limit.
C Confidence level.
D Standard error of the mean.
Chapter 4
The auditor's supervisor should be critical of the above procedure based on the fact
that
A
B
C
D
The auditor's supervisor is writing the performance assessment for the auditor on
this preliminary survey assignment. The supervisor cites the need to review
management's responses on the control questionnaire. The auditor should have
interviewed management for additional information because the interview technique
A
B
C
D
Checklists used to assess audit risk have been criticised for all of the following
reasons except:
A
B
C
D
Providing a false sense of security that all relevant factors are addressed.
Inappropriately implying equal weight to each item on the checklist.
Decreasing the uniformity of data acquisition.
Being incapable of translating the experience or sound reasoning intended to be
captured by each item on the checklist.
When an internal auditor is interviewing to gain information, the auditor will not be
able to remember everything that was said in the interview. The most effective way
to record interview information for later use is to
A
B
C
D
Write notes quickly, trying to write down everything in detail, as it is said; then
highlight important points after the meeting.
Tape-record the interview to capture everything that everyone says; then type
everything said into a computer for documentation.
Hire a professional secretary to take notes, allowing complete concentration on
the interview; then delete unimportant points after the meeting.
Organise notes around topics on the interview plan and note responses in the
appropriate area, reviewing the notes after the meeting to make additions.
Which of the following procedures would be the least appropriate audit procedure
to address these analytical findings?
A Note the explanation in the working papers for
investigation during the next audit and perform no
further work at this time.
B Develop a comparative analysis of auger expense over the past few years to
determine if the relation ship held in previous years.
C Take a sample of debits to the auger expense account and trace to independent
shipping documents and to invoices for the augers.
D Arrange to take an inventory of augers to determine if the augers purchased this
year were on hand and would be available for use in the next two years.
Assume the auditor did not find a satisfactory explanation for the results of the
analytical procedures performed and has conducted the appropriate follow-up
procedures. The audit of the area is otherwise complete. Which of the following
would be the most appropriate action to take?
A
B
C
D
Note the actions and follow-up next year. Defer the reporting to management
until a satisfactory explanation can be obtained.
Expand audit procedures by observing the receipt of all augers during a
reasonable period of time and trace the receipts to the appropriate accounts.
Determine causes of any discrepancies.
Report the findings, as they are, to management and recommend an
investigation for possible irregularities.
Report the findings to the construction manager and insist that appropriate
internal controls, such as independent receiving reports, be implemented. Follow
up to see if the controls are properly implemented.
Problem solving.
Expansion of resources.
Authoritative command.
Altering the human variable
During the preliminary survey in conjunction with an upcoming audit of plant B, the
auditor discovers that the plant has experienced production problems with costs far
in excess of what management had planned and with finished goods inventory levels
that are clearly excessive. Which of the following management control procedures
would have best brought the problems to management s attention earlier?
A
B
10
All sales prices are determined centrally and are electronically sent to the plant to
update their sales price table (file). All sales transactions should be based on the
prices in the computerized table. Any pricing deviations must be approved by the
plant-marketing manager and by a manager in the marketing department at central
headquarters for updating the tables. The internal auditor wishes to know how this
processing is functioning. The most appropriate audit procedure and audit tools to
use would be to
A
B
C
D
11
is prepared detailing any inventory items with levels in excess of two weeks'
production. The report goes to plant management and central headquarters.
Production plans based on management forecasts are sent to the plants on a
monthly basis. A weekly report compares actual production with forecasted
production and weekly costs with budgeted costs.
A weekly report is prepared which compares actual sales with forecasted sales
and budgeted gross margin with actual gross margins. Inventory costs going into
cost of goods sold should be computed on a last in, first out basis to be the most
up-to-date.
Document the flow of sales price information from headquarters to the plant,
how the table is accessed and updated, and the use of the table in the billing
programme
Develop a flowchart of the sales order process to determine how orders are
taken and priced.
Use a questionnaire to identify who approves the shipment of goods and how the
goods are priced.
Obtain a copy of the existing programme flowchart from the plant to determine how
price data are accessed.
The auditor wishes to develop a flowchart of (1) the process of receiving sales order
information at headquarters; (2) the transmission of the data to the plants to
generate the shipment; and (3) the plants processing of the information for
shipment. The auditor should
A Start with management's decisions to set sales prices. Gather internal
documentation on the approval process for changing sales prices. Complement
documentation with a copy of the programme flowchart. Prepare an overview
flowchart that links these details.
B Start with a shipment of goods and trace the transaction back through the
origination of the sales order as received from the sales representative.
C Start with the receipt of a sales order from a sales representative and
walk-through both the manual and computerized processing at headquarters and
the plant until the goods are shipped and billed.
D Obtain a copy of the plant's systems flowchart for the sales process, interview
relevant personnel to determine, if any changes have been made, then develop
an overview flowchart that will highlight the basic process.
Items 12 are based on the following:
While performing analytical procedures related to an audit of a social services
agency of a government entity, the auditor noted that there was an unusually large
increase in payments to individual recipients who are under the direction of a
particular social worker in the agency.
12
Which of the following audit procedures would be the best procedure to investigate
this observation?
A
B
C
D
13
14
It provides more room for written descriptions that parallel the symbols.
It brings into sharper focus the assignment of duties and independent checks on
performance.
It is usually longer.
It does not provide as broad a picture at a glance.
Flowcharts.
Transaction retrievals.
Test decks.
Software code comparisons.
Chapter 5
1
Analytical review
A comparison of product sales during the promotion period with sales during a
similar non-promotion period.
A comparison of the unit cost of the products sold before and during the
promotion period.
An analysis of marginal revenue and marginal cost for the promotion period,
compared to the period before the promotion.
A review of the sales department's reasons for believing that the promotion has
been successful.
The auditor notes strong indicators of a specific fraud involving this account.
The company has relatively stable operations that have not changed much over
the past year.
The auditor would like to identify large, unusual, or nonrecurring transactions
during the year.
The operating expenses vary in relation to other operating expenses, but not in
relation to revenue.
A
B
C
D
Chapter 6
1
Use generalized audit software to list all purchases over $50,000 to determine
whether they were properly approved.
Develop a "snapshot" 'technique to trace all transactions by suspected buyers.
Use generalized audit software to take a random sample of all expenditures
under $50,000 to determine whether they were properly approved.
Use generalized audit software to list all major vendors by product line; select
a sample of paid invoices to new vendors and examine evidence which shows
that services or goods were received.
An auditor wishes to determine the extent to which invalid data could be contained
in a human resources computer system. Examples would be an invalid job
classification, age in excess of retirement age, or an invalid ethnic classification.
The best approach to determine the extent of the potential problem would be to
A
B
C
D
Submit test data to test the effectiveness of edit controls over the input of
data.
Review and test access controls to ensure that access is limited to authorised
individuals.
Use generalized audit software to develop a detailed report of all data outside
specified parameters.
Use generalized audit software to select a sample of employees. Use the
sample to determine the validity of data items and project the result to the
population as a whole.
B
C
D
The system is properly capturing the hours worked by employees during the
year and the hours have been properly submitted to payroll and processed
correctly.
All employees were correctly paid during the year and their pay was correctly
computed.
The computer application and its control procedures were processing payroll
transactions correctly during the past year.
All of the above.
Chapter 7
Chapter 8
The cost of implementing a major change intended to make the cost accounting
system more responsive to user needs.
The success of a government agency's objective of improving elevator safety.
The staffing level of a committee established to monitor production planning.
How well workers conform to established operating procedures on an assembly
line.
A manufacturing firm uses large quantities of small inexpensive items, such as nuts,
bolts, washers, and gloves, in the production process. As these goods are purchased,
they are recorded in inventory in bulk amounts. Bins are located on the shop floor to
provide timely access to these items. When necessary, the bins are refilled from
inventory, and the cost of the items is charged to a consumable supplies account,
which is part of shop overhead. Which of the following would be an appropriate
improvement to controls in this environment?
A
B
C
D
Financial.
Compliance.
Operational.
Programme results.
Ascertain that the benefits provided are cost effective for the organisation.
Determine that company policies on providing employee benefits are followed.
Check the adequacy and accuracy of accruals of employee benefit costs in books
and records.
Be sure that the programme is competitive with programmes of other area
organisations.
When testing the year-end balance for trade accounts payable, the use of an audit
software package to identify unauthorised vendors in a vendor database is most
useful in developing tests to determine
A
B
C
D
10
Assuming that the internal audit staff possesses the necessary experience and
training, which of the following services is appropriate for a staff internal auditor to
undertake?
A
B
C
D
Substitute for the accounts payable supervisor while he is out on sick leave.
Determine the profitability of alternative investment acquisitions and select the
best alternative.
As part of an evaluation team review, vendor accounting software internal
controls and rank according to exposures.
Participate in an internal audit of the accounting department shortly after
transferring from the accounting department.
Chapter 9
1
Clearly indicate the extent of internal auditing's knowledge of the fraud when
questioning suspects.
Assign personnel to the investigation in accordance with the audit schedule
established at the beginning of the fiscal year.
Perform its investigation independent of lawyers, security personnel, and
specialists from outside the organisation who are involved in the investigation.
Assess the probable level and the extent of complicity of fraud within the
organisation.
Which of the following controls is least likely to provide an auditor with assurance
that online purchase requisitions are properly authorised?
A Terminal access restrictions.
B Password requirements.
C Hash totals.
D Validity tests.
The auditor plans to select a sample of transactions to assess the extent that
purchase discounts may have been lost by the company. After assessing the risks
associated with lost purchase discounts, the auditor was most likely to select a
sample from which one of the following populations?
A
B
C
D
The auditor determined that the risks associated with the EDI purchases were less
than the risks associated with the purchases made through the traditional system.
Which one of the following factors best supports this prioritisation of risks?
A
B
C
D
A utility company with a large investment in repair vehicles would most likely
implement which internal control to reduce the risk of vehicle theft or loss?
A
B
C
D
Management of the department allowed the outside consultants to test and install
new releases of the application software without documenting the changes. Which of
the following risks would be most closely associated with this practice?
A
B
C
D
10
Chapter 10
1
When an office supply company is unable to fill an order completely, it marks the
out-of-stock items as back-ordered on the customer's order and enters these items in
a back-order file that management can view or print. Customers are becoming
disgruntled with the company because it seems unable to keep track of and ship
out-of-stock items as soon as they are available. The best approach for ensuring
prompt delivery of out-of-stock items is to
A
B
C
D
B
C
D
Its objectives and goals are consistent with the overall objectives of its
organisation.
It has a large technical staff.
It is given top priority in the budgeting process.
It uses leading-edge technology.
An information technology (IT) auditor overheard talk about a flaw in system design
of a new computer-based application system development project. What should the
auditor do first?
A
B
C
D
IT engagements
The first step in IT compliance audit testing is to review which of the following?
A
B
C
D
Which of the following would be the least important risk factor when considering the
ability to integrate the two companies' computer systems?
A
B
C
D
The
The
The
The
During the, first meeting, a disagreement occurs over the approach taken regarding
store compliance. The audit director for Company B questions Company A's extensive
use of store compliance testing, stating that the approach is neither responsive to
materiality concepts nor an appropriate Application of risk assessment. Company A's
audit director Presents the following reasoning:
I.
You have misconstrued materiality. Materiality is not based only on the size of
individual stores; it is also based on the control structure that affects the whole
organisation.
II. Any deviation from a prescribed control procedure is, by definition, material.
III. The only way to ensure that a material amount of the company's control
structure is covered is to comprehensively audit all stores.
I only.
I and II only.
III only.
I, II, and III.
The audit director for Company B decides to review selected store compliance audit
reports issued by the internal audit department of Company A. Upon reviewing the
reports, the director comments that most items included in the report are
inappropriate because they are very minor and cannot be considered material. The
director states that the management of Company B would not tolerate such reports.
Which of the following assertions by the audit director of Company A is(are) valid?
I.
These are the kinds of reports we have provided since the company has been in
operation, and they have served our company well.
II.
The reports are consistent with management's control philosophy and are an
integral part of the overall control environment.
III. Materiality is in the eyes of the beholder. Any deviation is considered material
by my management.
A
B
C
D
I only.
II only.
III only.
II and III.
In analyzing the differences between the two companies, the audit director of
Company A notes that Company A has a formal corporate code of ethics while
Company B does not. The code of ethics covers such things as purchase agreements
and relationships with vendors as well as a host of other issues to guide individual
behavior within the firm. Which of the following statements regarding the existence
of the code of ethics in Company A can be logically inferred?
I. Company A exhibits a higher standard of ethical behavior than does Company B.
II. Company A has established objective criteria by which an individual's actions can
be evaluated.
III. The absence of a formal corporate code of ethics in Company B would prevent a
successful audit of ethical behavior in that company.
A
B
C
D
I and II.
II only.
III only.
II and III.
Company A's audit director, who is also a QIA, faces an ethical dilemma. For an audit
in process, persuasive evidence indicates that a top manager has been involved in
insider trading. The extent and type of trading is such that the, trading would be
considered fraudulent. However, the findings' were encountered as a side issue of
another audit and are not considered relevant to the compatibility of the computer
systems. Regarding this finding, which of the following is the audit director's most
appropriate action?
A
Discontinue audit work associated with the insider trading and report the
preliminary findings to the companys external legal counsel for their
investigation. Report the legal counsel findings to management.
Discontinue audit work associated with the insider trading. Report the
preliminary findings to the chairperson of the audit committee and recommend
an investigation.
Continue work on the insider trading sufficient to conclusively establish whether
fraudulent activity has taken place, then report the findings to the chairperson
of the audit committee. Report the matter to government officials if appropriate
action is not taken.
Discontinue audit work associated with the insider trading since it is not an
integral part of the existing audit and the audit committee has established higher
priority work for the auditors.
10
The two organisations agree to share data on store operations. The data reveal that
three stores in company A are characterized by
Significantly lower gross margins
Higher-than-average sales volume
Higher levels of employee bonuses
The three stores are part of a set of six that are managed by a relatively new section
manager. In addition, the store managers of the three stores are also relatively new.
The most likely cause of the observed data is
A
B
C
D
11
Assume the auditor concludes that the most reasonable explanation of the observed
data in the prior question is that inventory fraud is taking place in the three stores.
Which of the following audit activities would provide the most persuasive evidence
that fraud is taking place?
A
B
C
D
Use an integrated test facility (ITF) to compare individual sales transactions with
test transactions submitted through the ITF. Investigate all differences.
Interview the three individual store managers to determine if their explanations
about the observed differences are the same, and then compare their
explanations to that of the section manager.
Schedule a surprise inventory audit to include a physical inventory. Investigate
areas of inventory shrinkage.
Take a sample of individual store prices and compare them with the sales
entered on the cash register for the same items.
12
Which of the following preprocessing controls is least likely to provide the auditor
with assurance about the validity of transactions?
A
B
C
D
13
The auditor wants to obtain assurance that the EFT payments have not been made
twice. Computer-assisted audit tools and techniques could be used to perform which
of the following procedures?
I. Identification of EFT transactions to the same vendor for the same dollar
amount.
II. Extraction of EFT transactions with unauthorised vendor codes.
III. Testing of EFT transactions for reasonableness.
IV. Searching for EFT transactions with duplicate purchase order numbers.
A
B
C
D
14
When the auditor called to arrange the annual control audit during the third,
quarter, the VAN Provider stated that it could not accommodate the auditor since
the peak processing period started earlier than normal this year and all VAN
personnel were occupied. This scope limitation, along with its potential effect, must
be communicated to which one of the following?
A
B
C
D
15
Because the VAN did not provide the auditor with access to its system, that portion
of the audit programme was not completed. Which one of the following should the
auditor not do?
A
B
C
D
16
Which one of the following would not be included as a reason for the company to use
EFT with the EDI system?
A
B
C
D
17
Which one of the following is least likely to be recommended by the auditor when an
EDI/EFT system is being designed?
A
B
C
D
18
19
Allow only the users to change their passwords, and encourage them to change
passwords frequently.
Implement a computer programme that tests to see that the password is not easily
guessed.
Implement the use of see-through authentication techniques whereby the user
uses a card to generate a password and verifies both the key and the generated
password to the system.
Limit password authorisation to time of day and location.
Asynchronous transmission.
Encryption.
Use of fiber optic transmission lines.
Use of passwords.
20
It
It
It
It
Chapter 11
1
Internal auditors are often called on either to perform, or assist the external
auditor in performing, a due diligence review. A due diligence review is
A
B
C
Alter the scope of the audit to focus on activities associated with air
emissions.
Share the auditor's extensive knowledge with the ESH manager.
Take note of the weakness and direct additional questions to help determine
the potential effect of the lack of knowledge.
Report potential violations in this area to the appropriate regulatory agency.
Which of the following control procedures would provide the greatest assurance
that all donations to a nonprofit organisation are immediately deposited to the
organisation's account?
A
B
C
D
contracts.
Upon initial investigation of these outsourced areas, the auditor found many areas
in which the outsourced management has apparently expanded its authority and
responsibility. For example, the contractor that manages computer operations has
developed a highly sophisticated security programme that may represent the most
advanced information security in the industry. The auditor reviews the contract
and sees reference only to providing appropriate levels of computing security. The
auditor suspects that the governmental agency may be incurring developmental
costs that the outsourcer may use for competitive advantage in marketing services
to other organisations.
Regarding the audit finding of an advanced computing security system, what is the
most appropriate course of action by the auditor?
A
B
C
D
The auditor wishes to estimate the additional cost of the added security. Which of
the following procedures would be the best first step in providing that evidence?
Compare the total costs of computer security under the new contract with the
total computer security costs
A
B
C
D
10
Estimate the amount of cost used to develop the advanced security system
and inform the outsourcer that it will be a disallowed cost.
Exclude the finding from the audit report because the contract was vague and
the level of security is clearly acceptable.
Estimate the added cost, report it to management, and suggest that
management meet with its lawyers and the outsourcer to resolve differences.
Compare the cost with previous costs incurred by governmental operations
and inform the outsourcer that the difference will be a disallowed cost.
Previously incurred.
Previously incurred, as a percent of total cost incurred.
Of other governmental entities of similar size.
Of each other entity managed by this outsourcer.
11
The auditor is concerned whether all the debits to the computer security expense
account are appropriate expenditures. The most appropriate audit procedure
would be to
A
B
C
D
12
C
D
13
Assume the auditor investigates and finds that the company providing the
computing services is clearly performing research and development activities and
charging the governmental entity for those activities because it is experimenting
with implementing the security techniques on the governmental entity. Which of
the following statements are correct?
I.
II.
III.
A
B
C
D
Chapter 12
1
In planning a system of internal operating controls, the role of the internal auditor is
to
A
B
C
D
Consulting engagements
Selling.
Quality.
Cost reduction.
Flexibility.
Which of the following structures yields greater efficiency and production and is
achieved by reengineering or process redesign?
A
B
C
D
An organisation should not have which of the following business process orientations?
A
B
C
D
view.
jobs.
management and measures.
structure.
11
Process
Process
Process
Process
10
Functional view.
Process jobs.
Process management and measures.
Process structure.
Functional organisation.
Hierarchical organisation.
Horizontal organisation.
Vertical organisation.
The time between when an order is placed and when it is received by the
customer is known as
A
B
C
D
Arrival time.
Order cycle time.
Shipping time.
Order time
12
Which of the following involves identifying, studying, and building on the best
practices of other organisations?
A
B
C
D
Kaizen.
Benchmarking.
Plan, Do, Check, and Act cycle.
Total quality management.
13
14
Goal setting is an important component of motivating employees. The goal "We need
to do much better than before" would not be appropriate because it
A
B
C
D
15
A manager who is concerned with achieving the goals of the organisation without
much concern for use of resources is
A
B
C
D
Incompetent.
Focusing on effectiveness.
Focusing on efficiency.
Using a goal-setting approach to management.
Chapter 13
1
When an auditor's sampling objective is to obtain a measurable assurance that a sample will
contain at least one occurrence of a specific critical exception existing in a population, the
sampling approach to use is
A
B
C
D
Attributes sampling.
Discovery sampling.
Targeted sampling.
Variables sampling.
After partially completing an internal control review of the accounts payable department, the
auditor suspects that some type of fraud has occurred. To ascertain whether the fraud is
present, the best sampling approach would be to use
A
B
C
D
Random.
Discovery.
Probability proportional to size.
Variables.
Management is legally required to prepare a shipping document for all movement of hazardous
materials. The document must be filed with bills of lading. Management expects 100%
compliance with the procedure. Which of the following sampling approaches would be most
appropriate?
A
B
C
D
Fraud
Simple random sampling to select a sample of vouchers processed by the department during
the past year.
Probability-proportional-to-size sampling to select a sample of vouchers processed by the
department during the past year.
Discovery sampling to select a sample of vouchers processed by the department during the
past year.
Judgmental sampling to select a sample of vouchers processed by clerks identified by the
department manager as acting suspiciously.
With respect to computer security and fraud, a legal liability exists to an organisation under
which of the following conditions?
A
When estimated security costs are greater than estimated losses.
B
When estimated security costs are equal to estimated losses.
C
When estimated security costs are less than estimated losses.
When actual security costs are equal to actual losses.
The objective of which of the following team members is similar to that of the information
systems security officer involved in a computer crime investigation?
A
B
C
D
Red flags are conditions that indicate a higher likelihood of fraud. Which of the following would
not be considered a red flag?
A
B
C
Management has delegated the authority to make purchases under a certain dollar limit to
subordinates.
An individual has held the same cash-handling job for an extended period without any
rotation of duties.
An individual handling marketable securities is responsible for making the purchases,
recording the purchases, and reporting any discrepancies and gains/losses to senior
management.
The assignment of responsibility and accountability in the accounts receivable department is
not clear.
Which of the following audit procedures would have detected the fraud?
A
B
C
D
An investigator.
A district attorney.
A computer expert.
An internal systems auditor.
During a regularly scheduled IT audit of a major division, the IT auditor discovers a complicated
programming algorithm that adds costs to a cost-plus programme billing the government. The
amount added accounted for 95% of the net income for the division for the most recent year.
Upon further investigation, the IT auditor finds that only the marketing manager, the divisional
manager, and the programmer know of the algorithm.
The company has a separate section to investigate fraud. The auditor communicates with
management and the special investigation section, and the investigation is turned over to that
group. However, after a month, it becomes apparent that senior management has instructed the
group to "not make waves" and to drop the investigation. The internal audit department should
A
B
C
D
Immediately report the circumstances and the ITauditor's findings to the audit committee.
Immediately report the circumstances and the ITauditor's findings to the appropriate
governmental regulatory agency because the auditor cannot knowingly be a party to an
illegal act.
Take no further action. The nature of the fraud has been reported to the proper authorities
within the company and the auditor has no power to pursue the investigation further.
Report the findings to the external auditor because the external auditor should be aware of
any material misstatement of account balances.
A significant employee fraud took place shortly after an internal audit. The Internal auditor may
not have properly fulfilled the responsibility for the deterrence of fraud by failing to note and
report that
A
B
C
D
Policies, practices, and procedures to monitor activities and safeguard assets were less
extensive in low-risk areas than in high-risk areas.
A system of control that depended on separation of duties could be circumvented by
collusion among three employees.
There were no written policies describing prohibited activities and the action required
whenever violations are discovered.
Divisional employees had not been properly trained to distinguish between bona fide
signatures and cleverly forged ones on authorisation forms.
10
Analytical tests can be useful in detecting frauds. Which of the following analytical procedures
would most likely have signaled the existence of the fraud?
A
B
C
D
11
Which of the following controls would be least likely to prevent or detect the fraud described
above?
A
B
C
D
Require authorisation of payments by someone other than the clerk negotiating the
contract.
Comparison by person signing checks of invoices to an independent verification of services
received.
Budget preparation by someone other than person signing contract and approving payment.
Mailing of check by someone other than persons responsible for check signing or invoice
approval.
12
13
Which of the following audit procedures would most likely lead to the detection of the fraud?
A Take a sample of paid invoices and verify receipt, of services by departments involved.
B Trace a sample of checks disbursed to approved invoices for services.
C Perform bank statement reconciliation and account.
D Trace a sample of receiving documents to invoices and to checks disbursed.
Take a sample of cash disbursements; compare purchase orders, receiving reports, invoices,
and check copies.
Take a sample and confirm the amount purchased; purchase price, and date of shipment
with the vendors.
Observe the receiving dock and count material received; compare your counts to receiving
reports completed by receiving personnel.
Prepare analytical tests, comparing production, material purchased, and raw material
inventory levels and investigates differences.
Which of the following internal controls would have been most effective in preventing this fraud?
A
B
C
D
15
Which of the following audit procedures performed by the internal auditor would be most
effective in leading to the discovery of this fraud?
A
B
C
D
Tracing selected canceled checks to the cash payments journal and to the related vendors'
invoices.
Performing a trend analysis of printing supplies expenses for a two-year period.
Tracing prices and quantities on selected vendors' invoices to the related purchase orders.
Recomputing the clerical accuracy of selected vendors' invoices, including discounts and
sales taxes.
16
Once the internal auditor becomes reasonably certain that this defalcation is taking place, what
should the auditor do next?
A
B
C
D
Immediately report the matter to the appropriate law enforcement official, since a potential
felony is involved.
Say nothing now, but include a description of the suspected defalcation in the audit.
Immediately report the matter to the appropriate level of management.
Immediately discuss the matter with the employee suspected of the defalcation in order to
confirm the audit findings.
17
18
-4
year
5%
4
40
3%
The current dilemma in which Frank finds himself was least likely caused by
A
B
C
D
Chapter 14
Monitoring engagements
Assume that senior management has decided to accept the risk involved in failure to
document the basis for lease-versus-purchase decisions involving company automobiles. In
such a case, what would be the auditors' reporting obligation?
A
B
C
Follow-up activity may be required to ensure that corrective action has taken place for
certain findings. The internal audit department's responsibility to perform follow-up
activities as required should be defined in the
A
B
C
D
During an audit of purchasing, internal auditors found several violations of company policy
concerning competitive bidding. The same condition that had been reported in an audit
report last year, and corrective action had not been taken. Which of the following best
describes the appropriate action concerning this repeat finding?
A The audit report should note that this same condition had been reported in the prior
audit.
B During the exit interview, management should be made aware that a finding from the
prior report had not been corrected.
C The director of internal auditing should determine whether management or the board
has assumed the risk of not taking corrective action.
D The director of internal auditing should determine whether this condition should be
reported to the independent auditor and any regulatory agency.
Internal auditing is responsible for reporting fraud to senior management or the board
when
A The incidence of fraud of a material amount has been established to a reasonable
certainty.
B Suspicious activities have been reported to internal auditing.
C Irregular transactions have been identified and are under investigation.
D The review of all suspected fraud-related transactions is complete.
10
An element of authority that should be included in the charter of the internal auditing
department is
A
B
C
D
Identification of the operational departments which the audit department must audit.
Identification of the types of disclosures which should be made to the audit
committee.
Access to records, personnel, and physical properties relevant to the performance of
audits.
Access to the external auditor's working papers.
11
The key factor to the success of an audit organisation's human resources programme is
A An informal programme for developing and counseling staff.
B A compensation plan based on years of experience.
C A well developed set of selection criteria.
D A programme for recognising the special interests of individual staff members.
12
You have been selected to develop an internal auditing department for your company. Your
approach would most likely be to hire
A
B
C
D
Internal auditors each of whom possesses all the skills required to handle all audit
assignments.
Inexperienced personnel and train them the way the company wants them trained.
Degreed accountants since most audit work is accounting related.
Internal auditors who collectively have the knowledge and skills needed to complete all
internal audit assignments.
13
The internal auditing department of a large corporation has established its operating
plan -and budget for the coming year. The operating plan is restricted to the following
categories: a prioritised listing of all audits, staffing, a detailed expense budg et, and the
commencement date of each audit. Which of the following best describes the major
deficiency of this operating plan?
A
B
C
D
14
The director of internal auditing is preparing the work schedule for the next budget year
and has limited audit resources. In deciding whether to schedule the purchasing or the
personnel department for an audit, which of the following would be the least important
factor?
A
B
C
D
15
Why should organisations require auditees to promptly reply and outline the corrective
action that has been implemented on reported deficiencies?
A
B
C
D
To
To
To
To
SOLUTIONS
16
17
18
19
20
D
D
C
A
B
21
22
A
A
11
12
13
14
15
C
D
D
A
B
11
12
13
D
C
C
11
12
13
14
15
B
B
C
B
B
6
7
A
D
11
12
D
A
16
17
C
B
3
4
5
8
9
10
A
C
B
13
14
15
D
D
B
18
11
12
3
4
A
C
8
9
A
B
13
14
C
B
10
15
C
C
D
16
17
18
19
20
A
D
C
B
D