You are on page 1of 9

Chapter 3 Answers Multiple Choice (Questions 1-51

)

Internal Audit Activity’s Role in Organizational Governance
1. Choice (c) is the correct answer. A private conversation signals to the employee that the CAE is
interested in what he or she has to say, and will not be measuring his or her words against those of
another. However, the CAE must establish a position and show support for the supervisor. There
may be more than one valid viewpoint, but that does not necessarily mean that the employee's is
valid (IIA Standard 2030 – Resource Management). Choice (a) is incorrect. The supervisor, as
author of a critical performance review, will only add to the element of management intimidation.
Choice (b) is incorrect. Again, the presence of a third party would inhibit the CAE’s listening
effectiveness. Unless the CAE thinks the auditor's concerns are so serious that the human resources
department must be informed, it is preferable to meet with the employee privately. Choice (d) is
incorrect. It is never appropriate to mislead an employee in order to obtain information or to
determine the employee’s view on a matter.
2. Choice (c) is the correct answer. The annual plan should be comprised of both an audit
schedule and a budget and, as such, should include all of these issues (IIA Standard 2010 –
Planning). Choice (a) is incorrect. The charter outlines the purpose, authority, and responsibilities
of the department, not the details related to staffing and such. Choice (b) is incorrect. The
policies and procedures manual spells out how audits should be conducted. It does not cover
areas such as staffing levels. Choice (d) is incorrect. Job descriptions do not reflect staffing level
requirements.
3. Choice (a) is the correct answer. The development of audit programs occurs during the
planning phase of an individual audit. It is not included within the scope of developing the audit
schedule (IIA Standard 2010 – Planning). Choices (b), (c), and (d) are incorrect because each
choice is considered to determine the audit schedule.
4. Choice (a) is the correct answer. In addition to language skills, local customs must be
considered. For example, gender and ethnic compatibility may be important in some Middle
Eastern countries because religious restrictions and incompatibilities are relevant. As always,
experience levels are relevant in making audit assignments (IIA Standard 2010 – Planning).
Choice (b) is incorrect. The Monetary Exchange Rate would not be a factor in determining the
needed traits of the team members. Choice (c) is incorrect because it includes appropriate factors,
but does not identify all the acceptable choices. Choice (d) is incorrect because it includes
incomplete answer.
5. Choice (c) is the correct answer. The purpose of a quality assurance program is to evaluate the
operations of the internal audit department. The IIA Standard 1300 – Quality Assurance and
Improvement Program notes that a program should include supervision, internal reviews, and

This is true in any organization whether it is audit or non-audit function that a well-developed set of selection criteria is important (IIA Standard 2030 – Resource Management). 11. and Responsibility). seminars. Selection of individuals with the attributes and education needed for internal auditing is essential if the staff is to develop properly. The alternatives may be desirable. (c). Choice (d) is the correct answer because it is the primary reason. 10. Choice (c) is the correct answer. Choice (a) is incorrect. (b). 6. A specialist from the department currently being audited would not be independent due to his natural bias towards that department (IIA Standard 1210 – Proficiency and IIA Standard 2030 – Resource Management). Choice (b) is incorrect. but do not identify all the acceptable choices. Choices (b). Choices (a). Choice (c) is incorrect. Choice (a) is incorrect. The auditor is obligated to make all needed disclosures to the audit committee. The key point is independence and objectivity. Choice (c) is incorrect. Choices (a) and (b) are incorrect because they include acceptable consultants. Access to the external auditor's working papers cannot be guaranteed in the charter. This approach establishes a precedent or standard for others to follow. It is a secondary reason. Authority. (b). but does not provide feedback. Choice (d) is the correct answer because it is a task most likely performed by the team leader (IIA Standard 2230 – Engagement Resource Allocation and IIA Standard 2340 – Engagement Supervision). Choice (a) is the correct answer because it is a planning task (IIA Standard 2340 – Engagement Supervision). The success of . 7. auditor burnout can be reduced with less travel. Choice (d) is the correct answer. (c). 8. Choice (d) is incorrect. Professional development can be obtained in other ways such as attending conferences. Choices (a). Choices (a). and (d) are incorrect because each choice is a common team leader task. It is a secondary reason. Choice (b) is incorrect. For example. The auditor must have access to all audit evidence in order to fulfill his obligations and responsibilities (IIA Standard 1000 – Purpose. and (d) are incorrect because each choice is a supervisory task. Choice (c) is the correct answer. Choice (b) is the correct answer because it is a task most likely performed by the audit staff (IIA Standard 2230 – Engagement Resource Allocation and IIA Standard 2340 – Engagement Supervision).external reviews. Choice (a) is incorrect. 9. It is a secondary reason. and taking the CIA exam. and (c) are incorrect because each choice is a common CAE’s task. 12. A specialist from the same department is unacceptable since the person would not be either independent or objective. and (d) are incorrect because proper training is an important component of maintaining a current staff. but they are not the basis for the rotation preference (IIA Standard 1120 – Individual Objectivity and IIA Standard 2030 – Resource Management). The internal audit department should not specifically identify what activities will be audited.

This is true in any organization whether it is audit or non-audit function that a well-developed set of selection criteria is important (IIA Standard 2030 – Resource Management). which perform IT audits. Choice (d) is incorrect. . Choice (a) is incorrect. 15. Many skills are needed in internal auditing. Not the best answer because such a program should be fair and equitable to all staff members. While compensation is an important factor in attracting and retaining staff. While compensation is an important factor in attracting and retaining staff. Choice (d) is the correct answer. Choice (b) is incorrect. Not the best answer because such a program should be fair and equitable to all staff members. It is also necessary to have experienced auditors available to train and supervise less experienced staff members. Choice (b) is incorrect. 14. Choice (c) is incorrect. Performance evaluations are a periodic function and will not be effective on a day-to-day basis. It is desirable to have various skill levels to match auditors appropriately with varying assignment complexities. 13. Choice (c) is the correct answer. Choice (a) is the correct answer because it is a good source of information concerning staff size or skill requirements (IIA Standard 2010 – Planning and IIA Standard 2030 – Resource Management. Position descriptions provide the purpose description and responsibilities of individual positions but are not effective in the day-to-day management of the function. Choice (c) is incorrect. it is probably not the most important in staff development. Quality control reviews would evaluate compliance and not serve as a daily guide to the audit staff. The success of any training program will be heavily dependent on the attributes of those being trained.any training program will be heavily dependent on the attributes of those being trained. 16. The scope of internal auditing is so broad it is not possible for one individual to have the requisite expertise in all areas. Computer skills are widely needed in companies. Choices (b) and (d) are incorrect because there are not obvious link with scheduled work. Many industries find it necessary to have the skills of engineers and other disciplines available on a regular basis. Choice (b) is incorrect. Choice (d) is the correct answer. No internal audit department can have a credible program without this mix (IIA Standard 1210 – Proficiency and IIA Standard 2030 – Resource Management). Selection of individuals with the attributes and education needed for internal auditing is essential if the staff is to develop properly. Choice (c) is incorrect because that would not account for the unique needs of a particular organization. Choice (b) is incorrect. Comprehensive policies and procedures provided by the chief audit executive guide the audit staff on a daily basis to ensure compliance with department's standards of performance (IIA Standard 2040 – Policies and Procedures). Choice (d) is incorrect. it is probably not the most important in staff development. Having a collective mix of knowledge and skills is an integral part of the IIA’s Standards. Choice (a) is incorrect. Choice (a) is incorrect.

19. Choice (a) is the correct answer. Choice (d) is the correct answer. how it is reported and to whom it will be reported) is not included in the charter and is not related to operational effectiveness of the internal audit department. bring special skills to the department instead of specific knowledge of internal auditing standards (IIA Standard 1210 – Proficiency and IIA Standard 2030 – Resource Management).g. however. Choice (a) is incorrect. This is the most realistic way to address the department's staffing needs (IIA Standard 1210 – Proficiency and IIA Standard 2030 – Resource Management). Choice (c) is incorrect. (2) authorize access to records. Choice (a) is incorrect. Authority. no further audit . It is required that the department collectively has this knowledge. Having limitations on such access would impact the operational effectiveness of the internal audit department because the internal auditor would not be able to conduct the audit in the proper approach that he designed it. Choice (b) is incorrect. The IIA Standards states the general subjects that staff should possess knowledge of but clearly states that every auditor need not possess knowledge of all of them. The procedures to be employed by internal auditors in investigating and reporting fraud are not included in the charter. The audit program is limited in scope to a particular project. 18. The Standards state that "the charter should (1) establish the department's position within the organization. The long-range program gives evidence of coverage of key functions at planned intervals (IIA Standard 2010 – Planning). When a deficiency has been substantiated. and (3) define the scope of internal auditing activities. but it is not used to ensure adequate audit coverage over time. Internal auditing standards are required to be known by the department collectively. Choice (c) is incorrect. Choice (b) is incorrect. Each new employee of an internal auditing department is not required to have knowledge of internal auditing standards. Choice (d) is the correct answer. but it does not adequately address the department's present needs. Individual internal auditing staff members may. and physical properties relevant to the performance of audits.. but also such information is not related to the operational effectiveness of the internal audit department. This may be good advice. The department charter is not an audit planning tool. 20." Accordingly. Choice (d) is incorrect. Choice (a) is incorrect. Choice (b) is incorrect. Each individual internal auditor is not required to have knowledge of accounting or taxes. personnel and physical properties. The IIA Standard 1000 – Purpose. 21. personnel. The department budget may be used to justify head count. The department's needs may be for additional expertise in economics or computer science. not only is the frequency of audits not included in the charter. Choice (c) is incorrect. Choice (d) is incorrect. Choice (c) is incorrect. Choice (b) is the correct answer. which are relevant to their work.17. Choice (b) is incorrect. Choice (a) is the correct answer. and Responsibility states that the charter should include the internal auditors' access to those records. The manner of reporting audit findings (e. Time budgets should be appraised for revision after the preliminary survey and preparation of the audit program (IIA Standard 2200 – Engagement Planning). What knowledge that was acquired by observing is irrelevant to the skills necessary for internal auditing.

and (c) are incorrect because according to the Standards. Continuing education occurs after the proper people are hired. Choice (b) is incorrect. External reviews should be conducted at least once every five years (IIA Standard 1312 – External Assessments). The employee evaluation conference is not a timely place to discuss problems and receive updates. 23. it will not overcome hiring the wrong person. Choice (a) is incorrect. Choice (c) is incorrect. The assignment of inexperienced staff should have no effect on the time budget. 26. Choice (b) is the correct answer. Choice (d) is incorrect. Informal communication is not the most appropriate forum.work is required. Choice (b) is the correct answer. Choice (b) is incorrect. Formal staff meetings provide the best opportunity for ensuring that issues are addressed timely and efficiently (IIA Standard 2030 – Resource Management and IIA Standard 2040 – Policies and Procedures). including determining that audit objectives are being met (IIA Standard 2340 – Engagement Supervision). Choice (d) is incorrect. they are not the primary requisite. External review process will provide independent evaluation for management and the audit committee (IIA Standard 1312 – External Assessments). However. Choice (c) is the correct answer because this is a requirement of the IIA Standard 2010 – Planning. Choice (c) is the correct answer. Properly formulated job descriptions provide a basis for the identifying job qualifications. Internal review process will assess if audit activities meet professional standards. Supervision should be carried out continually. Choice (d) is incorrect because staffing for each audit would include this consideration. Choice (d) is the correct answer. 24. The exit conference can be used to allow operating management to air their views and to present any operational objections to specific . 27. Choice (a) is incorrect. Internal peer review process will identify things that can be done better. 22. Choices (a). including training and experience (IIA Standard 2030 – Resource Management). Internal review process will set forth recommendations for improvement. Choice (c) is incorrect. Choice (d) is incorrect. the CAE is responsible for supervision. However. Employee background checks help assure that statements made by prospective employees are accurate. Choice (c) is the correct answer. Periodic rotation of audit managers is not required. The chief audit executive (CAE) is responsible for supervision. not just on a periodic test basis. Choice (a) is incorrect. Internal reviews should be conducted by internal auditors and should focus on specific audit projects. 28. Choice (a) is incorrect. 25. Memoranda are generally impersonal and do not afford a good opportunity for maximum exchange of ideas. Choice (b) is incorrect. Choice (d) is incorrect. Choices (a) and (b) are incorrect because prioritizing audits would consider these factors. Expanded tests should have no effect on the time budget. Choice (c) is incorrect. Choice (d) is the correct answer. the budget would have already been expanded as necessary. (b). A thorough orientation helps the new employee become productive more rapidly.

recommendations (IIA Standard 2440 – Disseminating Results). Activity reports compare actual performance with goals and schedules and compare actual expenditures with financial budgets. Choice (c) is incorrect. Choice (c) is incorrect. An interim report would have been used to accomplish this. Choice (d) is incorrect. Choice (a) is incorrect. and IIA Standard 2200 – Engagement Planning). The distribution of reports is not a secondary purpose of an exit conference. Choice (c) is incorrect. Choice (c) is incorrect. Choice (b) is the correct answer. Comparison of the plan to actual activity will reveal if the planned breadth was achieved (IIA Standard 2010 – Planning and IIA Standard 2410 – Criteria for Communicating). While past performance is an indicator of the value of internal auditing. 33. Management satisfaction does not directly relate to the expressed goal (broader audit coverage). 34. Choice (a) is incorrect. Choice (d) is incorrect. The number of audit findings is not an indicator of audit breadth or quality. As specified in the IIA Standard 2030 – Resource Management. not auditor skill availability. Choice (d) is incorrect. This is a mechanical immaterial aspect of the report process. audit work schedules determine both staffing plans and financial budgets. Senior audit personnel are expected to be at corporate level. should drive audit schedules (IIA Standard 2010 – Planning). Choice (b) is incorrect. This is the objective of the audit as per the IIA Standard 2440 – Disseminating Results. Practice Advisory 2010-2. Choice (a) is the correct answer. authority. and (c) are incorrect because each one of them is not an activity report as defined by the Standards. Choice (b) is the correct answer. Choices (a). Audit needs. 32. 31. Choice (d) is the correct answer. 35. Choice (d) is incorrect. Choice (a) is incorrect. Choice (d) is incorrect. The auditee may not concur with the finding. This is an instructive solution and explains the defect in the actions of the internal auditor (IIA’s Code of Ethics and IIA Standard 2431 – Engagement . Choice (b) is the correct answer. Objectivity of field office personnel decreases. This may or may not be considered in closing the audit. Choice (b) is the correct answer because it is an advantage of field office (IIA Standard 2010 – Planning. (c) and (d) are incorrect because each one is an important factor according to the Standards. 30. it will not impact the funds committed to current operations. Choice (a) is incorrect. The charter for an internal auditing department defines the purpose. Choice (d) is the correct answer. Choice (c) is incorrect. (b). Senior management should be given a greatly condensed view of the results of an audit. This is an administrative function of the audit organization. This information is a status report to be provided to the audit oversight authority (IIA Standard 2060 – Reporting to Senior Management and the Board and IIA Standard 2410 – Criteria for Communicating). and responsibility of the department. Choices (a). 29. Implementation of a quality assurance program has no bearing on the stated goal. Disadvantage-decreases ease of maintaining standards.

(b). Choices (a). There was no intent to do wrong. but favorable variances could also occur if many audits were cut short due to scope impairments. and communicating this need to the audit staff (IIA Standard 2030 – Resource Management). Choice (d) is incorrect. Choice (b) is the correct answer. Management foot-dragging could cause unfavorable variances. They perform best with moderate risks. The chief financial officer and chief executive officer involvement would not be needed. in this case. The single occurrence described does not warrant this action. Choice (c) is incorrect. Policies and procedures of the internal audit function are developed by the internal audit department and should not be affected by non-audit management. The cost benefit of internal auditing is neither easily quantifiable nor the subject of an external review (IIA Standard 1312 – External Assessments).Disclosure of Nonconformance). The chairman of the board and chief operating officer need not be involved unless significant problems were revealed.. Choice (a) is incorrect. Choice (c) is the correct answer. Also. An unbiased evaluation of audit staff would not be affected by lack of cooperation on the part of non-audit management. Choice (b) is the correct answer. Choice (b) is incorrect. insufficient audit personnel or that audit personnel lacking necessary skills to provide feedback on automated support systems. feedback. Choices (a). No indication that staffing or decision making are problems. The problem of lack of feedback indicates the CAE has problems in planning and allocating. 36. In this type of situation. (c). and (d) are incorrect because high achievers prefer moderate risks. and moderate risks (IIA Standard 2120 – Risk Management). Choice (a) is incorrect. Choice (d) is incorrect. Choice (c) is incorrect. 39. . The sanction is probably too severe. Authority. and Responsibility). 37. the sales director and vice-president of marketing would be sufficient (IIA Standard 2400 – Communicating Results). the staff may lose a good auditor. High achievers thrive when the job provides for personal responsibility. Choice (a) is incorrect. No indication that organizing is a problem. and (d) are incorrect because they are included in the evaluation of the performance of an internal auditing department per the IIA Standard. 38. No indication that there is staffing problems (i. management is highly averse to analysis or possible criticism of their actions and will not grant the internal auditors an adequate charter (IIA Standard 1000 – Purpose.e. Audit reports should be distributed to those members of the organization who are able to ensure that audit results are given due consideration. Choice (c) is incorrect. Choice (c) is incorrect. The chairman of the board and controller need not be involved unless significant problems were revealed. Choice (b) is incorrect. Choice (b) is incorrect. This is partly correct but it has no instructive value. 40. An operating budget variance report is a control device used to monitor actual performance versus budget. Choice (d) is the correct answer. Choice (a) is the correct answer. audit resources to address communicating this need.

It also includes credit risk. and market risk. Management must consider de-risking the opportunities when creating and evaluating new opportunities. processes. technology. Choice (c) is incorrect. When companies fail to manage risks. 42. Risks and opportunities move together and the key is to determine if the potential of a given opportunity exceed the risks (IIA Standard 2010 – Planning and IIA Standard 2120 – Risk Management). Choice (a) is incorrect. The hazard risk includes risks that are insurable such as natural disasters.41. and terrorism. the chief audit executives (CAEs) of the study companies understand the value-added potential of ERM. Choice (c) is the correct answer. and global market conditions. regulatory. 43. services. which made them very effective ERM champions. protect. Choice (a) is the correct answer. According to the IIA Research Foundation. and commodities. . IIA Standard 2010 – Planning. and shareholder value can be lost. Both management and auditors should be involved in improving the image of internal audit in the organization (IIA Standard 2410 – Criteria for Communicating). The ERM includes both upside and downside risks. liquidity risk. Choice (d) is incorrect. The goal of an ERM initiative is to create. The operational risk is related to the organization’s internal systems. Management should also know if communication is poor because of some auditor behavior. which creates great pressure on management to improve corporate governance. and threat (SWOT) analysis used in strategic management. According to the IIA Research Foundation. 44. where risks are a part of uncertainty. and customer risks. The strategic risks include risks related to strategy. leadership risks. various insurable liabilities.The other three choices are part of the value-added potential. and IIA Standard 2120 – Risk Management). economic. opportunities are missed. 45. It also includes reputation risks. Choice (b) is incorrect. opportunity. Choice (d) is incorrect. Items III and IV are part of the strength. and enhance shareholder value by managing the uncertainties that could influence in achieving the organization’s objectives (IIA Standard 2010 – Planning and IIA Standard 2120 – Risk Management). Choice (b) is the correct answer. Choice (a) is incorrect. weaknesses. interest rates. political. ERM encompasses the more traditional view of potential hazards (threats) as well as opportunities. impairment of physical assets and property. The ERM approach is more than just integrating risks. ERM adds value because it is both inward-looking and forward-thinking (IIA Standard 2010 – Planning and IIA Standard 2120 – Risk Management). and people (IIA Glossary. The auditors also need to know the feedback so they can improve relations with auditees for the next audit. Choice (a) is the correct answer. Choice (a) is the correct answer. ERM defines risk as any event or action that could adversely influence an organization’s ability to achieve its objectives. products. The financial risk includes risks from volatility in foreign currencies. brand management risks. Involving the auditees should reduce conflict and defensiveness and make the audit more participative.

51. Choice (b) is the correct answer. by which a firm is being governed. overall assessment of risks and internal control effectiveness. Choice (d) is the correct answer. The board of directors provides governance. boards of directors.46. The major condition embedded in the structure of modern corporations that has contributed to the corporate governance problem has been the separation of ownership from control (IIA Standard 2110 – Governance). administered. employees. rights. directed. the internal auditor should (1) use a risk-based audit approach and not a control-based approach. 50. In order to meet the ERM implementation challenge. Choice (c) is the correct answer. and (4) review formal action plans developed by management as part of the ERM implementation. or controlled and to the goals for which it is being governed. (2) change their audit approach to focus on business risk. (3) focus on future events and not on past events). 49. and accountability of such stakeholder groups as owners. 48. administered. and (4) acquire competent skills to become an ERM facilitator and not use traditional accounting and auditing tools and skills (IIA Standard 2010 – Planning and IIA Standard 2120 – Risk Management). Corporate governance is concerned with the relative roles. They are not guarantors for shareholders (IIA Standard 2110 – Governance). Corporate governance refers to the methods by which a firm is being governed. (3) perform more effective follow-up on open ERM scorecards and metrics to increase management accountability. Traditionally. and others who assert to be stakeholders (IIA Standard 2110 – Governance). . metrics. internal auditors now (1) take a more business-oriented approach to audit company’s operations. (2) be a consultant to the ERM implementation team and not as a policeman. and oversight. Choice (a) is the correct answer. guidance. Choice (c) is the correct answer. and formal action plans are key part of the ERM infrastructure (IIA Standard 2010 – Planning and IIA Standard 2120 – Risk Management). 47. directed. managers. or controlled and to the goals for which it is being governed is based on the corporate charter (IIA Standard 2110 – Governance). In light of ERM implementation in improving corporate governance. Scorecards. the internal audit’s role has been to provide reliable. The method. Choice (c) is the correct answer.