1068.Dl - CGAP Exam Study Questions

Certified Government
Auditing Professional
(CGAP) EXAM Study
Questions
By Tom O’Connor
The Institute of Internal Auditors
Licensed to Customer No. . Re-distribution is prohibited.

Disclosure
Copyright © 2010 by The Institute of Internal Auditors Research Foundation (IIARF), 247 Maitland
Avenue, Altamonte Springs, Florida 32701-4201. All rights reserved. Printed in the United States of
America. No part of this publication may be reproduced, stored in a retrieval system, or transmitted
in any form by any means — electronic, mechanical, photocopying, recording, or otherwise — without
prior written permission of the publisher.
The IIARF publishes this document for informational and educational purposes. This document is
intended to provide information, but is not a substitute for legal or accounting advice. The IIARF
does not provide such advice and makes no warranty as to any legal or accounting results through its
publication of this document. When legal or accounting issues arise, professional assistance should
be sought and retained.
The Institute of Internal Auditors’ (IIA’s) International Professional Practices Framework (IPPF)
comprises the full range of existing and developing practice guidance for the profession. The IPPF
provides guidance to internal auditors globally and paves the way to world-class internal auditing.
The mission of The IIARF is to expand knowledge and understanding of internal auditing by provid-
ing relevant research and educational products to advance the profession globally.
The IIA and The IIARF work in partnership with researchers from around the globe who conduct
valuable studies on critical issues affecting today’s business world. Much of the content presented in
their final reports is a result of IIARF-funded research and prepared as a service to The Foundation
and the internal audit profession. Expressed opinions, interpretations, or points of view represent a
consensus of the researchers and do not necessarily reflect or represent the official position or policies
of The IIA or The IIARF.
ISBN 978-0-89413-683-2
3/10 First Printing
11/10 Second Printing

Contents
Foreword............................................................................................................................................v
Abbreviations . .................................................................................................................................vii
Certified Government Auditing Professional (CGAP) Exam Topic Outline........................................1
Domain I
Standards, Governance, and Risk/Control Frameworks Exam Study Questions.............................. I-1
Solutions........................................................................................................................................ I-13
Domain II
Government Auditing Practice Exam Study Questions...................................................................II-1
Solutions.......................................................................................................................................II-17
Domain III
Government Auditing Skills and Techniques Exam Study Questions............................................ III-1
Solutions..................................................................................................................................... III-15
Domain IV
Government Auditing Environment Exam Study Questions..........................................................IV-1
Solutions......................................................................................................................................IV-15
iii

foreword
The one-part Certified Government Auditing Professional® (CGAP®) exam includes 125 multiple-
choice questions, covers four domains, and requires a completion time of three hours and 15 minutes.
The exam includes questions on INTOSAI government auditing standards. Candidates who regis-
tered to take the exam in the United States (U.S.) will receive a local version with questions on U.S.
Government Auditing Standards (Yellow Book).
This book includes questions for both U.S. and international candidates. U.S. candidates will find
U.S.-specific questions denoted with a .
CGAP Exam Study Questions is intended to familiarize interested parties with the content and format of
the CGAP exam. It is not meant to replace the material supplied by providers of CGAP exam review
materials. A current or future CGAP exam candidate’s success or failure in answering these questions
should not be taken as any form of guarantee of that candidate’s results on an actual CGAP exam.
If there are any significant changes in the format or content of the CGAP exam in the future, the
Certification Department will make those changes known through its Web site (www.theiia.org/certifica-
tion) and/or through mailings to current CGAP candidates.
For further information on the CGAP program, please visit the “Certification” heading on the Web
site listed above.

ABBREVIATIONS
ABC: Activity-based costing

ADPE: Automated data processing equipment
AICPA: American Institute of Certified Public Accountants
AKA: Also known as
APG: Annual performance goal
BA: Basis of accounting (used by GASB for U.S. state and local accounting)
CAE: Chief audit executive
CAFR: Comprehensive Annual Financial Report (a GASB term)
CEO: Chief executive officer
CFO: Chief financial officer
CGAP: Certified Government Auditing Professional
CICA: Canadian Institute of Chartered Accountants
CoCo: Criteria of Control, the CICA internal control concept, later termed RMG
COSO: Committee of Sponsoring Organizations of the Treadway Commission (internal control
concept)
CPA: Certified Public Accountant
DEA: Data envelope analysis
DMV: Department of Motor Vehicles
ERM: Enterprise (enterprise-wide) risk management
FASAB: Federal Accounting Standards Advisory Board (sets GAAP for the U.S. federal
government)
FASB: Financial Accounting Standards Board (sets GAAP for the private sector in the U.S.)
FFP: Firm fixed price, a type of government contract
FTEs: Full-time equivalents, a personnel term related to resource measurement
GAAP: Generally Accepted Accounting Principles
GAAS: Generally Accepted Auditing Standards, set by the AICPA
GAGAS: Generally Accepted Government Auditing Standards
GAO: U.S. Government Accountability Office, formerly the General Accounting Office
GASB: Governmental Accounting Standards Board (sets GAAP for U.S. state and local
governments)
vii

Certified Government Auditing Professional (CGAP) Exam Study Questions
GO: General obligation, a type of bond backed by the “full faith and credit” of the
government entity
GOCO: Government-owned, contractor-operated
GOGO: Government-owned, government-operated
GPRA: Government Performance and Results Act of 1993, a U.S. federal law related to
performance
IAASB: International Auditing and Assurance Standards Board, part of the IFAC
ICQs: Internal control questionnaires
IFAC: International Federation of Accountants
IIA: The Institute of Internal Auditors
INTOSAI: International Organization of Supreme Audit Institutions
IPPF: International Professional Practices Framework, from The IIA
IPSASB: International Public Sector Accounting Standards Board (related to IFAC)
ISA: International Standards on Auditing, set by the IAASB/IFAC
ISAE: International Standard on Assurance Engagements, set by the IAASB/IFAC
ISRS: International Standards on Related Services, set by the IAASB/IFAC
MD&A: Management Discussion and Analysis, narrative part of an annual financial report
MF: Measurement focus, a term used by GASB in establishing GAAP
OMB: Office of Management and Budget, a central U.S. federal agency
PSP: Public sector perspective, an IFAC term
RFP: Request for Proposal, a procurement term
RMG: Risk management and governance, an internal control term from the CICA
SAI: Supreme Audit Institution
SEA: Service Efforts and Accomplishments, a performance measurement term from the
GASB
UN: United Nations
USAID: U.S. Agency for International Development
viii

Certified Government Auditing
Professional (CGAP) Exam Topic Outline
Domain I — Standards, Governance, and

Risk/Control Frameworks (10-20%)
A. Standards
1. Role of a comprehensive set of auditing/evaluation standards (A)
2. Application of appropriate standards in all assignments (P)
3. Role and impact of other auditing standards (standards of public accounting bodies,
quality assurance bodies, etc.) and their relationship with the above standards (A)
B. Governance
1. Governance in the public sector (e.g., audit committee, code of conduct, open government,
public scrutiny, equity, accountability) (P)
2. Role of audit within the governance structure (P)
C. Risk/Control Frameworks (e.g., COSO, CoCo)
1. Role of frameworks (A)
2. Elements of a risk/control framework (P)
3. Application of frameworks (P)
D. IIA Code of Ethics (P)
P=C
andidates must exhibit proficiency (thorough understanding; ability to apply concepts) in
these topic areas.
A = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these

topic areas.
Domain II — Government Auditing Practice (35-45%)

A. Management of the Audit Function
1. Need for a formal document of purpose, authority, and responsibility (P)

2. Policies and procedures (A)
3. Quality assurance (A)
4. Planning (A)
5. Staffing (A)
6. Marketing the audit function (A)
7. Mission/role/outcome of audit function within government (A)
B. Types of Audit Services
1. Audits of compliance (P)
2. Audits of performance/value-for-money/operations (e.g., economy, efficiency, effectiveness)

(P)
3. Audits of financial statements (A)
4. Audits of financial systems (P)
5. Audits of information and related technology (P)
6. Consulting/assistance services (e.g., nonaudit advisory services) (A)
7. Integrity services (e.g., fraud, waste, and abuse) (P)
C. Processes for Delivery of Audit Services
1. Management of individual projects (P)
2. Planning (The role of laws, regulations, rules, and ordinances in your planning process
should be considered in the planning process) (P)
3. Risk and control assessment practices (P)
4. Performing the engagement (P)
5. Communicating results (P)
6. Monitoring results (follow-up) (P)
P = Candidates must exhibit proficiency (thorough understanding; ability to apply concepts) in

these topic areas.

topic areas.

Certified Government Auditing Professional (CGAP) Exam Topic Outline
Domain III — Government Auditing

Skills and Techniques (20-25%)
A. Management Concepts and Techniques (A)
B. Performance Measurement (P)
C. Program Evaluation (A)
D. Quantitative Methods (e.g., statistical methods and analytical review) (P)
E. Qualitative Methods (e.g., questionnaires, interviews, and flow charts) (P)
F. Methods for the Identification and Investigation of Integrity Violations (P)
G. Research/Data Collection Techniques (P)
H. Analytical Skills (e.g., distinguish between significant and insignificant information) (P)
P=C
these topic areas.

topic areas.
Domain IV — Government Auditing Environment (20-25%)

A. Performance Management (P)
B. Financial Management
1. Unique requirements in accounting for and reporting on government financial operations

(P)
2. Principles of taxation and revenue generation (P)
3. Unique aspects of governmental budgeting (e.g., encumbrances, earmarking) (P)
4. Government accounting (e.g., fund accounting, resource accounting) (P)
5. Legal restrictions on sources and uses of funds (e.g., voted funds, conditional grants,
revenues) (A)
6. Investment restrictions for public funds (A)
7. Activity-based costing/cost-allocation (A)

C. Implications of Various Service Delivery Methods
1. Direct delivery by government employees (P)
2. Grants (P)
3. Contracts (P)
4. Joint Ventures/Partnerships/Authorities/Special Operating Agencies/Quasi-governmental

(A)
5. Privatization (A)
D. Implications of Delivering Services to Citizens
1. Due process rights of clients/citizens (P)
2. Confidentiality/privacy/rights of clients/citizens (P)
3. Issues arising from the methods of funding/delivering services (condition that the client
receiving the services may not be the party paying for the services; ability-to-pay principle;
user pay; eligibility requirements; limitations on services available; entitlements; etc.) (A)
4. Reality of conflicting missions (e.g., satisfy both developers and environmentalists, keep
families together and kids safe) (A)
5. Issues associated with at-risk populations (e.g., multiple, interacting causes and conditions;
difficulty of measuring prevention) (A)
E. Unique Characteristics of Human Resources Management (A)
F. Unique Purchasing and Procurement Requirements (P)
P=C
these topic areas.

topic areas.

Certified Government AuditinG
ProfessionAl (CGAP) eXAm study Questions
domAin i — stAndArds, GovernAnCe,

And risK/Control frAmeworKs
1. Which of the following statements about the government auditor’s use of audit standards is least
accurate?
a. Government auditors may be subject to a variety or range of audit standards.

b. Government auditors are not subject to audit standards for some types of work.
c. If the audit organization follows The Institute of Internal Auditors’ (IIA’s) International
Standards for the Professional Practice of Internal Auditing (Standards), those Standards
prevail over laws and regulations.
d. Different sets of audit standards that might be followed have many similarities.
2. Which of the following statements regarding Government Auditing Standards is the least
accurate?
a. Government Auditing Standards state that The IIA’s Standards may be used in conjunction
with Government Auditing Standards, but, if inconsistencies exist, Government Auditing
Standards prevail if cited in the report.
b. In the U.S., following Government Auditing Standards is statutorily required at the federal
level and for certain audits at lower levels of government.
c. Since the Government Auditing Standards focus is on the auditor, Government Auditing
Standards are silent on both the role of management and on nonaudit work by auditors.
d. Government Auditing Standards contain requirements for audit reporting on internal
control but do not require the auditor to render an opinion on internal control.
3. Audits at the federal, state, or local levels of government in the U.S. are:
a. Always subject to both IIA Standards and Generally Accepted Government Auditing
Standards (GAGAS).
b. Subject to only GAGAS.
c. Most commonly subject to Generally Accepted Auditing Standards (GAAS).
d. Influenced by a myriad of issues (e.g., federal, state, and local laws, audit requirements, and
policies of the audit organization).
I-1

4. The two sets of audit standards that generally apply to government audits in the U.S. are
issued by:
a. The U.S. Congress and the United Nations (UN).

b. The International Organization of Supreme Audit Institutions (INTOSAI) and the U.S.
comptroller general.
c. The IIA and the American Institute of Certified Public Accountants (AICPA).
d. The U.S. comptroller general and the AICPA.
5. In addition to audit standards that generally apply in a government environment, other

standards that may be used in performance audits in countries outside the U.S. include:
a. The IIA’s Standards.

b. INTOSAI standards.
c. International Standards on Auditing (ISA) from the International Federation of
Accountants (IFAC).
d. a. and b.
e. a., b., and c.
6. The AICPA’s GAAS are primarily associated with:
a. Performance audits.
b. Consulting services.
c. Assistance to oversight bodies.
d. Financial statement audits.
7. If IFAC’s ISAs are being followed, any ISA will fully apply unless:
a. The IFAC has issued an amendment stating explicitly that the ISA does not apply.
b. The supreme audit institution (SAI) makes a formal written determination that the ISA need
not be followed.
c. The auditor in charge provides a written rationale in the audit documentation.
d. A public sector perspective — issued in the past — at the end of the ISA makes clear that
the ISA does not need to be followed.
8. Under Government Auditing Standards/GAGAS, which of the following statements about

personal impairments to independence is not true?
a. Preconceived ideas about an individual, organization, or program audited can be a personal

impairment.
b. All personal relationships with any employees of the client automatically create a personal
impairment.
c. Nonaudit (consulting) work that violates one of two “overarching principles” — (1) don’t
do management’s job, and (2) don’t audit your own work — is an impairment.
d. Even if the two principles in c. are not violated, it cannot be safely assumed that the personal
impairment caused by doing nonaudit work will not exist.
I-2

Domain I — Standards, Governance, and Risk/Control Frameworks
9. The IIA’s International Professional Practices Framework (IPPF) includes the following
definition: “The combination of processes and structures implemented by the board to inform,
direct, manage, and monitor the activities of the organization toward the achievement of its
objectives.” According to the IPPF, this a definition of:
a. Risk management.
b. Control environment.
c. Governance.
d. Compliance.
10. IFAC’s international framework does not cover all engagements. Of the following types of
engagements, that framework does cover:
a. Consulting engagements.
b. Preparation of tax returns without a conclusion or assurance.
c. Assurance engagements, whether the assurance is reasonable or limited.
d. Only reasonable assurance engagements.
11. Under INTOSAI Auditing Standards, which of the following represents a basic principle?
a. Prepare manuals and other written guidance and instructions concerning the conduct of
audits.
b. Review the efficiency and effectiveness of the SAI’s internal standards and procedures.
c. It is essential that auditors are independent and impartial, not only in fact but also in
appearance.
d. The SAI should apply its own judgment to the diverse situations that arise in the course of
government auditing.
12. The following statements refer to quality control (assessment) standards in the various
audit standards. Which statement is not true?
a. IFAC’s quality control standards apply to both the organization and the auditors.
b. INTOSAI standards, IIA Standards, and Government Auditing Standards all include the
same requirements for periodic external quality control reviews.
c. Both GAGAS and the IFAC standards specifically recognize that internal quality control
can vary based on the size and complexity of the audit organization.
d. When an audit organization seeks to enter into a contract to perform audit work in
accordance with GAGAS, the (potential) contractor should provide a copy of its external
quality control report to the contracting organization.
I-3

13. In comparing The IIA’s performance standards on “Communicating (Audit) Results” with
the GAGAS’s reporting standards for performance audits, which of the following statements
is not true?
a. Both The IIA and GAGAS encourage, but do not require, a statement that the report has
been done in accordance with applicable standards.
b. Both The IIA and GAGAS advocate that audit reports that are clear, concise, constructive,
and timely.
c. GAGAS requires the views of the responsible officials to be included in the report; The IIA
is not explicit in this regard.
d. GAGAS is explicit about report contents on (1) management (internal) controls and (2)
compliance with laws and regulations; The IIA is not explicit in this regard.
14. Which of the following statements about The IIA’s Implementation Standards is not true?
a. Implementation Standards apply to internal audit activity generally in the same way as
Attribute and Performance Standards do.
b. Implementation standards are issued separately for (1) assurance, and (2) consulting
engagements.
c. Implementation standards apply the Attribute and Performance Standards to specific types
of engagements.
d. Implementation Standards are mandatory.
15. Which of the following alternatives represent (1) an accurate IIA definition of the term “residual
risk,” and (2) an accurate statement of how The IIA views the auditor’s responsibility for residual
risk?
a. The risk remaining after management takes action to reduce the impact and likelihood of
an adverse event, including control activities in responding to a risk. The auditor has no
specific responsibility.
b. Same definition as in a. If the chief audit executive (CAE) believes management has accepted
too high a level of risk, the CAE should discuss the situation with senior management and
perhaps report the matter to the board.
c. The possibility of an event occurring that will have an impact on the achievement of
objectives — measured in terms of impact and likelihood. The auditor has no specific
responsibility.
d. Same definition as in c. The auditor should report all details to the board annually.
16. Which of the following elements of the IPPF provides the most detailed guidance for conducting
internal audit activities?
a. Position Papers.
b. Practice Guides.
c. The Code of Ethics.
d. Practice Advisories.
I-4

17. Which of the following statements about GAGAS is not true?
a. General standards relate to both performance and financial audits.

b. Fieldwork standards for performance audits address: planning, supervision, evidence, and
audit documentation.
c. Reporting standards for performance audits address: form, report contents, report quality
elements, and report issuance and distribution.
d. GAGAS adds to the AICPA’s GAAS for financial audits for fieldwork but not for reporting.
18. In an audit being conducted under GAGAS, one auditor under consideration for the
assignment — to review aspects of research — has many close personal friends at the
agency’s primary research laboratory and has even assisted in some lab tests. In considering
this possible assignment, what is the best of the following?
a. Auditors have a right to their views, so no question exists regarding standards.

b. If the auditor in question has no financial interest, his assignment is okay.
c. The auditor’s preconceived views may bias the audit, and violate the independence standard.
d. Auditors should have a healthy skepticism, so his views are beneficial.
19. An auditor with extensive previous experience in financial statement audits of private
insurance companies is now a government employee and assigned to a financial statement
for an insurance program of the federal government. He advocates the use of materiality
levels the same as in his private sector audits. The best response is:
a. It is logical, especially since the auditor has very relevant past experience.
b. The auditor’s past experience should be of no relevance in this decision.
c. Under GAGAS, the auditor may set lower materiality levels.
d. GAGAS does not address this type of issue.
20. Which of the following best describes a preliminary survey used in the audit planning process?
a. A standardized questionnaire used to obtain an understanding of management objectives.

b. A statistical sample to review key employee attitudes, skills, and knowledge.
c. A walk-through of the financial control system to identify risks and the controls that can
address those risks.
d. A process used to become familiar with activities and risks in order to identify areas for
audit emphasis.
21. Under GAAS, in a financial statement audit, the auditor’s report must include all of the
following except:
a. State whether the statements have been prepared in accordance with Generally Accepted
Accounting Principles (GAAP).
b. State whether accounting principles have been applied consistently with the prior year.
c. The auditors’ opinion or disclaimer on the statement presentation.
d. The auditors’ opinion on the accuracy of performance information.
I-5

22. If an auditor expresses an adverse opinion in a financial statement audit, it essentially means:
a. The statements are materially misstated.

b. The statements do not fairly present the financial position and results of operation.
c. The audited entity did not follow GAAP.
d. The auditor found many serious weaknesses in internal controls.
23. In a financial statement audit of an entity, which of the following laws would be most likely to be
reviewed for compliance?
a. Occupational Safety and Health Act.

b. Appropriations Acts.
c. Superfund (environment).
d. Freedom of Information Act.
24. Under GAGAS/GAAS, in the auditor’s consideration of internal controls in a financial

statement audit, list the following control weaknesses from the most serious to the least
serious.
a. Significant deficiency, material weakness, discussed in a management letter.

b. Material weakness, significant deficiency, discussed in a management letter.
c. Discussed in a management letter, reportable condition, material weakness.
d. All three are of equal seriousness.
25. Under GAGAS, which of the following is not likely to be a performance audit focusing on
economy and efficiency?
a. Compliance with laws on “managing for results.”

b. Compliance with laws on adequate competition in procurement.
c. Adequacy of the use of value engineering/value analysis.
d. Use of “just-in-time” inventory management practices.
26. The International Organization of Supreme Audit Institutions (INTOSAI) has issued its own
standards. Which of the following statements about INTOSAI standards is not true?
a. INTOSAI has established “basic principles,” as well as three categories of standards — general,
field, and reporting.
b. INTOSAI’s general standards apply to both the auditor and the SAI.
c. INTOSAI’s reporting standards state that typically, in a performance audit, the auditor
should express an overall opinion on economy, efficiency, and effectiveness.
d. INTOSAI’s field standards address planning, supervision and review, study and evaluation
of internal control, and audit evidence.
I-6

27. The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s)

conceptual framework of internal control discusses the achievement of certain categories of
objectives. Those broad categories of objectives relate to:
a. Budget, financial management, and regulation.

b. Performance, general managerial, and custodial duties.
c. Operations, financial reporting, and compliance.
d. A broad range of unspecified but important areas of management.
28. The interrelated components specifically identified in the COSO framework that affect how well
objectives are achieved are:
a. Segregation of duties, written policies, competent personnel, and physical security.

b. Control environment, risk assessment, control activities, information and communication,
and monitoring.
c. Operations, financial reporting, and compliance.
d. Risk assessment, control objectives, and control techniques.
29. Assume an auditor is collecting information on the following general information in the early stage
of an audit: (1) top level management’s statements pro or con on internal control, (2) the client’s
Code of Ethics, (3) policies on recruiting, retention and training, (4) reporting relationships, and
(5) the agency’s relationships with central government agencies. Which component of internal
control is being assessed?
a. Risk assessment.
b. Monitoring.
c. Control activities.
d. Control environment.
30. Under the COSO framework, the notion of reasonable assurance in establishing internal controls
refers to:
a. Costs should not outweigh benefits.

b. Risks and management willingness to accept a level of risk.
c. The achievement of objectives.
d. All of the above.
31. The Canadian Institute of Chartered Accountants (CICA) has developed its own control
framework, separate from the COSO conceptual framework. CICA’s control framework is
referred to as Risk Management and Governance (RMG). Which of the following statements
about the RMG framework is true?not true?
a. The three RMG categories of objectives differ completely from those in COSO.
b. Under the RMG framework, control is seen as limited to just a very few elements of an
organization.
c. The ultimate responsibility for control is with the governing board.
d. The RMG framework will be replaced by the CICA’s Criteria of Control (CoCo).
I-7

32. The best reason for establishing a code of conduct within an organization is that such codes:
a. Are typically required by governments.

b. Express standards of individual behavior for members of the organization.
c. Provide a quantifiable basis for personnel evaluations.
d. Have tremendous public relations potential.
33. In applying the standards of conduct set forth in The IIA’s Code of Ethics, internal auditors are
expected to:
a. Exercise their individual judgment.

b. Compare them to standards of other professions.
c. Be guided by the desires of the client.
d. Use discretion in deciding whether to use them or not.
34. The Standards of Conduct set forth in The IIA’s Code of Ethics:
a. Provide basic principles in the practice of internal auditing.

b. Are guidelines to assist internal auditors in dealing with clients.
c. Are rules that must be obeyed in all circumstances.
d. Provide a general understanding of the responsibilities of internal auditing.
35. The IIA’s Code of Ethics requires IIA members to apply and uphold the following principles in
the performance of their duties:
a. Integrity, objectivity, confidentiality, and competency.

b. Timeliness, sobriety, and clarity.
c. Knowledge, skill, and discipline.
d. Punctuality, loyalty, and dignity.
36. Which of the following statements about ethics pronouncements from standard-setting bodies is
true?
a. IFAC has a single Code of Ethics, no matter how the accountant is employed.
b. INTOSAI has issued separately a Code of Ethics and Auditing Standards, but further
designates certain auditing standards as having ethical significance.
c. In explanations of the independence/objectivity standard, The IIA, IFAC and INTOSAI all
explicitly cite the need for political neutrality.
d. The standard-setting bodies’ Codes of Ethics includes requirements for a specific number
of hours of continuing education, although in differing numbers of hours.
I-8

37. The CGAP is working in a non-internal auditing position as the director of purchasing. The
CGAP signed a contract to procure a large order from the supplier with the best price, quality,
and performance. Shortly after signing the contract, the supplier presented the CGAP with a
gift of significant monetary value. Which of the following statements regarding whether the
acceptance of the gift is correct?
a. Acceptance of the gift would be prohibited only if it were non-customary.

b. Acceptance violates The IIA’s Code of Ethics and is prohibited for a CGAP.
c. Acceptance is governed only by the organization’s code of conduct.
d. The contract was signed before the gift was offered; therefore, acceptance would not violate
either the Code of Ethics or the organization’s code of conduct.
38. During the course of an audit, an auditor discovers that a clerk is embezzling government funds.
Although this is the first embezzlement ever encountered and the organization has a security
department, the auditor decides to personally interrogate the suspect. If the auditor is violating
the Code of Ethics, the rule violated is most likely:
a. Failing to show due diligence.

b. Lack of loyalty to the organization.
c. Lack of competence in this area.
d. Failing to comply with the law.
39. A new staff auditor was told to perform an audit in an area with which the auditor was not
familiar. Because of time constraints, there was no supervision of the audit. The auditor was
given the assignment because it represented a good learning experience, but the area was clearly
beyond the auditor’s competence. Nonetheless, the auditor prepared comprehensive working
papers and reported the results to management. In this situation:
a. The Standards were violated because an auditor without proficiency in the area was hired.
b. The audit department violated the Standards by not providing supervision.
c. The director of internal auditing has not violated the Code of Ethics since it does not
address supervision.
d. The Standards and the Code of Ethics were followed by the audit department.
40. In a review of travel and entertainment expenses, a CGAP questioned the business purposes of
an officer’s reimbursed travel expenses. The officer promised to compensate for the questioned
amounts by not claiming legitimate expenses in the future. If the officer makes good on the
promise, the internal auditor:
a. Can ignore the original charging of the non-business expenses.

b. Should inform the tax authorities.
c. Should still include the finding in the audit.
d. Should recommend the officer forfeit any frequent flyer miles received as part of the
questionable travel.
I-9

41. During an audit, an employee with whom you have developed a good working relationship
informs you that she has some information about top management that would be damaging
to the organization and may concern illegal activities. The employee does not want her name
associated with the release of the information. Which of the following actions would be considered
inconsistent with The IIA’s Code of Ethics and Standards?
a. Assure the employee that you can maintain her anonymity and listen to the information.
b. Suggest the employee consider talking to legal counsel.
c. Inform the employee that you will attempt to keep the source of information confidential
and will look into the matter.
d. Inform the employee of other methods of communicating this type of information.
42. An auditor has uncovered facts that could be interpreted as indicating unlawful activity on the
part of a client. The auditor decides not to inform senior management of these facts because of
lack of proof. The auditor, however, decides that if questions are raised regarding the omitted
facts, they will be answered fully and truthfully. In taking this action, the auditor:
a. Has not violated the Code of Ethics or the Standards because confidentiality takes
precedence over all other standards.
b. Has not violated the Code of Ethics or the Standards because the auditor is committed to
answering all questions fully and truthfully.
c. Has violated the Code of Ethics because unlawful acts should have been reported to avoid
the potential of aiding and abetting by the auditor.
d. Has violated the Standards because the auditor should inform the authorities if fraud may
be indicated.
43. CGAPs who fail to maintain their proficiency through continuing education could be found to
be in violation of:
a. The Statement of Responsibilities of Internal Auditing.

b. The IIA’s Standards.
c. The IIA’s Code of Ethics.
d. Both The IIA’s Standards and Code of Ethics.
44. A CGAP is found to have committed a very serious violation of The IIA’s Code of Ethics. Which
of the following describes the disciplinary action most likely to be imposed by The IIA? The
CGAP will most likely:
a. Be required to take up to 40 hours of appropriate continuing professional education courses.

b. Be required to retake the CGAP examination.
c. Forfeit his or her membership in The IIA and his/her standing as a CGAP.
d. Be assessed a fine not to exceed US $1,000.
I-10

45. Which of the following observations by an auditor are most likely to indicate the existence of
control weaknesses over safeguarding of assets?
I. A service department is not well located to provide service to other departments.

II. Employees hired for sensitive departments are not subjected to background checks.
III. Managers do not have access to reports that profile overall performance in relation to other
benchmarked organizations.
IV. Management has not taken corrective action to resolve past audit observations related to
inventory control.
a. I and II only.
b. I and IV only.
c. II and III only.
d. II and IV only.
46. A standardized audit program would not be appropriate for which of the following situations?
a. A stable operating environment undergoing only minimal changes.

b. A complex or changing operating environment.
c. Multiple branches with similar operations.
d. Subsequent inventory audits performed at the same location.
47. Enterprise risk management (ERM):
a. Guarantees achievement of organizational objectives.

b. Requires establishment of risk and control activities solely by auditors.
c. Involves the identification of events with both positive and negative impacts on organizational
objectives.
d. Includes selection of the best risk response for the organization.
48. Under INTOSAI standards, a regularity audit typically addresses all of the following except:
a. Expression of an opinion on the financial statements.

b. Audit of internal control and the internal audit function.
c. Evaluation of compliance with applicable statutes and regulations.
d. The overall efficiency and effectiveness of the client’s programs.
49. Under GAGAS, which of the following types of engagements has three levels of performance
(1) examination, (2) review, or (3) agreed-upon procedures?
a. Consulting.
b. Performance audit.
c. Attestation.
d. Financial audit.
I-11

50. Which of the following is the best statement of an audit objective?
a. To observe the physical inventory count.

b. To determine whether inventory stocks are sufficient to meet projected sales.
c. To search for the existence of obsolete inventory by computing inventory by product line.
d. To include information about “stockouts” in the final audit report.
I-12

SOLUTIONS FOR
Domain I — Standards, Governance,
and Risk/Control Frameworks
1. Solution: c
a. Incorrect. Government auditors can be subject to more than one set of standards.
b. Incorrect. Auditors doing nonaudit work are often not subject to audit standards. (Reference:
“Scope of framework” in the International Federation of Accountants [IFAC] handbook.)
c. Correct. The hierarchy of authority does not place audit standards above laws and
regulations.
d. Incorrect. Various standards have similar requirements, for example regarding auditor
independence, audit planning, the need for evidence, and other matters.
2. Solution: c
a. Incorrect. Per Government Auditing Standards para. 1.14, in this case, Government
Auditing Standards would prevail.
b. Incorrect. Per Government Auditing Standards paras. 1.03-1.04, many audits at the federal
level must adhere to Government Auditing Standards, and some audits at lower levels
voluntarily follow Government Auditing Standards.
c. Correct. Government Auditing Standards para. 1.02 discusses management’s role, and
paras. 1.33 and 3.25-3.30 discuss nonaudit work.
d. Incorrect. Per Government Auditing Standards paras. 4.03 and 5.07, opinions are an option,
not required.
3. Solution: d
a. Incorrect. State and local requirements vary, so do not always use GAGAS.
b. Incorrect. State and local auditors (and some federal ones) follow The IIA’s Standards or
other standards.
c. Incorrect. GAAS is issued by the AICPA and is applicable to financial statement audits and
attestations. Generally, GAAS does not address performance audits.
d. Correct. See Section I, A. 2 of The IIA’s CGAP Examination Study Guide.
I-13

4. Solution: d
a. Incorrect. For more than one reason, including the fact that neither the U.S. nor Congress
directly issues audit standards, and the U.S. would not follow UN standards.
b. Incorrect. INTOSAI applies in non-U.S. countries.
c. Incorrect. The IIA’s Standards is followed extensively in the private sector and at some
local or state levels, but not widely at the federal level of government. Also, the AICPA’s
standards are applicable to financial statement audits, and, while such audits are performed
in the government, other types of audits prevail.
d. Correct. The U.S. comptroller general heads the U.S. Government Accountability Office
(GAO), which issues Government Auditing Standards/GAGAS, which incorporates the
field and reporting standards of the AICPA for financial statement audits. Government
Auditing Standards/GAGAS is generally followed at the (very large) federal level, and by
many state and local governments.
5. Solution: d
a. Incorrect. The Standards is widely used outside the U.S., but option d. is inclusive of these
standards. These audits are somewhat like “performance audits.”
b. Incorrect. The INTOSAI standards are widely used by non-U.S. governments, and
specifically refer to “performance audits.”
c. Incorrect. The IFAC standards, while used by non-U.S. governments, are primarily related
to financial — not performance audits.
d. Correct. See explanations for options a., b., and c.
e. Incorrect. See explanations for options a., b., and c.
6. Solution: d
a. Incorrect. The AICPA standards relate to financial statement audits, and attestation
engagements — not performance audits.
b. Incorrect. The AICPA standards do not specifically address “consulting.”
c. Incorrect. The AICPA standards do not focus on “assistance to oversight bodies,” which is
more likely associated with audits done under Government Auditing Standards, INTOSAI,
or IIA Standards.
d. Correct. Financial statement audits are the main focus of the AICPA’s standards, although
the AICPA also issues standards for attestations.
7. Solution: d
a. Incorrect. IFAC does not issue this type of guidance via “amendments.”
b. Incorrect. SAIs do not have this flexibility in following the IFAC standards.
c. Incorrect. Auditors in charge do not have this type of individual flexibility.
d. Correct. In the past, IFAC has used public sector perspectives to modify how IFAC
standards are to be followed in a government audit. (As of 2009, the IFAC was in the process
of deleting public sector perspectives, and transitioning to “sector-neutral” standards, so
public sector perspectives will eventually no longer be used.)
I-14

Solutions for Domain I — Standards, Governance, and Risk/Control Frameworks
8. Solution: b
a. Incorrect. This is true, per Government Auditing Standards para. 3.07.e and f.
b. Correct. The use of “all” and “automatically” make this incorrect. There are restricting
parameters, per Government Auditing Standards para. 3.07.a.
c. Incorrect. This is true, per Government Auditing Standards para. 3.22.
d. Incorrect. This is true, per Government Auditing Standards paras. 3.25.b. and 3.30, which
discuss the possible need for the use of “supplemental safeguards.”
9. Solution: c
a. Incorrect. The definition of “risk management” is “a process to identify, assess, manage,

and control potential events or situations to provide reasonable assurance regarding the
achievement of the organization’s objectives.”
b. Incorrect. A brief definition of “control environment” is “the attitude and actions of the
board and management regarding the significance of control within the organization.”
c. Correct. See the glossary in The IIA’s IPPF.
d. Incorrect. Compliance relates to adhering to specific laws, regulations, contracts, agreements,
standards, etc.
10. Solution: c
a. Incorrect. The IFAC framework specifically excludes consulting in discussing the scope of
assurance engagements.
b. Incorrect. The IFAC framework also specifically excludes preparation of tax returns of this
type in discussing scope of assurance engagements.
c. Correct. The IFAC framework includes these two types of assurance engagements —
reasonable being positive, and limited being negative.
d. Incorrect. The IFAC framework covers both reasonable and limited assurance options.
(Note: In this question, reference is being made specifically to the IFAC framework for
assurance engagements. See IFAC’s definition of assurance.)
11. Solution: d
a. Incorrect. This is in the INTOSAI General Standards.

b. Incorrect. This is in the INTOSAI General Standards.
c. Incorrect. This is in the INTOSAI General Standards.
d. Correct. This is in the INTOSAI Basic Principles.
I-15

12. Solution: b
a. Incorrect. IFAC specifically states: “Quality control policies and procedures should be
implemented at both the level of the audit firm and on individual audits.”
b. Correct. The IIA’s Standards requires external quality control reviews every five years,
where Government Auditing Standards (U.S.) requires these reviews every three years. On
the other hand, INTOSAI does not set time frames and is less specific, but does refer to the
possibility of quality being enhanced by “independent appraisal.”
c. Incorrect. IFAC does recognize this variable.
d. Incorrect. This is true, per GAGAS para. 3.63.a. and b.
13. Solution: a
a. Correct. Government Auditing Standards, para. 8.30, states the specific language that
“should” be used when there has been compliance with all applicable standards, while IIA
Standard 1322 states that an equivalent must be used only if there is an “impact.”
b. Incorrect. This is a true statement, per IIA Standard 2420, and in the GAGAS’s supplemental
guidance on report quality elements.
c. Incorrect. This is a true statement, per GAGAS paras. 5.32-5.38 and 8.32-8.37. The
Standards does not have this requirement.
d. Incorrect. This is a true statement, per GAGAS paras. 5.05-5.17 and 8.19-8.23. The IIA’s
Standards does not have this explicit requirement.
14. Solution: a
a. Correct. Per The IIA, “There is one set of Attribute and Performance Standards; however,
there are multiple sets of Implementation Standards, a set for each of the major types of
internal audit activity.”
b. Incorrect. As noted in the explanation for option a., this is a true statement.
c. Incorrect. Again, as noted in the explanation for a., this is a true statement.
d. Incorrect. Standards — whether Attribute, Performance, or Implementation — delineate
“requirements” (i.e., are mandatory).
15. Solution: b
a. Incorrect. IIA Standard 2600 states that the CAE needs to consider whether senior
management has accepted a level of residual risk that the CAE considers possibly
unacceptable to the organization.
b. Correct. Under IIA Standard 2600, if the matter is not resolved, the CAE must report the
matter to the board for resolution.
c. Incorrect. Residual risk is defined as “the risk remaining after management takes action
to reduce the impact and likelihood of an adverse event, including control activities in
responding to a risk.” As noted above, the auditor has responsibilities.
d. Incorrect. The IIA’s Standards does not include a specific requirement for such annual
reporting.
I-16

16. Solution: b
a. Incorrect. Position Papers assist a wide range of interested parties, including those not in
internal auditing, to understand issues and delineate roles.
b. Correct. Practice Guides provide detailed guidance, including tools and techniques.
c. Incorrect. The Code of Ethics states the principles and expectations of behavior of those in
internal auditing.
d. Incorrect. Advisories address approaches, methodologies, and considerations, but do not
detail processes and procedures.
17. Solution: d
a. Incorrect. This is a true statement, per GAGAS para. 3.01.

b. Incorrect. This is a true statement, per GAGAS paras. 7.06-7.84.
c. Incorrect. This is a true statement, per GAGAS Chapter 8 and Appendix I.
d. Correct. GAGAS adds standards to the AICPA’s for both fieldwork and reporting, per
GAGAS Chapter 5.
18. Solution: c
a. Incorrect. The GAGAS General Standards, particularly regarding independence, need to

be considered.
b. Incorrect. GAGAS’s General Standards on independence goes beyond just considering
financial interests.
c. Correct. See GAGAS para. 3.07.e. and f. which note that biases can impair independence,
and, in this case, the bias would be being too friendly.
d. Incorrect. See the explanation for option c.
19. Solution: c
a. Incorrect. GAGAS standards and guidance go beyond mere logic.

b. Incorrect. Past experience may be relevant, but is not the only factor.
c. Correct. See GAGAS para. 4.26, which states that the use of lower materiality levels may
be appropriate due to factors such as public accountability in the government, laws and
regulations, and visibility of government programs.
d. Incorrect. As explained for option c., GAGAS does address this issue.
20. Solution: d
a. Incorrect. A questionnaire is a tool, sometimes used in a preliminary survey.

b. Incorrect. Statistical samples are an audit tool or technique.
c. Incorrect. A walk-through is a procedure, sometimes used in a survey.
d. Correct. This description is consistent with The IIA’s guidance. For example, refer to The
IIA’s Practice Advisory 2210.A1-1
I-17

21. Solution: d
a. Incorrect. Accordance with GAAP is a GAAS reporting standard, per GAGAS para. 5.03,
a.
b. Incorrect. Consistent application is a GAAS reporting standard, per GAGAS para. 5.03, b.
c. Incorrect. An opinion/disclaimer on the statements is a GAAS reporting standard, per
GAGAS para. 5.03, d.
d. Correct. An opinion on performance information is not a GAAS reporting standard, per
GAGAS para. 5.03.
22. Solution: b
a. Incorrect. This language somewhat overstates what an adverse opinion means. Option b. is
a more precise statement of the meaning.
b. Correct. Both INTOSAI and IFAC refer to possible adverse opinions, and this language
approximates the definitions the two organizations use.
c. Incorrect. This reference is to lack of conformance with accounting principles, and does not
clearly reflect the definition of the term adverse opinion.
d. Incorrect. An audit report can identify internal control weaknesses without necessarily
including an adverse opinion.
23. Solution: b
a. Incorrect. Noncompliance with this type of law would not have a “direct and material
effect” on the amounts on the financial statements.
b. Correct. Noncompliance with this type or law (which identifies the purpose, time, and
amount for which budget resources can be legally used) could have a direct and material
impact on the financial statements.
c. Incorrect. Same explanation as for option a.
d. Incorrect. Same explanation as for option a.
24. Solution: b
a. Incorrect. See explanation for correct option b.

b. Correct. “Material weaknesses” are the most serious and they are a subset of “significant
deficiencies,” while “significant deficiencies” are serious enough to be included in the formal
audit report. Less serious internal control weaknesses are reported, outside the formal
report, in a “management letter.”
c. Incorrect. See explanation for option b.
d. Incorrect. See explanation for option b.
(Note: These terms are adopted from the AICPA and used in GAGAS.)
I-18

25. Solution: a
a. Correct. “Managing for results” refers to laws and initiatives to improve program effectiveness
and is, thus, not primarily about economy and efficiency.
b. Incorrect. Competition is intended to lower costs, at good quality, so this audit would be
about economy.
c. Incorrect. Value engineering/analysis is intended to lower costs, so this also would be an
audit focused on economy and efficiency.
d. Incorrect. The “just-in-time” concept is also about lowering the costs of inventories, and
this is also about economy.
26. Solution: c
a. Incorrect. Per the INTOSAI standards, this is a true statement.

b. Incorrect. The INTOSAI has General Standards, and also a subset thereof called Standards
with Ethical Significance; that subset applies to both the SAI and the auditor.
c. Correct. INTOSAI’s description of performance audits includes consideration of aspects
of economy, efficiency, and effectiveness, but does not suggest that typically the auditor
would prepare an overall opinion.
d. Incorrect. These matters are addressed in INTOSAI’s field standards.
27. Solution: c
a. Incorrect. See explanation for correct option c.

b. Incorrect. See explanation for correct option c.
c. Correct. These are the three broad areas of objectives, and they are referred to in a many
professional publications, including The IIA’s CGAP review material.
d. Incorrect. See explanation for correct option c.
28. Solution: b
a. Incorrect. See explanation for correct option b.

b. Correct. These are the five interrelated components identified by the Treadway Commission
and now referred to in many professional publications, including The IIA’s review material.
c. Incorrect. See explanation for correct option b.
d. Incorrect. See explanation for correct option b.
29. Solution: d
a. Incorrect. This phrase refers to the risk of achieving organizational objectives.

b. Incorrect. This term refers to reviewing the process and modifying, if needed.
c. Incorrect. This phrase refers to specific control policies, procedures, and activities.
d. Correct. This phrase refers to management’s attitudes and actions regarding control. An
ineffective control environment can negate the other four interrelated components, referred
to in the COSO framework.
I-19

30. Solution: d
a. Incorrect. True, but incomplete, so option d. is better.

b. Incorrect. The IIA’s Standards do refer to the possibility of management’s acceptance of a
level of residual risk. Option d. is more complete and better.
c. Incorrect. Considering achievement of objectives is an integral part of the COSO model,
but option d. is more complete.
d. Correct. The notion of reasonable assurance recognizes that risk refers to the fact that
uncertainty and risk relate to the future, which no one can predict with certainty. This
notion incorporates all three of the other options.
31. Solution: cd
a. Incorrect. The categories of objectives (effectiveness and efficiency, reliability of reporting,

compliance) are very similar to the three objectives in the COSO model.
b. Incorrect. The RMG framework encompasses all elements of the organization, and, at the
highest level, the organization’s “objective” is its reason for existing, its mission. (Reference:
The IIA’s CGAP preparation material.)
c. Correct. The RMG framework recognizes that the governing board has ultimate
Incorrect.
responsibility for control.
d. Incorrect. This is the opposite ofwhat happened. RMG replaced CoCo.
InCorrect.
32. Solution: b
a. Incorrect. This is not a universal requirement by governments; even if it were, mere compli-
ance would not be the best reason.
b. Correct. A code of conduct, such as those of The IIA, INTOSAI, and IFAC, provide
principles and rules from which individuals make practical applications.
c. Incorrect. Codes of conduct are not quantifiable, and are not solely related to personnel
evaluations.
d. Incorrect. This is a very weak and superficial reason for having a code.
33. Solution: a
a. Correct. Since the standards of conduct are not set in concrete, internal auditors must exercise
individual judgment. The IIA notes that “because a particular conduct is not mentioned in
(its) Rules of Conduct does not prevent it from being unacceptable or discreditable….” The
IFAC states, “... the fundamental principles are of a general nature and are not intended to
be used to solve a professional accountant’s problems in a specific case.”
b. Incorrect. Internal auditors do not have this freedom.
c. Incorrect. Being guided by the client’s desires would be a superficial approach, and could
threaten the auditor’s adherence to independence.
d. Incorrect. Not using the Code of Ethics can lead to disciplinary action against the internal
auditor.
I-20

34. Solution: a
a. Correct. The IIA’s Code of Ethics includes Principles and Rules of Conduct.
b. Incorrect. This view could erode adherence to integrity and objectivity.
c. Incorrect. The IIA specifically recognizes that the rules are not inclusive of all situations
that can raise questions of acceptability or credibility.
d. Incorrect. This explanation is applicable to the Standards, not the Code of Ethics.
35. Solution: a
a. Correct. These four principles are cited in The IIA’s Code of Ethics.
b. Incorrect. These are not the principles cited in The IIA’s Code of Ethics.
c. Incorrect. These are not the principles cited in The IIA’s Code of Ethics.
d. Incorrect. These are not the principles cited in The IIA’s Code of Ethics.
36. Solution: b
a. Incorrect. IFAC’s Code of Ethics is in three parts — (A) all professional accountants, (B)
professional accountants in professional practice, (C) employed accountants.
b. Correct. INTOSAI does have these three segments.
c. Incorrect. Only INTOSAI explicitly cites the need for political neutrality.
d. Incorrect. While Codes of Ethics include general references to competency, requirements
for specific hours of continuing education are not included.
37. Solution: b
a. Incorrect. Acceptance of the gift could be (or appear to be) a violation of the principle of
objectivity. Whether it is non-customary is irrelevant.
b. Correct. Consistent with the principle of objectivity, the best assumption is that the
acceptance of a “significant” gift would be a violation.
c. Incorrect. CGAPs are subject to The IIA’s Code of Ethics.
d. Incorrect. This is an irrelevant consideration.
38. Solution: c
a. Incorrect. Possible lack of due diligence is not the primary concern here.
b. Incorrect. Nothing indicates the auditor lacked loyalty to the organization.
c. Correct. Under The IIA’s competency principle and related rule, internal auditors “shall
engage only in those services for which they have the necessary knowledge, skills, and
experience.” Auditors are not investigators and, therefore, are not presumed to be skilled in
interrogation.
d. Incorrect. Nothing indicates that the auditor did not comply with a law.
I-21

39. Solution: b
a. Incorrect. Audit organizations hire new employees who are later trained, formally and
informally, to gain needed proficiencies. Thus, hiring an auditor who would need further
training and development is not a violation.
b. Correct. IIA Standard 2340: Engagement Supervision, states engagements “must be properly
supervised to ensure objectives are achieved, quality is assured, and staff is developed.”
c. Incorrect. The IIA’s Code of Ethics requires (under the competency principle) that the
Standards be followed, and those standards include supervision.
d. Incorrect. See explanations for options a., b., and c. above.
40. Solution: c
a. Incorrect. The auditor would not be exercising due professional care.

b. Incorrect. The auditor should not take this step unilaterally. Under The IIA Attribute
Standards, the auditor needs to obtain skills, competencies, or knowledge if he/she does not
have them. IFAC has a similar requirement (ISA 250), and INTOSAI refers to the possible
need to consult “legal” experts, if needed.
c. Correct. Under the various audit standards, this is the most likely course of action to follow.
d. Incorrect. This would be a highly questionable recommendation, and would not solve the
issues of internal control or accountability of the traveler.
41. Solution: a
a. Correct. The IIA’s confidentiality principle recognizes that internal auditors may have a
“legal or professional obligation” to disclose such information.
b. Incorrect. This would not be inconsistent with The IIA’s Code of Ethics.
c. Incorrect. This would not be inconsistent with The IIA’s Code of Ethics.
d. Incorrect. This would not be inconsistent with The IIA’s Code of Ethics.
42. Solution: d
a. Incorrect. Under The IIA’s Code of Ethics, confidentiality is not identified as taking
precedence over the other three principles of integrity, objectivity, and competency.
b. Incorrect. Under Practice Advisory 1220-1, the internal auditor’s exercise of due
professional care, the auditor must consider the probability of significant errors, fraud, and
noncompliance.
c. Incorrect. The rationale of “avoiding the potential of aiding and abetting by the auditor”
does not have merit and is not discussed in the Standards.
d. Correct. See Standard 1220: Due Professional Care, and Practice Advisory 1220-1 discussed
under b. above. Also, Practice Advisory 2060-1 discusses fraud and illegal acts as significant
engagement objectives that should be reported to senior management and the board by the
CAE.
I-22

43. Solution: d
a. Incorrect. This is not a document relevant to this determination.

b. Incorrect. While true, this is incomplete, compared to option d.
c. Incorrect. While true, this is incomplete, compared to option d.
d. Correct. Standard 1230: Continuing Professional Development, states internal auditors must
enhance their knowledge, skills, and other competencies through continuing professional
development. The competency principle is similar.
44. Solution: c
a. Incorrect. Experience suggests this is not the most likely action.

b. Incorrect. Experience suggests this is not the most likely action.
c. Correct. Experience suggests this is the most likely action.
d. Incorrect. Experience suggests this is not the most likely action.
45. Solution: d
a. Incorrect. Roman numeral I. may indicate poor service but not a weakness in safeguarding
assets. Roman numeral II. is a potential weakness.
b. Incorrect. Again, I. does not indicate a potential weakness; IV. does.
c. Incorrect. Roman numeral III. is not a potential weakness; II. is.
d. Correct. Both II. and IV. put assets at potential risk.
46. Solution: b
a. Incorrect. A standard program is appropriate, and may save time.

b. Correct. Engagement objectives and related procedures may no longer be relevant.
c. Incorrect. A standard program is appropriate because procedures are repeated in similar
environments.
d. Incorrect. A standard program is appropriate, assuming inventory functions have no varied
substantially.
47. Solution: c
a. Incorrect. ERM strives for reasonable assurance, not guarantees.

b. Incorrect. ERM is a tool for the board, management, and other personnel — not the
auditors. Auditors might review how well ERM is carried out.
c. Correct. ERM involves identifying events with both positive and negative impacts.
d. Incorrect. This is management’s role and not directly part of the ERM process.
(Note: See COSO’s Enterprise Risk Management — Integrated Framework, September
2004.)
I-23

48. Solution: d
a. Incorrect. The INTOSAI definition of regularity audits includes opinions.

b. Incorrect. The INTOSAI definition of regularity audits includes review of internal control
and the internal audit function.
c. Incorrect. The INTOSAI definition of regularity audits includes certain compliance reviews.
d. Correct. The INTOSAI definition of regularity audits does not include this.
49. Solution: c
a. Incorrect. These terms do not apply to consulting engagements.

b. Incorrect. These terms do not apply to performance audits.
c. Correct. These are the three categories of attestations engagements, according to the
AICPA, and as incorporated into GAGAS.
d. Incorrect. The primary result of a financial audit is the auditor’s opinion.
50. Solution: b
a. Incorrect. This is an audit procedure or audit step.

b. Correct. This is a typical example of an audit objective.
c. Incorrect. This is an audit procedure or audit step.
d. Incorrect. This is a determination made on how to prepare the audit report.
I-24

domAin ii — Government AuditinG PrACtiCe
1. Which of the following statements about integrity services provided by a government

auditor is not true?
a. It should not be necessary for the auditor to seek guidance from legal counsel, investigative
staff, or a law enforcement official.
b. If the auditor is dealing with alleged “abuse,” the auditor may not need to identify a law or
regulation to use as criteria.
c. “Fraud” can be defined as an illegal act and involves obtaining something of value through
willful misrepresentation.
d. Under Generally Accepted Government Auditing Standards (GAGAS) and Generally
Accepted Auditing Standards (GAAS), in assessing the risk of fraud, the auditor should
(1) ask management about the risk of fraud, and (2) hold a brainstorming session on the
audit team to consider ways that fraud might occur.
2. Which of the following statements about nonaudit services provided by government auditors
is true?
a. GAGAS state that government auditors may provide nonaudit services, but only if the
nonaudit services are performed strictly in compliance with GAGAS.
b. The Institute of Internal Auditors’ (IIA’s) International Standards for the Professional
Practice of Internal Auditing (Standards) and International Organization of Supreme Audit
Institutions (INTOSAI) standards address the auditor’s role in nonaudit services in exactly
the same manner.
c. If auditors are asked to provide training to management and/or staff, the training should be
restricted to areas related to controls over financial management.
d. An auditor’s role in control self-assessment may range from very limited to very extensive.
3. Which of the following statements on report timeliness most accurately reflects what the
audit standards require?
a. INTOSAI, the International Federation of Accountants (IFAC), GAGAS, and Standards

all set specific time frames, although the time frames differ.
b. Timeliness is not specifically addressed in any of the various sets of standards.
c. Timeliness of reports is emphasized in all sets of standards without specific time frames.
d. All sets of standards imply that, if a planned report date is missed, the audit report should
not be issued.
II-1

4. GAGAS/GAAS, IIA Standards, IFAC, and INTOSAI each describe the characteristics of
required audit evidence to be gathered. In this regard, which of the following statements is
true?
a. All these sets of standards specifically require relevant evidence.

b. All these sets of standards specifically require reliable evidence.
c. Under GAGAS, standards are the same for data obtained from computer-based systems,
regardless of whether the data are used for background purposes or as an integral part of
an audit finding.
d. Both INTOSAI and the Standards specifically state that evidence should be useful.
5. Assume a performance audit is being performed in accordance with GAGAS. The auditor’s
draft report includes the following sentence: “One thing is certain: The (client) cannot be
allowed to fail with this systems development effort as it has so often failed in past efforts.”
Which reporting standard may be violated?
a. None. The auditor is free to express a view.

b. Clarity. The auditor’s position is too vague.
c. Completeness. The conclusion seems too short.
d. Objectivity. The auditor is using unnecessary, inflammatory wording.
6. All of the following statements about an audit charter are true except one. Which statement is the
exception?
a. Audit charters can be characterized as the formal statement of purpose, authority, and
responsibility.
b. These charters should be in writing.
c. All government audit organizations are required to have a document called an audit charter.
d. The charter should include the process for hiring and dismissing auditors.
7. An audit at the U.S. State Department’s Passport Office includes the following audit program
steps:
I. Determine the average time from application to issuance of a passport.

II. Determine the average time state personnel spend on assuring that the applicant is entitled
to a passport.
III. Compare total revenues collected from fees to total costs of operation.
Which types of audit, or service, would this most likely be?
a. An efficiency audit.
b. A financial statement audit.
c. A quality audit.
d. Integrity services.
II-2

Domain II — Government Auditing Practice
8. An organization’s management perceives the need to make significant changes. Which of the
following factors is management least likely to be able to change?
a. The organization’s members.

b. The organization’s structure.
c. The organization’s environment.
d. The organization’s technology.
9. An adequate system of internal controls is most likely to detect fraud perpetrated by a:
a. Group of employees in collusion.

b. Single employee.
c. Group of managers in collusion.
d. Single manager.
10. Which of the following is the best reason for the chief audit executive (CAE) (or equivalent title)
in a government agency to consider management’s strategic plan in developing the annual audit
plan?
a. To ensure that the audit plan supports the overall agency objectives.
b. To ensure that the audit plan will be endorsed by senior management.
c. To make recommendations to improve the agency’s strategic plan.
d. To emphasize the importance of the audit function.
11. According to the GAGAS, __________ is a measure of the quality of evidence, and
encompasses the __________, ________, and ________ of support for audit findings and
conclusions.
a. Appropriateness, relevance, validity, and sufficiency.

b. Sufficiency, relevancy, validity, and reliability.
c. Competency, relevancy, validity, and reliability.
d. Appropriateness, relevancy, validity and reliability.
12. Financial statement auditors view financial statements as including management assertions
(explicit or implicit) as a framework for assessing internal controls. If the auditor is considering
whether the balance sheet includes obsolete inventory at historical cost, the most relevant
assertion is:
a. Rights and obligations.

b. Valuation.
c. Presentation and disclosure.
d. Completeness.
II-3

13. Under the Standards, an appropriate consulting activity performed by a government internal
audit organization is:
a. Designing systems of controls.

b. Drafting procedures for systems of controls.
c. Reviewing systems of controls before implementation.
d. Installing systems of controls.
14. Under GAGAS, provided the auditor does not violate two overarching principles and follows
appropriate safeguards, certain types of nonaudit (consulting) services may be provided by
the audit organization. Even so, the auditor would not be permitted to:
a. Propose adjusting and closing entries during an audit.

b. Maintain or prepare audited entities’ basic accounting records.
c. Provide human resources services to assist in the evaluation of potential candidates (short
of recommending single individuals for specific positions).
d. Assist a legislative body by developing questions for use at a hearing.
15. In a financial statement audit, the auditor considers the same concept to (1) narrow the amount
of transaction testing, (2) decide what constitutes a misstatement that would affect the audit
opinion, and (3) judge the seriousness of detected weaknesses in internal controls. That key
concept used by auditors in these various ways is:
a. Management assertions.
b. Materiality.
c. Sampling.
d. The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
framework.
16. Which of the following represents the correct order of the general methodology for auditing
internal accounting controls? Use the designations as follows: (a) identify functions and control
cycles, (b) walk through the process, (c) perform tests, and (d) flowchart the process.
a. (a), (c), (d), (b).

b. (c), (d), (b), (a).
c. (a), (b), (d), (c).
d. (d), (a), (b), (c).
II-4

17. Assume you are assessing internal control in an adjudicatory board which rules on whether
government procurements are proper and justifiable. The parties that appear before the board
include representatives of government procuring agencies and non-successful competing
companies. The chairman of the board initiates a new program (maybe outside of the board’s
authority) for people with disabilities throughout the government; he then tries to solicit funds
from the same agencies and companies who appear before the board. Also, to assist the new
program, the chairman “plays favorites” with board personnel and violates leave, travel, and
office renovation regulations — all to enhance his role in the new program. Under the COSO
conceptual framework, which internal control component should the auditor identify as being
of major concern?
a. Control environment.
b. Risk assessment.
c. Monitoring.
d. Control activities.
18. Effective internal controls start with the identification of the control objectives to be achieved
and then establishing the control techniques to assure achievement of the objectives. Which of
the following techniques would provide the most assurance of achieving an objective of assuring
that procurements are made economically?
a. Establishing a training program for employees on the newest technologies available.

b. Requiring that all procurements over US $5,000 be competitive.
c. Quality assurance procedures upon receipt of items procured.
d. Requiring that all procurements have a written authorization of some type.
19. For auditors, what is the most appropriate view of internal control questionnaires (ICQs)?
a. ICQs are a “necessary evil.”

b. ICQs provide the necessary support for deficiency findings.
c. ICQs can be a very useful tool, but auditors need to further assess the answers during the
audit.
d. ICQs have very little value in most cases.
20. Legislation applicable to the U.S. government requires that agency managers and officials (1)
assess their risks on an ongoing basis, (2) establish appropriate controls, and (3) annually provide
“statements of assurance” (to higher organizational levels) on the effectiveness of the controls.
To which of the COSO internal control component(s) does this legislative requirement most
directly relate?
a. Risk assessment and/or monitoring.

b. Control environment.
c. Control activities.
d. Information and communication.
II-5

21. The term process-based performance auditing, as described in some literature on government
audits:
a. Looks mainly for management arrangements and organizational structures that waste time
and resources, cause delays, and/or lead to errors.
b. Focuses on inputs, outputs, and outcomes (accomplishments).
c. Is primarily concerned with the impact of new programs or techniques.
d. Has solely a compliance orientation.
22. Assume you are an auditor assigned to audit of the U.S. Copyright Office, whose mission is to
examine and register copyrights. Your primary audit objective is to identify and document the
average time and unit cost to register a copyright. Into which of the following categories would
this engagement most appropriately fit?
a. Consulting services.
b. Internal control audit.
c. Process-based performance audit.
d. Measurement-based performance audit.
23. Under impact-based performance audit, as described in some literature on government audits,
the elements of a finding differ from the classical elements. The finding elements associated with
impact-based audits are:
a. Condition, criteria, cause, and effect.

b. Condition only.
c. Condition without the program, condition with the program, effect, and cause (the program
or intervention).
d. Condition and criteria.
24. Assume an audit of a school lunch program has dual audit objectives related to (1) the
reasonableness of prices paid for cafeteria requirements of all types, and (2) the adequacy
of meeting the nutritional needs of the children. In the GAGAS scheme of categorizing
audits, which of the following is most descriptive?
a. This is both a (1) financial and a (2) performance audit.

b. This is a performance audit with (1) economy and efficiency, and (2) program effectiveness
aspects.
c. This is a “value-for-money” audit.
d. This is partially (1) compliance and (2) performance audit.
25. Information technology general controls:
a. Are synonymous with applications controls.

b. Include administration controls, security controls, controls over computer operations, and
system software controls.
c. Include input processing and output controls.
d. Clearly exclude telecommunications controls.
II-6

26. Regarding information technology input controls, which of the following statements is not
accurate?
a. Validity tests reject data of abnormal amounts.

b. Completeness tests ensure that all required fields contain data.
c. Field tests ensure that only numeric data are entered in numeric fields.
d. Transaction logs are computerized records of input activities, and they provide an audit
trail.
27. Regarding information technology processing controls, which of the following statements is
accurate?
a. Header and trailer label information help ensure that the proper data was processed.
b. Echo checks compare input record counts to output to assure that all records were processed.
c. Record counts are the sending of automated verification messages between computer
systems to verify the receipt of data.
d. Check digit tests are typically considered a part of processing controls.
28. The CAE (or equivalent title) of a government audit office plans to make changes that may be
perceived negatively by the audit staff. The best way to reduce resistance would be to:
a. Develop the new approach fully before presenting it to the audit staff.
b. Ask the agency’s CEO to “buy in” to the changes, and then have him/her attend the meeting
where the changes are presented to the staff.
c. Approach the staff with the general idea and involve them in the development of the
changes.
d. Have the oversight body send a letter to all the staff announcing the change.
29. Areas that are likely to be included in the scope of an audit of systems development activities
include all the following except:
a. Adequacy of systems development standards and methodology.

b. Formal approval process for new and modified application systems.
c. Post-implementation review activities.
d. The results of a staff survey on the acceptability of the physical space.
30. Which of the following controls would be most clearly related to a physical security program for
information technology activities?
a. Controlling and monitoring system changes.

b. Disaster contingency plan.
c. Controlling procurement and maintenance of software licenses.
d. An edit for completeness tests.
II-7

31. The best reason as to why audit planning is important, particularly in performance audits, would
be:
a. Efficient use of audit resources and effective fulfillment of clear audit objectives.
b. It keeps upper-level audit management “busy.”
c. Auditors can better defend their work and justify budget requests.
d. It is a generally accepted practice in business.
32. Which of the following statements on risk management (consideration) most accurately
expresses the requirements of the various audit standards for government auditors?
a. Under INTOSAI, the audit organization’s entire audit program must be justified and
documented based on specific consideration of risks.
b. Under GAGAS, the auditor evaluates and documents risk considerations in exactly the
same manner in a financial statement audit as they do in a performance audit.
c. Under the Standards, auditors have a specific responsibility to monitor and evaluate the
organization’s risk management system, and to assist the organization in this regard.
d. INTOSAI, GAGAS, and the Standards have no differences in this regard.
33. In planning a performance program audit at the U.S. Environmental Protection Agency, an
auditor discovers that the authorizing legislation of a program calls for cleanup of toxic waste
throughout the United States. The program officials established an annual performance goal of
identifying 100 new toxic waste sites, and performing 50 new studies as how the sites could be
cleaned up. Which of the following observations should be of most interest to the auditor?
a. Program officials have a goal directly in line with the law.

b. Legislators may not have a valid basis for the law.
c. Program officials may not have a valid baseline in calling for the increases in the number of
identifications and studies.
d. The law is focused on an outcome (result), but the program officials have focused on an
output (activity).
34. Assume that a junior auditor drafts an audit objective for a performance audit. It reads, “To
probe into the economy, efficiency, and effectiveness of all programs for several years to isolate
and describe management problems.” If you were to critique this audit objective, which points
should you make?
a. Language is ambiguous.
b. Audit approach is biased.
c. Aspects to be audited are too general.
d. a., b., and c.
II-8

35. In deciding the scope of a performance audit, many factors need to be considered. Which of the
following should not be a significant factor in considering the audit scope?
a. Reporting date.
b. The audit universe.
c. Personal conflicts between auditors and clients.
d. Use of sampling.
36. Assume that a government auditor encounters a very unfriendly reception from the newly
appointed top official at the very small organization to be audited. The top official expresses
frustration, repeatedly insisting that the oversight body that requested the audit is “out to get
me” and “you are in their hip pocket!” At repeated meetings called by the top official, the auditor
responds in various ways. Which of these responses is the most appropriate?
a. Look, I know you think you have a very important government role, but I’ve audited all
over the government and your entity doesn’t amount to a “hill of beans.”
b. No verbal response — just affirmative body language.
c. I’m not in anybody’s “hip pocket” and I do not intend to be pushed around!
d. I appreciate your concerns. However, I’m not sure these kinds of meetings are productive
since, in any event, I have a responsibility to complete the audit as I see fit.
37. In the legislative process, when differences exist between versions of bills approved in the
two houses of a legislature, the type of committee that resolves the differences is called a
(an):
a. Special committee.
b. Budget committee.
c. Conference committee.
d. Authorizing committee.
38. Government agencies sometimes issue rules and regulations, which an auditor may encounter
in considering compliance aspects of an audit. Which of the following statements about
rules and regulations is most accurate?
a. The legislative body must formally approve rules and regulations.

b. Government agencies generally have very wide discretion in the rules and regulations they
issue.
c. Government agencies are extremely limited in their capacity to issue rules and regulations.
d. Rules and regulations have the same “force and effect” as law if the proper administrative
procedures are followed.
II-9

39. Assume the auditor finds that management of a very large organization has identified a risk that
low-cost supplies may be stolen by employees from a storage room to which a total maintenance
staff of 15 personnel has access. If management decides that the cost of added controls would
outweigh the benefits, what course of action is most appropriate for the auditor?
a. Drop the issue completely since management has accepted the risk.
b. Develop a deficiency finding to be reported.
c. Gather enough facts to determine whether management’s cost-benefit choice seems
reasonable.
d. Exclude the matter from the formal report, but informally suggest (1) a police background
check on nearby administrative staff, and (2) posting a list of those with access to the storage
room.
40. Using The IIA’s conceptual framework of categories relating to controls, supervisory review of a
subordinate’s workpapers to determine if applicable audit standards have been met would be:
a. Preventative.
b. Corrective.
c. Detective.
d. Directive.
41. Assume there is a performance audit at a government entity that makes loans to other countries
so they can procure U.S. products or items — the statutory goal being to expand U.S. exports.
The auditor has found that the entity is using a significant percentage of its loan authority to
finance large items (e.g., aircraft) that, at the time, are available only from U.S. manufacturers. The
auditor concludes that this is an unwise/ineffective use of the entity’s loan authority since the
foreign countries would need to come to U.S. makers, even if this entity did not offer the loans.
Which of the following recommendations to the entity would be most appropriate and effective?
a. Directly advise the pertinent U.S. makers that it will not approve any such loans in the
future.
b. Send a brief reminder and provide training to its loan officers on the statutory purposes of
the entity.
c. Require a formal determination and certification by entity officials at a mid-management
level, before approval of loans, that the particular export sale would not be possible without
this entity’s loan.
d. Seek a revision to the entity’s statutory authority that will clarify what types of exports
should be financed.
42. Valid reasons for having audit reports in retrievable form include all the following except:
a. To facilitate follow-up of recommendations.

b. To make available for public inspection.
c. To communicate audit results.
d. To assure corrective discipline.
II-10

43. A draft audit report includes a recommendation to implement an accounting standard related to
property, plant, and equipment. The client’s response includes concurrence in principle, but also
a plausible explanation that implementation of the accounting change would require US $50
million and three years implementation time. In deciding on the final recommendation, which of
the following is the most appropriate stance for the auditor to take?
a. Hold to the position that because the system is clearly needed, it should be implemented
sooner and at less cost.
b. While maintaining independence, realistically explore how much implementation of the
accounting change would cost, and how long it would take to implement.
c. Be willing to drop the recommendation if the system seems too costly or time-consuming.
d. Assume (safely) that the client is attempting to manipulate this audit to gain resources in
the next budget.
44. When interviewing an individual suspected of fraud, the interviewer should:
a. Ensure the suspect’s supervisor is present during the interview.

b. Lock the door to ensure no one will interrupt the interview.
c. Pay attention to the wording choices of the suspect.
d. Ask whether the suspect committed the fraud.
45. The top official at the audited entity is fulfilling all his statutory responsibilities, the entity is
operating reasonably effectively and economically, and the entity is complying with significant
applicable laws and regulations. However, despite running an overall productive entity, the top
official has engaged in various atypical management practices, such as (1) assigning the most
interesting cases to only a chosen few while others remain without work at times, (2) arbitrarily
denying leave to employees he dislikes while being very liberal with leave approval for those he
favors, and (3) lavishly renovating his own office space and that of the chosen few while leaving
other areas (e.g., the computer room) barely functional. What term might the auditor best use to
label these practices?
a. Material weaknesses.
b. Noncompliances.
c. Abuse.
d. Ethics violations.
46. Under GAGAS, the elements to be developed for a complete finding depend on the audit
objective. If the audit objective is “What level of full-time equivalents (FTEs) and what
activities will be financed next fiscal year if the Congress decides not to provide an
appropriation for (the agency) beyond that year?” What elements of a finding are needed
for a complete finding?
a. Condition and effect.

b. Condition only.
c. Condition, cause, criteria, and effect.
d. Cause and condition.
II-11

47. An auditor has an audit objective of determining how effective the controls are in preventing
unauthorized access to a government building where highly classified work is performed. The
building has security guards and visitors’ reception areas at each entrance. For this audit, a
primary audit technique would be:
a. Inquiry.
b. Observation.
c. Inspection of documents.
d. Analytical review.
48. Assume you have an audit objective that read, “To perform an in-depth study of the utilization
of all automatic data processing equipment (ADPE) throughout the U.S. government, including
all specialized ADPE on planes, ships, and spacecraft.”What concerns, if any, would you as an
auditor have?
a. The scope is unrealistic.

b. The performance aspect(s) is not identified.
c. The objective is not phrased as a question to be answered.
d. All three of the above would be of concern.
49. Which of the following should the auditor examine to determine whether only authorized
purchases are being made?
a. Invoice.
b. Purchase order.
c. Receiving report.
d. Relevant procedures manuals.
50. Assume you are on an audit in a foreign country where local employees of the U.S. government
are, by local law and tradition (and agreement with the U.S. government), entitled to voluntary
separation pay when they voluntarily resign. The amounts are based on a formula that considers
such factors as period of employment. You, as the auditor, determine that the separating locals
are being paid about 40 percent more than the agreement with the U.S. government stipulates.
About 20 locals who separated received an average of US $5,000 more than their entitlement,
and 10 more that will be separating soon have been told they will receive an average of US $6,000
more than their entitlement. What is the most appropriate course of action for the auditor?
a. Immediately advise the local controller not to pay the US $60,000 to the 10 separating
employees, and to attempt to get back the US $100,000 from those who separated.
b. Identify any relevant internal control weakness and make an appropriate recommendation.
c. Consider whether fraud may have occurred.
d. Take all actions as described in a., b., and c.
II-12

51. According to The IIA, which of the following statements about marketing the audit function is
the appropriate perspective for government auditors?
a. Primary customers are the general public.

b. Secondary customers are sponsors of audit work.
c. “Working with” customers and clients generally is viewed as at odds with the need for
independence.
d. In developing an annual audit plan, it is appropriate to obtain and consider the views of the
client’s top management.
52. All of the following audit objectives are for compliance audits except for one. Which one is the
exception?
a. What have federal agencies and contractors done regarding the subsection of the Privacy
Act related to statutory requirements for federal contractors?
b. Do the costs claimed by grantees (and paid to them) meet the criteria established in the
agency’s and the Office of Management and Budget’s (OMB’s) regulations?
c. What has been accomplished in the past year in Chicago under the Community Action
Program grant provided by the federal government?
d. Has agency X followed the requirements of the Federal Acquisition Regulation in its
procurement programs?
53. Assume the following audit objective for a performance audit: “What controls are prescribed to
assure accurate recording of employees’ annual leave?” What elements are needed for a complete
finding?
a. Condition only.
b. Criteria and condition.
c. Criteria, condition, and effect.
d. Criteria, condition, effect, and cause.
54. According to GAGAS, an audit objective for a performance audit includes the following:
a. An audit subject(s).
b. The performance aspect(s) to be developed.
c. The potential finding and elements to be developed.
d. a., b., and c.
II-13

55. Assume the auditor develops the following facts about a recreation center under audit:
I. An average of 1,340 individual visits per month.

II. Highest number of individual visits on any day has been 50.
III. The center does not schedule and announce events and activities.
IV. A survey showed that about 75 percent of the neighborhood residents had not visited the
center in the past year.
What element(s), if any, is missing to develop a traditional finding?
a. None.
b. Cause.
c. Effect.
d. Criteria.
56. A letter to the auditor in response to an inquiry is an example of:
a. Physical evidence.
b. Testimonial evidence.
c. Documentary evidence.
d. Analytical evidence.
57. Summaries in the audit documentation (workpapers) can be used to:
a. Promote efficient review by the supervisor.

b. Replace the detailed audit documentation for permanent retention.
c. Serve in place of a formal report to management.
d. Document the full development of conclusions and recommendations.
58. Which of the following is an example of documentary evidence?
a. A photograph of a client’s workplace.

b. A letter from a former employee alleging a fraud.
c. A page of the general ledger containing irregularities placed there by a perpetrator of a
fraudulent transaction.
d. An auditor’s workpaper explaining what fraudulent action occurred and how it occurred,
and computations as to the fraudulent amount.
59. A number of measures can be used to assess the benefits of government auditing. The least
appropriate of these measures would be:
a. Cost avoidance, reduction, or recovery.

b. Percentage of audit recommendations implemented and time required.
c. Quantity and nature of customer/client comments on draft reports.
d. Number of audited officials imprisoned.
II-14

60. A number of factors need to be considered by the audit organization in deciding the appropriate
level of audit follow-up. These factors include:
a. The amount of risk and exposure if the deficiency is left uncorrected.

b. The complexity of management’s corrective action plan.
c. The period of time that has elapsed since the audit report was issued.
d. a., b., and c.
61. Which of the following statements about nonaudit services provided by government auditors is
true?
a. The IIA’s Standards and INTOSAI standards address the auditor’s role in nonaudit services
in exactly the same manner.
b. If auditors are asked to provide training to management and/or staff, the training should be
restricted to areas related to controls over financial management.
c. An auditor’s role in control self-assessment may range from very limited to very extensive.
d. When performing nonaudit work under IIA Standards, the internal auditor has essentially
no need to be concerned about independence.
62. Which of the following statements on report timeliness most accurately reflects what the audit
standards require?
a. INTOSAI, IFAC, and The IIA’s Standards all set specific time frames, although the time
frames differ.
b. Timeliness is not specifically addressed in any of the various sets of standards.
c. Timeliness of reports is emphasized in all sets of standards without specific time frames.
d. All sets of standards imply that, if a planned report date is missed, the audit report should
not be issued.
63. The IIA’s Standards, IFAC, and INTOSAI each describe the characteristics of required audit
evidence to be gathered. In this regard, which of the following statements is not true?
a. All these sets of standards describe audit evidence needed with the same adjectives.
b. The IIA’s Standards calls for relevant information to support the conclusion and engagement
results.
c. IFAC focuses on evidence that is sufficient and appropriate.
d. INTOSAI calls for evidence to be competent, relevant, and reasonable.
64. Competent evidence is best described as evidence that:
a. Is reasonably free from error and bias and faithfully represents what it purports to represent.
b. Is obtained by observing people, property, and events.
c. Is supplementary to other evidence already gathered and tends to strengthen or confirm it.
d. Proves an intermediate fact, or group of facts, from which still other facts can be inferred.
II-15

65. Which of the following statements on risk management (consideration) most accurately expresses
the requirements of the various audit standards for government auditors?
a. Under INTOSAI, the audit organization’s entire audit program must be justified and
documented based on specific consideration of risks.
b. Under The IIA’s Standards, auditors have a specific responsibility to monitor and evaluate
the organization’s risk management system, and to assist the organization in this regard.
c. INTOSAI, IFAC, and The IIA’s Standards have no differences in this regard.
d. IFAC does not have a specific standard on risk assessment.
II-16

SOLUTIONS FOR
1. Solution: a
a. Correct. Audit standards recognize that auditors are not presumed to be skilled lawyers,
investigators, or law enforcement officials, and, therefore, may need to seek guidance in
performing integrity services.
b. Incorrect. Abuse involves behavior that is deficient or improper, but does not necessarily
involve fraud, violation of law, or a formal agreement. (See U.S. Government Accountability
Office’s [GAO’s] Government Auditing Standards.) The IIA’s CGAP review material
discusses abuse as one possible aspect of integrity services.
c. Incorrect. This approximates various definitions. See The IIA’s Standard 1210.A2 and
related Practice Advisory.
d. Incorrect. GAGAS incorporates GAAS fieldwork standards for financial statement audits,
which include these two requirements.
2. Solution: d
a. Incorrect. GAGAS considers consulting as nonaudit services, and auditors can perform
such work only if two overarching principles (do not do management’s role, do not audit
your own work) are not violated.
b. Incorrect. The Standards defines internal auditing as including (1) assurance and (2)
consulting engagements. INTOSAI recognizes that supreme audit institutions (SAIs) may
sometimes perform nonaudit work, and states the INTOSAI standards may not apply to
the nonaudit work. (Also, the U.S. GAO, in its audit standards, sees consulting engagements
as “nonaudit” work.)
c. Incorrect. As described in The IIA’s CGAP preparation material, training can legitimately
relate to areas such as performance measurement and other management principles.
d. Correct. Auditor’s can provide a variety of roles in a control self-assessment program, as
suggested in The IIA’s CGAP exam preparation material. The IIA’s Practice Advisory 2120.
A1-2 supports this view.
3. Solution: c
a. Incorrect. None of these standards set specific time frames for reporting.
b. Incorrect. Audit standards address the need for timeliness. For example, The IIA’s Standard
2420 requires “timely” communications. INTOSAI states that reports should be available
“promptly.”
c. Correct. See explanation for option b.
d. Incorrect. This is an overstatement of the requirement for timeliness.
II-17

4. Solution: b
a. Incorrect. GAGAS and IFAC call for sufficient, appropriate evidence. Sufficient is related
to the quantity and appropriateness is related to the quality of evidence (relevance can be
viewed as one aspect of appropriateness, but is subordinate to the main two adjectives).
b. Correct. Although using differing terms (IIA-reliable, INTOSAI-competent, IFAC-
reliability is a key aspect of appropriateness), reliability is emphasized in all three.
c. Incorrect. When evidence is integral to the audit findings, procedures for evaluating
information systems controls needs to more rigorous than if the evidence is presented as
background material in the report. In the latter case, the auditor perhaps would be making
an attribution to the sources of the data. See GAGAS para. 7.27 and 7.65.
d. Incorrect. The Standards refers to useful but INTOSAI does not.
5. Solution: d
a. Incorrect. GAGAS includes “report quality elements” in its supplemental guidance, which
suggest that tone of reports should not be overly aggressive and free-wheeling.
b. Incorrect. One of the GAGAS report quality elements is to be “clear”; however, the problem
here relates more to being “objective.”
c. Incorrect. Completeness is one of the report quality elements, but that concern is not
applicable to the problem here.
d. Correct. The report quality element of “objectivity” — being “balanced in content and
tone” — is most clearly violated in this case.
6. Solution: c
a. Incorrect. Based on The IIA’s Attribute Standard 1000.

b. Incorrect. Based on The IIA’s Practice Advisory 1000-1.
c. Correct. This is the exception. For many government audit organizations, laws and
regulations include similar content be included in audit charters.
d. Incorrect. This is an example of the content of an audit charter, as discussed in The IIA’s
CGAP exam review manual.
7. Solution: a
a. Correct. The primary interest of this audit is efficiency.

b. Incorrect. This audit is not about expressing an opinion on the financial statements.
c. Incorrect. There is no indication that quality is a primary concern of the audit.
d. Incorrect. This audit is not focused on the potential of fraud, waste, and/or abuse.
II-18

Solutions for Domain II — Government Auditing Practice
8. Solution: c
a. Incorrect. Members can be further developed, reassigned, or ultimately removed.

b. Incorrect. Changing the structure generally requires getting agreement from a number of
individuals and/or organizations.
c. Correct. This is the most difficult to change because it includes not only the internal
environment, but also the external environment, which is often beyond the control of
management.
d. Incorrect. New technologies, while perhaps subject to budgetary and other constraints, are
more susceptible to change than the external environment.
9. Solution: b
a. Incorrect. A group has a better chance of concealing a fraud than does an individual.
b. Correct. Segregation of duties and other control processes are more likely to detect fraud by
a single employee. Single employees may not have the opportunity and/or may be subject to
detection by other employees.
c. Incorrect. A group of managers has a better chance of overriding controls.
d. Incorrect. Even a single manager may be able to override controls.
10. Solution: a
a. Correct. Reference The IIA’s CGAP review manual: “The audit department should ensure
that its audit plan is aligned with the needs and expectations of its primary customers
(sponsors of audit work),” and “…work with (secondary) customers (those who use the
audit reports) to solve problems.”
b. Incorrect. If the CAE or equivalent seek “endorsement” of senior management, the CAE’s
independence may be subject to question.
c. Incorrect. Improving the agency’s strategic plan is not a primary reason for the CAE to
consider the agency’s strategic plan.
d. Incorrect. If perceived as being for this reason, the CAE may be seen as too self-serving or
seeking attention.
11. Solution: d
a. Incorrect. The last adjective should be reliability, per GAGAS para. 7.59.
b. Incorrect. Sufficiency relates to quantity, not quality.
c. Incorrect. Competency is not one of the two primary adjectives used by GAGAS to describe
the type of evidence used to support findings.
d. Correct. These are the words used in GAGAS para. 7.59.
II-19

12. Solution: b
a. Incorrect. The rights and obligations assertion relates to whether the entity holds or controls
the rights to assets, and liabilities are the obligations of the entity.
b. Correct. The valuation assertion relates to whether financial information is at appropriate
amounts per relevant accounting principles (e.g., Generally Accepted Accounting Principles
[GAAP]).
c. Incorrect. The presentation and disclosure assertion relates to appropriate disclosure and
presentation in the statements, in notes or as supplementary information.
d. Incorrect. The completion assertion relates to whether all amounts that should be shown on
the statements are, and that those that should not be are not.
(Reminder: These assertions relate to financial statement audits.)
13. Solution: c
a. Incorrect. This is a management role.

b. Incorrect. This is a management role.
c. Correct. The Standards (Practice Advisory 1120-1) cites review of controls before
implementation in systems as an example of an appropriate area of consulting.
d. Incorrect. This is a management role.
14. Solution: b
a. Incorrect. See GAGAS para. 3.28(a).

b. Correct. GAGAS para. 3.29(a) states that maintaining or preparing basic accounting
records would impair independence.
c. Incorrect. See GAGAS para. 3.28(f).
d. Incorrect. Auditors’ assistance to legislative bodies does not interfere with their independence.
15. Solution: b
a. Incorrect. In a financial statement audit, auditors view the statements as a set of

assertions — explicit and implicit — by management, so that the auditor can assess whether
those assertions are materially misstated.
b. Correct. Information is “material” if its omission or misstatement would influence the
decision of a prudent person using the information. Auditors use the concept in the three
presented above.
c. Incorrect. A procedure intended to allow conclusion based on looking at less than the total
information. Not the same as materiality.
d. Incorrect. The COSO framework was developed in the 1980s, and sees internal control as a
process intended to achieve objectives with five components.
II-20

16. Solution: c
a. Incorrect. The correct sequence is discussed in The IIA’s CGAP review.

b. Incorrect. The correct sequence is discussed in The IIA’s CGAP review.
c. Correct. The correct sequence is consistent with The IIA’s CGAP review.
d. Incorrect. The correct sequence is discussed in The IIA’s CGAP review.
17. Solution: a
a. Correct. Control environment is one of five internal control components related to

management attitudes and practices regarding internal control.
b. Incorrect. Risk assessment is the component wherein management explores the chance/
probability and consequences of events that threaten achieving objectives.
c. Incorrect. Monitoring is the component wherein management checks to see how effectively
controls are working, and whether modifications should be made.
d. Incorrect. Control activities is the component which refers to specific control policies,
practices, and techniques.
18. Solution: b
a. Incorrect. Training would perhaps make the procurement process more efficient.
b. Correct. Competition should reduce prices paid, leading to more economies.
c. Incorrect. Quality assurance procedures would perhaps lead to better quality.
d. Incorrect. Written authorizations would assure that all procurements are authorized.
19. Solution: c
a. Incorrect. This is a whimsical answer without substance.

b. Incorrect. Questionnaires alone would likely not provide necessary support for a deficiency
finding. The questionnaire would be a starting point.
c. Correct. The value of internal control questionnaires is endorsed in The IIA’s CGAP exam
review manual and widely recognized by auditors.
d. Incorrect. See the explanation for option c.
20. Solution: a
a. Correct. This law addresses two of the five interrelated components of COSO’s internal
control framework.
b. Incorrect. This law does not specifically address management’s attitudes and actions (i.e.,
control environment).
c. Incorrect. This law does not specifically address the detailed policies, practices, and
techniques (i.e., activities) used to carry out internal control.
d. Incorrect. This law does not specifically address the information and communication
approach used regarding internal control.
II-21

21. Solution: a
a. Correct. This description for process-based performance audits is consistent with certain
auditing literature (including from The IIA).
b. Incorrect. This is a description of a results-based approach to performance audits. (It also
includes the development of input data.)
c. Incorrect. This is a description of a results-based approach to performance auditing.
d. Incorrect. This is a compliance approach to a performance audit.
22. Solution: d
a. Incorrect. The nature and scope of this audit is not based on an agreement between the
auditor and management.
b. Incorrect. The primary focus of this audit is not internal control.
c. Incorrect. The primary focus of this audit is not the processes used.
d. Correct. The primary focus is on performance; in this case, quantitatively.
23. Solution: c
a. Incorrect. An impact-based approach does not require identification of criteria. Also,

condition is divided between with and without a program.
b. Incorrect. An impact-based approach requires identification of the effect/impact, and views
the cause as the program/intervention (known at the start).
c. Correct. The four classical elements are discussed in the CGAP exam review manual. The
impact-based approach is specifically recognized in GAGAS (see ending parts of paras.
7.75 and 7.76) and in other literature.
d. Incorrect. An impact-based approach identifies the impact/effect.
24. Solution: b
a. Incorrect. A financial audit involves expressing an opinion on statements, and that is not
involved in this audit.
b. Correct. Economy and efficiency and program effectiveness are subtypes of performance
audits, as defined by GAGAS. See paras. 1.28 and 1.29.
c. Incorrect. GAGAS uses the term “performance audit,” not “value-for-money” which is an
alternative term in some audit environments.
d. Incorrect. “Compliance” is cited in GAGAS (para. 1.31), but this audit is primarily about
economy, efficiency, and program effectiveness.
II-22

25. Solution: b
a. Incorrect. Applications controls are designed to prevent, detect, and correct errors and
irregularities as transactions flow through the application.
b. Correct. General controls apply to the entire computer operation and include the categories
mentioned. See The IIA’s CGAP material and other sources.
c. Incorrect. Input, processing, and output are types of application controls.
d. Incorrect. Telecommunications controls are a component of general controls. See The IIA’s
CGAP material and other sources.
26. Solution: a
a. Correct. Validity relates to whether an individual or organization is authorized, whereas

reasonableness tests reject abnormal amounts.
b. Incorrect. Completeness tests ensure that all required fields contain data.
c. Incorrect. Field tests ensure that only numeric data is entered into numeric fields and only
alpha data is entered into alpha fields.
d. Incorrect. Transaction logs maintain the history of input data and are used to recreate
transactions and determine when and who entered the transaction.
27. Solution: a
a. Correct. Header and trailer label information helps ensure that proper data was processed.
b. Incorrect. The definition given is for record counts.
c. Incorrect. The definition given is for echo checks.
d. Incorrect. Check digit tests are part of input controls.
28. Solution: c
a. Incorrect. Lack of participation can lead to resistance from the audit staff.
b. Incorrect. Lack of participation would likely be exacerbated by bringing in the CEO. This
may be seen by audit staff as inappropriate “pressure.”
c. Correct. This significant level of participation by the audit staff will reduce resistance.
d. Incorrect. An announcement from the oversight body — without participation and advance
communication — will lead to resistance.
29. Solution: d
a. Incorrect. Based on The IIA’s CGAP exam preparation material and other guidance.
b. Incorrect. Based on The IIA’s CGAP exam preparation material and other guidance.
c. Incorrect. Based on The IIA’s CGAP exam preparation material, systems development
material may include a review of post-implementation activities. (The authoritative source
is The IIA.)
d. Correct. Staff surveys of the acceptability of physical space are not likely in the scope.
II-23

30. Solution: b
a. Incorrect. Based on various sources, including from The IIA, system change procedures are
included in systems development.
b. Correct. Disaster contingency plans relate to assuring physical security.
c. Incorrect. While important, procurement and maintenance of software licenses are not
directly related to physical security.
d. Incorrect. Completeness tests are an element of input controls, not physical security.
31. Solution: a
a. Correct. Auditors can lose clear focus without clear audit objectives, sufficient advance
research, and audit procedures that are both effective and efficient. Sufficient planning
facilitates all of these.
b. Incorrect. Keeping upper-level audit management busy is a frivolous and unproductive
rationale for audit planning.
c. Incorrect. Explanations of the need for planned audits, as well as justifications for budgetary
needs, are not as important as the rationale in option a.
d. Incorrect. Audit planning activities are not performed simply because they are common
practice.
32. Solution: c
a. Incorrect. INTOSAI states that “the scope of the audit mandate will determine the scope
of the standards to be applied by the SAI.” INTOSAI recognizes that “constitution and
legislation” are important elements of deciding on audits. Consideration of risk is not
emphasized.
b. Incorrect. The approach and procedures for evaluating risk are more “structured” in a
financial statement audit than in a performance audit.
c. Correct. The IIA’s Standards place great emphasis in having the internal auditor consider
risk, control, and governance on an ongoing basis.
d. Incorrect. Refer to the explanations for options a. and b. While GAGAS address risk, they
also stress significance and other factors.
33. Solution: d
a. Incorrect. Goal alignment with the law, while important, would not be as important as
other observations.
b. Incorrect. Generally, the government auditor’s role is not to challenge those who enact the
relevant law.
c. Incorrect. Lack of a baseline, while important, would not be as important as other
observations.
d. Correct. Legislators and the general public have great interest in what is being achieved
(results), so the auditor would have the highest level of interest in why the focus is on output
(activity), not outcome.
II-24

34. Solution: d
a. Incorrect. “Economy, efficiency, and effectiveness” are ambiguous words. However, option
d. is inclusive of this criticism.
b. Incorrect. The objective is biased in assuming that “problems” exist. However, again, option
c. Incorrect. The objective includes general words (e.g., “management problems”), but option
d. Correct. See explanations for options a., b., and c.
35. Solution: c
a. Incorrect. Auditors need to consider the calendar days available to perform audit work.
b. Incorrect. Auditors need to consider the number of sites and time frames in deciding on the
audit scope.
c. Correct. Personal conflicts between auditors and clients are not appropriate considerations
in determining audit scope. (For example, the auditor should not include sites due to personal
dislike of program managers or to “punish” the manager for past lack of cooperation.)
d. Incorrect. The auditor’s possible use of sampling can legitimately be a consideration in
setting the audit scope.
36. Solution: d
a. Incorrect. A rude response to the top official of the client during the audit will likely impede
open and professional communication.
b. Incorrect. The top official of the client may well consider this a rude response as well,
especially if the “body language” was inappropriate.
c. Incorrect. A very confrontational response to the top official of the client will very likely
run a risk of shutting down communication.
d. Correct. This is a fairly balanced response and the best of the alternatives presented. Some
auditors may believe that this could be further improved by omitting the phrase “…as I see
fit.”
37. Solution: c
a. Incorrect. “Special” committee is not the name of the committee that reconciles differences
in bills passed in two legislative houses.
b. Incorrect. Budget committees in each house consider proposed budgets and do not have the
role of reconciling differences.
c. Correct. This is the term used in the U.S. Congress.
d. Incorrect. Authorizing committees in the U.S. Congress consider legislation to “authorize”
establishment and continuation of government programs.
II-25

38. Solution: d
a. Incorrect. Rules and regulations are issued by executive agencies.

b. Incorrect. Government agencies are constrained by relevant laws.
c. Incorrect. Government agencies can and do issue rules and regulations to a moderate degree.
d. Correct. Judicial bodies will interpret rules and regulations in this manner if issued in an
appropriate manner. Auditors may need to consider these.
39. Solution: c
a. Incorrect. Even if management states it is willing to accept the risk, the auditor still must
consider whether that acceptance is prudent. In a government, auditors may be unlikely to
agree that management’s acceptance of risk is prudent, since government largely operates
on taxes.
b. Incorrect. The auditor should not ignore management’s position and simply proceed to
development of a deficiency finding.
c. Correct. The auditor’s objective review of the costs and benefits of potential recommendations
is constructive and consistent with audit standards and guidance in auditing literature.
d. Incorrect. A police background check on certain personnel and posting of a list of names
would be unwarranted, and may raise legal issues on privacy.
40. Solution: c
a. Incorrect. Supervisory review after the fact cannot be preventative or preventive.

b. Incorrect. A corrective control might be a training arrangement on workpaper preparation.
Again, after-the-fact review cannot be corrective.
c. Correct. Detective. Supervisory review is designed to detect problems.
d. Incorrect. Directive. An example of a directive control would be a requirement for all
auditors promoted to a higher level to attain professional certification.
41. Solution: c
a. Incorrect. This recommendation would not be focused or action-oriented.

b. Incorrect. This recommendation would not be as direct as option c.
c. Correct. This recommendation would be directly and proactively focused on the likely cause
of the problem.
d. Incorrect. Attempting to be this specific in the law is often unworkable. Moreover, as a
practical matter, many audit organizations tend to avoid making recommendations to the
legislative body to modify laws.
42. Solution: d
a. Incorrect. Follow-up is a valid reason to have reports in retrievable form.

b. Incorrect. Availability for inspection is a valid reason to have retrievable reports.
c. Incorrect. Communication of audit results is a valid reason to have retrievable reports.
d. Correct. Corrective discipline can be administered whether or not reports are in retrievable
form. Moreover, decisions on discipline are not solely based on audit reports.
II-26

43. Solution: b
a. Incorrect. The auditor has a responsibility to realistically and fairly consider the comments
of the client.
b. Correct. Realistic consideration by the auditor of the time and cost required to implement
a proposed recommendation is appropriate.
c. Incorrect. The auditor needs to go beyond appearances, or what seems to be the case. The
auditor needs to perform a realistic assessment.
d. Incorrect. The auditor should exhibit professional skepticism, but not become cynical or
personally judgmental.
44. Solution: c
a. Incorrect. For various reasons, the suspect’s supervisor should not be in attendance. For
example, the supervisor may be involved in the fraud; even if not, the supervisor’s presence
could lessen the degree of open communication.
b. Incorrect. Locking the door may intimidate the suspect or lead to resistance.
c. Correct. Paying attention to wording choices is recommended in authoritative sources.
d. Incorrect. Per The IIA’s CGAP exam review manual, “Admissions of guilt should not be
coerced.” Other authoritative investigative guidance supports this view.
45. Solution: c
a. Incorrect. The term “material weakness” is specifically related to internal control deficiencies
identified in financial statement audits.
b. Incorrect. Certain of the activities described are inappropriate or questionable, but do not
violate specific laws or regulations.
c. Correct. Abuse is behavior that is deficient or improper when compared with the behavior of
a prudent person, and includes misuse of authority or position. Abuse does not necessarily
involve fraud or violation of a law.
d. Incorrect. Ethics involves values and principles, and such matters as conflicts of interest,
professional competence, and confidentiality. The activities and behaviors, in this case, are
more correctly seen as abuse.
46. Solution: b
a. Incorrect. GAGAS states that the number of elements required depends “entirely on the
objectives of the audit” (see para. 7.72). Only the condition element is needed to answer this
objective.
b. Correct. Refer to the explanation for a.
c. Incorrect. Refer to the explanation for a.
d. Incorrect. Refer to the explanation for a.
II-27

47. Solution: b
a. Incorrect. Inquiry would not be as effective as observation in assessing how effectively the
controls prevent unauthorized access.
b. Correct. Observation should be the most effective audit technique to determine how
effectively unauthorized entries are precluded. It would be most effective if the auditor can
observe without being observed.
c. Incorrect. Inspection of documents is likely ineffective due to the lack of documents.
d. Incorrect. Analytical review would not be a useful audit technique.
48. Solution: d
a. Incorrect. “Throughout the government…” is an unrealistic scope, but option d. is inclusive.

b. Incorrect. “Utilization” is not a specific performance aspect, but option d. is inclusive.
c. Incorrect. The objective is not framed as a question, but option d. is inclusive.
d. Correct. See explanations for a., b., and c.
49. Solution: b
a. Incorrect. Invoices show whether the charges were proper, but not authorization.
b. Correct. The purchase order is the classic control to determine authorization.
c. Incorrect. The receiving report shows what was received, not authorized.
d. Incorrect. Having adequate written manuals does not assure they are followed, so the
auditor reviews specific records, documents, and reports.
50. Solution: d
a. Incorrect. Seeking repayment is appropriate, but option d. is inclusive.

b. Incorrect. Identifying control weaknesses is appropriate, but option d. is inclusive.
c. Incorrect. Considering possible fraud is appropriate, but option d. is inclusive.
d. Correct. See explanations for a., b., and c.
51. Solution: d
a. Incorrect. The IIA identifies the general public as beneficiaries, not the primary customers.
b. Incorrect. The IIA identifies the secondary customers as those who directly use the reports
(the client’s high-level executives and managers).
c. Incorrect. Cooperation with clients can coexist with independence.
d. Correct. Obtaining and considering the views of top management recognizes that the
auditors are focused on achieving the client’s objectives.
II-28

52. Solution: c
a. Incorrect. This audit objective focuses on compliance with a law.

b. Incorrect. This audit objective focuses on compliance with a regulation.
c. Correct. This audit objective does not primarily involve compliance. It focuses on the
program, mostly on the condition element.
d. Incorrect. This audit objective focuses on compliance with a regulation.
53. Solution: a
a. Correct. Answering this objective completely will require only descriptive information.
b. Incorrect. Answering the specific objective will not require the identification of criteria.
c. Incorrect. The answer to the objective will not require criteria or effect.
d. Incorrect. The answer to the objective will not require cause, criteria, or effect.
(While the traditional or classical audit finding includes condition, criteria, effect, and cause —
and identifying these four is common practice — GAGAS states that the number of elements
for a complete finding depends on the audit objective.)
54. Solution: d
a. Incorrect. Audit “subject matter” is only one requirement. See GAGAS para. 7.08. Option
d. is a more complete statement.
b. Incorrect. “Performance aspects” is only one requirement. See a.
c. Incorrect. “Potential findings” and “elements” are incomplete. See a.
d. Correct. See GAGAS para. 7.08.
55. Solution: d
a. Incorrect. A traditional audit finding includes four elements — condition, criteria, cause,
and effect. The facts developed do not include criteria.
b. Incorrect. The “cause” is III. (lack of scheduled events…).
c. Incorrect. The effect is IV. (75 percent had not visited…).
d. Correct. I. and II. are “condition.” III. and IV. are “cause” and “effect,” respectively.
“Criteria” is absent.
56. Solution: b
a. Incorrect. Physical evidence is observed and documented by the auditor. (Example:

Observing the condition of a building.)
b. Correct. Testimonial evidence can be obtained in written form or by interview.
c. Incorrect. Documentary evidence is from the client’s records or documents. (Examples:
Contracts, memoranda, reports, etc.)
d. Incorrect. Analytical evidence is developed by the auditor.
II-29

57. Solution: a
a. Correct. The supervisor can review the summary and test the cross-indexing to the support,
without a need to review all the support.
b. Incorrect. The summary does not negate the need to retain detailed audit documentation.
c. Incorrect. An audit report is still usually required, and the report is typically in a different
format, intended to be useable by external users.
d. Incorrect. There can be “full” documentation without summaries.
58. Solution: c
a. Incorrect. A photo of the workplace is an example of physical evidence.

b. Incorrect. A letter from a former employee is testimonial evidence.
c. Correct. A page of the general ledger (the client’s records) is an example of documentary
evidence.
d. Incorrect. The auditor’s computations are analytical evidence.
59. Solution: d
a. Incorrect. Government audit organizations often “track” the monetary impact of their
audits and/or investigations.
b. Incorrect. Government audit organizations often report regularly on the implementation of
the audit recommendations.
c. Incorrect. Comments on draft reports can give an indication as to whether the auditor-
client working relationships are mutually beneficial.
d. Correct. This information may be available and interesting, but is not as useful as the above
three in assessing the benefits of government audits.
60. Solution: d
a. Incorrect. This factor is relevant, but option d. is inclusive.

b. Incorrect. This factor is relevant, but option d. is inclusive.
c. Incorrect. This factor is relevant, but option d. is inclusive.
d. Correct. The three factors mentioned above are all relevant in deciding the appropriate level
of follow-up on audit recommendations. These factors are discussed in The IIA’s CGAP
exam review material, and are consistent with actual practices in government auditing.
II-30

61. Solution: c
a. Incorrect. The IIA’s Standards defines internal auditing as including (1) assurance and (2)
consulting engagements. INTOSAI recognizes that SAIs may sometimes perform nonaudit
work, and states the INTOSAI standards may not apply to the nonaudit work. (Also, the
U.S. GAO, in its audit standards, sees consulting engagements as “nonaudit” work.)
b. Incorrect. As described in The IIA’s CGAP preparation material, training can legitimately
relate to areas such as performance measurement and other management principles.
c. Correct. Auditors can provide a variety of roles in a control self-assessment program, as
suggested in The IIA’s CGAP exam preparation material. The IIA’s Practice Advisory
2120-1 supports this view.
d. Incorrect. The internal auditor cannot ignore the need for independence. For example, see
Practice Advisory 1130.A2-1, paragraph 2.
62. Solution: c
a. Incorrect. None of these standards set specific time frames for reporting.
b. Incorrect. Audit standards address the need for timeliness. For example, The IIA’s Standard
2420 requires “timely” communications. INTOSAI states that reports should be available
“promptly.”
c. Correct. See explanation for option b.
d. Incorrect. This is an overstatement of the requirement for timeliness.
63. Solution: a
a. Correct. Although there is basic similarity, these three sets of standards use differing
adjectives to characterize the audit evidence needed.
b. Incorrect. This is true, per IIA Standard 2330.
c. Incorrect. This is true, per IFAC’s International Standard on Auditing (ISA).
d. Incorrect. This is true per INTOSAI’s field standard 3.5.
64. Solution: a
a. Correct. Based on definitions in The IIA’s CGAP review manual and in INTOSAI standards,
as well as the dictionary.
b. Incorrect. This characteristic relates to physical evidence.
c. Incorrect. This characteristic relates to corroborative evidence.
d. Incorrect. This vague characteristic is not a clear aspect of competent evidence.
II-31

65. Solution: b
a. Incorrect. INTOSAI states that “the scope of the audit mandate will determine the scope
of the standards to be applied by the SAI.” INTOSAI recognizes that “constitution and
legislation” are an important element of deciding on audit programs. Specific consideration
of risk is not required.
b. Correct. The IIA’s Standards places great emphasis on having the internal auditor consider
and advise management on risk, control, and governance.
c. Incorrect. Refer to the explanations for options a., b., and d.
d. Incorrect. See IFAC’s ISA 330, The Auditor’s Procedures in Response to Assessed Risks.
II-32

Certified Government Auditing
Professional (CGAP) EXAM Study Questions
DOMAIN III — Government Auditing

Skills and Techniques
1. Some behavioral models stress employee participation as a key to motivation. A limitation to the
participative approach is:
a. Workers are intrinsically lazy and must be driven.

b. A number of dissatisfiers must be present for the approach to work.
c. It is difficult to elicit the participation of all employees.
d. Unresolvable conflicts arise when a mature, capable, creative person joins a structured,
demanding, and limiting organization.
2. Which of the following is not an advantage of teamwork compared with work performed by
individuals?
a. Teams provide support to the team members.

b. Teams make decisions that are more likely accepted.
c. Teams provide a clear link between effort and outcome.
d. Teams control and discipline members.
3. The following statements represent characteristics about bureaucracy in the government. All
are generally positive characteristics except one, which can become a negative. Which is that
exception?
a. Division of labor allows each employee to have specific duties and functions.
b. Levels of authority are followed to make decisions.
c. Controls are properly and fairly emphasized.
d. A framework of rules gives employees direction.
4. Advantages of decentralization include all of the following except:
a. Decisions are more easily made.

b. Managers’ motivation increases.
c. Decisions are more uniform.
d. Problems can be dealt with on the spot.
III-1

5. Regarding centralized personnel systems in the government, all of the following statements are
true except one. Which one is the exception?
a. Key concepts pursued relate to merit and fairness.

b. Political patronage positions tend to decrease.
c. The personnel system addresses recruiting, selection, and compensation through termination.
d. Corrective discipline addresses performance, but not conduct/behavior or problems.
6. At the federal level of the U.S. government, which of the following statements about legisla-
tive mandates for performance measurement is true?
a. The Government Performance and Results Act (GPRA) of 1993 requires strategic plans
(for fiscal year 1999 and the future), annual performance plans, and annual performance
reports.
b. Since 1990, federal auditors have been statutorily required to annually audit the accuracy of
reported performance data.
c. Even though federal mandates have focused on performance measurement and reporting,
those mandates are silent on using performance information to formulate budgets.
d. The “landmark” Chief Financial Officers (CFO) Act of 1990, as amended, focuses on
financial accountability, but is silent on performance accountability.
7. For the U.S. National Park Service, documents prepared pursuant to federal statutory require-
ments include the following terms/phrases:
I. By five years in the future, 75 percent of parks meet preservation standards.

II. Percent of applicable standards met.
III. Managed by parks and cultural centers, etc.
IV. By next year, 68 percent of parks meet preservation standards.
Use the following designations: LTG = Long-term goal, APG = annual performance goal, PM =
performance measure, and S = strategy. Now, which order below matches the terms/phrases
above?
a. LTG, S, APG, PM.

b. LTG, PM, S, APG.
c. LTG, APG, S, PM.
d. LTG, PM, APG, S.
8. U.S. federal agencies’ strategic performance plans must include all of the following except:
a. A comprehensive mission statement.

b. A discussion of the strategies to achieve long-term goals and objectives.
c. An identification of key external factors that could affect goal achievement.
d. Detailed alignment with the agency budget.
III-2

Domain III — Government Auditing Skills and Techniques
9. The most authoritative source for guidance on how to measure and report performance at
the state and local levels in the United States is:
a. The Federal Accounting Standards Advisory Board (FASAB) and the Office of Management
and Budget (OMB).
b. The Government Performance and Results Act and related legislation.
c. The Governmental Accounting Standards Board (GASB), and state and local laws.
d. The Urban Institute.
10. Under the GASB model for performance measurement of a school, the “percentage of
students gainfully employed or in continuing education two years after graduation” is an:
a. Output measure.
b. Efficiency measure.
c. Outcome measure.
d. Effort (input) measure.
11. Under the GASB model for performance measurement of a fire department, “operating
expenditures per US $100,000 of property protected” is an:
a. Outcome measure.
b. Efficiency measure.
c. Output measure.
d. Effort (input) measure.
12. The first consideration in measuring performance is deciding what to measure. Four general
steps to do this are: 1) assess performance through benchmarking, 2) identify the processes in
the program, 3) determine whether recommendations are warranted, and 4) identify stakeholder
needs. Which of the following is the correct order for these four steps?
a. 4, 3, 2, 1.
b. 3, 2, 1, 4.
c. 4, 2, 1, 3.
d. 4, 1, 2, 3.
13. Which data collection technique would be most effective for use in evaluating the cleanliness of
city parks?
a. Household surveys.
b. Agency records of cleanliness complaints.
c. Ratings by trained observers.
d. Focus groups.
III-3

14. Which data collection technique would be most useful for assessing whether efficient flow is
being maintained efficiently in areas of high traffic density?
a. Technical tests.
b. Automated data collection from driver surveys.
c. Ratings by trained observers on the ground.
d. Photographic rating scales from the air.
15. Broad performance aspects, such as timeliness, should be further divided to be relevant to the
program being measured. For example, the more specific aspect of timeliness in a Department of
Motor Vehicles (DMV) would most likely be:
a. Cycle time.
b. Response time.
c. Queuing time.
d. On-time delivery.
16. Which of the following performance aspects is inherent in every output, and thus unique?
a. Timeliness.
b. Efficiency.
c. Cost.
d. Quality.
17. Methodologies available to government units to identify and manage costs can and do vary —
three primary examples being (1) process, (2) job order, and (3) activity-based (ABC) approaches.
In this regard, which of the following statements is most accurate?
a. No matter which approach is used, “linking” costs to objects (e.g., products, services, or
outputs) is of minor importance in holding government accountable.
b. Process cost is associated with large, unique products, such as aircraft carriers.
c. In theory, job order is the most effective of the three in assigning indirect costs to objects.
d. ABC can be costly and complex to implement.
18. Government auditors have not been routinely required to perform program evaluations. Never-
theless, government auditors have several valid reasons to gain a better appreciation of program
evaluation techniques and approaches. All of the following are valid reasons for auditor interest
in program evaluation except:
a. The use and value of program evaluation is mandated/endorsed by certain legislation in the
U.S.
b. The purpose of program evaluations bears a significant relationship to the objective of
performance auditing, particularly program audits.
c. Selected techniques from program evaluation may strengthen a government auditor’s
toolkit.
d. Audit organizations need to protect their “turf.”
III-4

19. Which sampling plan requires no additional sampling once the first error is found?
a. Stratified sampling.
b. Attributes sampling.
c. Stop-or-go sampling.
d. Discovery sampling.
20. A 95 percent confidence interval for the mean of a population based on a sample always implies
that there is a 95 percent chance that:
a. Estimate is equal to the true population mean.

b. True population mean is no larger than the largest endpoint of the interval.
c. Standard deviation will not be any greater than five percent of the population.
d. True population mean lies within the specified confidence interval.
21. The size of a given audit sample is jointly a result of characteristics of the population of interest
and decisions made by the auditor. Everything else being equal, sample size will:
a. Increase if the auditor decides to accept more risk of incorrectly concluding that controls
are effective when they are in fact ineffective.
b. Double if the auditor finds that the variance of the population is twice as large as was
indicated in the pilot sample.
c. Decrease if the auditor increases the tolerable rate of deviation.
d. Increase as sampling risk increases.
22. An important difference between a statistical and a judgmental sample is that with a statistical
sample:
a. No judgment is required because everything is computed according to a formula.

b. A smaller sample can be used.
c. More accurate results are obtained.
d. Population estimates with measurable reliability can be made.
23. In a financial statement audit, a government auditor may use both attributes and variables
sampling. Which statement below best describes how the two types of sampling may be used?
a. Either of the two would have an equally likely chance of audit use in any audit area.
b. Variables sampling would be of little benefit in estimating the true value of accounts
receivable based on confirmation results.
c. Variables sampling would be useful in estimating the true value of inventory based on
physical inventory observation and related audit procedures.
d. Variables sampling would be a likely choice in assessing whether supervisors effectively
verified and signed off on their subordinates’ work.
III-5

24. The steps in developing an activity-based costing (ABC) system are:
I. Derive the total costs of the objects (e.g., outputs).

II. Link the cost of specific activities to the program or service using activity drivers.
III. Link the cost of resources to specific activities using resource drivers.
IV. Define the activities that produce the program or service.
V. Identify the areas where ABC will be used and how the results will be used.
Which of the following represents the logical flow of these steps?
a. V, I, II, III, IV.

b. V, II, III, IV, I.
c. V, III, IV, II, I.
d. V, IV, III, II, I.
25. In an audit of a new personnel system, assume an auditor is developing a questionnaire. Which
of the following question formats is phrased in the most appropriate manner?
a. Has the new personnel system flattened the hierarchical pyramid, causing intra-
organizational structural stress?
b. How useful has the new personnel system been to improving work productivity? (answers:
very useful, somewhat useful, no impact, somewhat problematic, very problematic)
c. How strongly do you believe that the developers of the new personnel system are more
interested in “flexing their muscle” rather than helping achieve the organizational goals?
d. Same question as option b., but with possible answers of (extremely useful, very useful,
useful, moderately useful).
26. Which of the following auditor’s approaches to interviews is generally advisable?
a. Matching verbal jabs with an interviewee who objects to being interviewed.

b. Relying solely on knowledge from last year’s audit as sufficient preparation.
c. Considering asking the interviewee to sign off on the write-up if issues discussed are
complex or controversial.
d. Always use only one auditor’s time to carry out an interview (an audit efficiency factor).
27. Which of the following statements about flowcharting is not true?
a. A decision is represented as a rectangle.

b. Flowcharts generally flow from top to bottom, and left to right.
c. A flowchart is a visual representation of how a process works.
d. Flowcharts are generally useful to auditors, whether already prepared by the client or
developed by the auditor.
III-6

28. In contrasting program evaluation with performance measurement, which of the following
statements best describes the comparison?
a. Program evaluation is performed on a periodic or as-needed basis, where a performance

measurement is performed on an ongoing basis.
b. Program evaluations are usually mandated by law, whereas performance measurement
would never be mandated.
c. The purpose of program evaluation is to assess program effectiveness, whereas performance
measurement involves collecting mainly descriptive data on programs.
d. Performance measurement focuses on efficiency and economy, where program evaluations
focus on program effectiveness.
29. Which of the following statements does not describe a characteristic of summative program
evaluations?
a. The focus is on process.

b. Typical methodologies include case studies and interrupted time-series measurements.
c. Data is collected via observation and examination of documents and interviews.
d. Analysis of data includes content analysis and contact summary form.
30. Which of the following statements is not true regarding formative program evaluation?
a. The focus is on a process.

b. The most common technique in formative program evaluations is the use of case studies.
c. The goal of formative program evaluations is to determine which components adversely
affect program effectiveness or do not add value.
d. The technique called ethnographic analysis involves observations or interviews to study
how people learn, interact with others, or make decisions.
31. In formative program evaluation, one technique that involves the use of observations and
interviews to study how people learn, interact with others, or make decisions is called:
a. Focus groups.
b. Program modeling.
c. Expert judgment.
d. Ethnographic analysis.
32. In an interrogatory interview, which of the following is an open-ended question?
a. Did you ever transfer government-owned property from your office to your residence?
b. Were you advised by your lawyer not to answer my questions?
c. Were you provided training on the internal control techniques used in handling cash
receipts?
d. What internal control policies and techniques exist regarding cash receipts?
III-7

33. In an interrogatory interview, which of the following steps below enhances the chances of
admissibility of the recorded interview in court?
a. Loading new batteries into the tape recorder before recording the interview.
b. Purchasing new tapes for the interview and retaining the receipt.
c. Delivering the original tapes to the audited organization’s lawyers immediately after the
interview, and getting a signed receipt.
d. All of the above (a., b., and c.) will enhance the chances of admissibility.
34. Which of the following statements best describes the overall relationship between internal controls
and detecting/preventing integrity violations?
a. Written policies should describe how integrity violations would be handled if detected.
b. Management needs to communicate the importance of its systems of internal controls with
an appropriate recognition and reward system.
c. Auditors need to communicate to management their recommendations to enhance or add
controls regarding integrity violations.
d. An effective system of control is the most important deterrent an organization can have
against integrity violations.
35. Final investigative reports usually contain all of the following except:
a. Detailed description and chronology of events surrounding the violation.

b. Detailed account of steps taken in the investigation.
c. Description of weak or compromised controls that led to the violation.
d. Traditional elements of findings, the same as in other performance audit reports.
36. Which of the following statements about detecting integrity violations is the least accurate?
a. Fraud hotlines are a good, albeit passive, form of detection.

b. Unannounced inventory counts could detect thefts.
c. Frequent and regular changing of passwords helps prevent unauthorized system access.
d. Assuring that procurement officials sign annual statements of awareness of relevant laws
and regulations will effectively detect procurement fraud.
37. Assume that a government auditor — by request — is planning an audit of the effectiveness of
a popular government program. The auditor discovers that more than 100 other audits/studies
have all concluded that the program is ineffective. All of the following approaches by the auditor
are sound except:
a. Because the audit is based on a request, basically ignore the prior conclusions.
b. Evaluate the soundness of any factual basis for the other conclusions reached.
c. Assess the possible bias of the other studies — who wrote them? The scope and
methodologies? The tone of the reports?
d. In your report, selectively use (and properly characterize) information from the other
reports after considering its reliability and currency.
III-8

38. Assume the following scenario: Mr. Auditor worked for Mr. Client for five years, but, after much
adversity between the two, Mr. Client fired Mr. Auditor. Five years after the firing, Mr. Auditor
is in charge of an audit of Mr. Client’s office. While the audit discloses certain deficiencies, they
would be viewed by a prudent auditor as minor. Nevertheless, Mr. Auditor spends six months on
the audit and issues a 100-page scathing report. This is an example of the logical fallacy of:
a. Non sequitur.
b. Slippery slope.
c. Ad hominem.
d. Deductive fallacy.
39. Assume an audit involves attempting to determine the merits of producing ammunition in
government-owned, government-operated (GOGO) versus government-owned, contractor-
operated (GOCO) plants. One military branch has a study concluding GOGO is preferable,
while another military branch has a study concluding that GOCO is preferable. If the auditor
cites only one of these studies to support an audit conclusion (and ignores the other), he has
likely engaged in a logical fallacy called:
a. Hasty generalization.
b. Post hoc, ergo proper hoc.
c. False use of authority.
d. Inductive fallacy.
40. A government auditor needs to consider the concept of materiality and significance. Which is
the best statement, from below, of how the auditor may view these differently in the public sector
than in the private sector?
a. The concepts should be considered in the very same manner.

b. These concepts are considerably more important in audits in the private sector, since the
government has many laws and internal controls, which can substitute for audits.
c. Government auditors can reasonably set higher dollar thresholds of materiality.
d. Government auditors need to give greater consideration to qualitative factors (e.g., visibility,
newness of programs, sensitivity, etc.).
41. The strategic planning process can be viewed as having the following steps:
I. Decide the mission.

II. Communicate the plan.
III. Monitor the plan’s effectiveness.
IV. Develop a specific plans, methods, and resource allocations.
Which of the following represents the logical flow of these four steps?
a. IV, III, II, I.

b. I, IV, II, III.
c. I, II, IV, III.
d. I, II, III, IV.
III-9

42. In the government arena, four major generic categories of performance measures are:
a. Input, process, output, and outcome.

b. Service efforts, service accomplishments, efficiency, and economy.
c. Stakeholders, oversight bodies, program officials, and the public.
d. Activities, objects, activity drivers, and resource drivers.
43. Under the GASB model of performance measurement for mass transit, “average age of
vehicles and remaining life” and “replacement cost of vehicles” are examples of:
a. Efforts measures.
b. Efficiency measures.
c. Explanatory data.
d. Outcome measures.
44. Regarding performance measures, a government auditor may take several differing approaches.
In this regard, which of the following audit approaches is the least preferable?
a. An auditor should supplement data obtained from direct observation with data from agency
records and secondary sources.
b. An auditor may sometimes be called upon to independently assess performance using
auditor-developed measures.
c. An auditor may sometimes assess the adequacy (or relevance) of management’s measures,
i.e., go beyond accuracy (reliability).
d. Auditors should generally steer clear of performance measures, because of the standard of
independence.
45. To an alert auditor, an employee who refuses to take vacation or sick leave should be viewed as:
a. A highly productive employee.

b. An indication of Theory X management.
c. An indication of understaffing in that functional area.
d. A “red flag” of possible fraud.
46. A combination circle and line graph that is used to identify potential causes and their components
and portray their extent is known as a:
a. Cause-and-effect diagram (aka “fishbone” analysis).

b. Force field analysis.
c. Radar chart (aka “spider” graph).
d. Sequence flowchart.
III-10

47. Regarding the types of evidence an auditor collects, which of the following statements is most
accurate?
a. Photographs automatically substantiate physical evidence.

b. Documentary evidence is clearly superior to testimonial evidence.
c. The client would never be able to challenge the auditor’s own analytical evidence.
d. Since all types of evidence can have weaknesses, the auditor’s corroboration with more than
one type of evidence is often a good idea.
48. In a performance audit conducted under GAGAS, the auditor has certain responsibilities
when using data generated from computer-based systems. Regarding the auditor’s
responsibilities in this area, three of the following statements are true, and one is not true.
Which statement is not true?
a. The sufficiency and appropriateness of data are of particular interest when the data are
significant to the auditor’s audit objectives, findings, and conclusions.
b. These important responsibilities apply in the same manner, no matter how the auditor will
use the data.
c. If the auditor has evidence that the general and applications controls are effective, the
auditor may be able to reduce the amount of work to test the validity of data used.
d. These responsibilities apply regardless of whether the auditor or the client extracts the data
to be used.
49. In performance audits, auditors are required to develop complete findings. Under GAGAS,
a complete finding:
a. Depends entirely on the audit objective.

b. Includes condition, cause, criteria, and effect.
c. Includes at least condition and criteria, the potential effect (leaving the client to identify and
fix the cause(s)).
d. Must always include a recommendation.
50. An audit organization performs an audit of a new drug awareness and reduction program in a
major city. The primary audit approach is to compare certain key societal indicators (e.g., school
dropout rates, juvenile delinquency, teen pregnancy, etc.) from before and after the initiation of
this new program. Which elements of a finding should the finding(s) include?
a. Condition, criteria, cause, and effect.

b. Condition only.
c. Condition and effect.
d. Condition without the program, condition with the program, effect/impact, and the program
as the cause.
III-11

51. Which elements of a finding would be necessary to respond to the following audit objective:
“What are the types of research activities, technologies assisted, and amounts by categories
expended in the past five years under the Department of Defense’s Manufacturing Technology
Program?”
a. Condition, criteria, cause, and effect (no recommendation).

b. Condition only.
c. Condition and criteria.
d. The audit objective needs to be revised to answer.
52. In evaluating program impact, one quantitative approach is called the “before and after” design.
Which of the following statements about this design approach is/are true?
a. Compared to other designs intended to isolate “impact,” the before and after is viewed as
the simplest, but can be the least reliable.
b. This design is most appropriate for auditors when (1) conditions remain stable, (2) no
conditions other than the program/intervention can have an impact, and (3) the auditor can
rather easily identify other factors that could have had an influence.
c. Data must be available to measure conditions prior to the program/intervention.
d. All of the above statements are true regarding the “before and after” design approach.
53. Two other designs for evaluating program impact are called “true experiment” and “randomized
experimentation.” Regarding these two, which of the following statements is not true?
a. These two types of design are considered both more reliable and useable for the auditor
than other designs, such as “before and after,” “time series,” etc.
b. The prerequisite of these two approaches that control groups be identified before the
program is established generally precludes their direct use by auditors.
c. Since auditors generally cannot use these designs directly, the auditor should “steer clear”
of whether the client uses these designs.
d. Both of these designs are used to determine the change created by the program.
54. Another approach that auditors may consider is known as “control group” design. With which
of the following statements about this design approach would you disagree?
a. Under this approach, two groups are evaluated after program implementation — one group
served by the program and one not served.
b. It is important that the two groups be (1) similar and (2) subject to the same variables.
c. This would be a very weak design for auditors.
d. To be an effective design, it is important to try to identify outside factors that may have an
impact.
III-12

55. Which of the following statements is true?
a. A run chart can be used to identify a potential problem and its extent by tracking and
displaying changes in an aspect of performance.
b. An alternative term for Pareto Analysis is “fishbone” analysis.
c. A histogram is best presented visually in pie chart form.
d. Despite its title, an aging schedule is unrelated to the time dimension.
56. The analysis technique that separates the “vital few” from the “trivial many” and draws attention
to problems in a systematic way is:
a. A scatter diagram.
b. Force field analysis.
c. A control chart.
d. Pareto Analysis.
57. If the requirement is to measure the effectiveness of drinking water delivery, which of the following
would be of interest?
a. Water quantity may be measured with the number of gallons pumped.

b. Water quality may be measured by comparisons with environmental standards.
c. Timeliness of water delivery may be measured by (1) number/frequency of outages, and (2)
response times to outage calls.
d. All of these three performance aspects would likely be of interest.
58. A major city’s Office of Planning and Development Review reported since 10 years ago, a 12
percent increase in commercial permits issued, a 51 percent increase in residential permits issued,
a 43 percent increase in commercial inspections, and a 6 percent increase in residential inspections.
These are four measures of:
a. Inputs (efforts).
b. Outcomes.
c. Outputs.
d. Efficiency.
59. An auditor is performing an audit with an objective of determining whether the radio for a
military helicopter (1) met military needs, and (2) was being procured economically. The auditor
has documented many weaknesses in the procurement of the radios. The auditor decides, based
on little or no specific information, that the procurement of the helicopter itself is likely deficient,
and therefore expands the audit significantly. The auditor is making the logical error called:
a. Non sequitur.
b. Slippery slope.
c. Post hoc, ergo proper hoc.
d. False use of authority.
III-13

60. Which of the following statements about analytical review that auditors use is least accurate?
a. Data envelope analysis is appropriate for use in evaluating performance at multiple military
installations or schools.
b. Interrupted time series is a quasi-experimental design that allows auditors to compare
observations from before and after an intervention.
c. Cost effectiveness and cost/benefits are essentially the same.
d. Regression analysis is a method of measuring the statistical relationship between two or
more variables.
III-14

SOLUTIONS FOR
Domain III — Government Auditing
Skills and Techniques
1. Solution: c
a. Incorrect. This option relates to a concept that views workers as either generally lazy (theory
X) or generally willing to work if given the chance (theory Y). The originator of this theory
is Douglas McGregor.
b. Incorrect. This option uses language from Frederick Herzberg’s two-factor theory of
motivation. One factor is viewed as dissatisfiers (maintenance or hygiene) such as pay,
surroundings, etc., and the second factor of satisfiers (motivational) such as achievement,
challenging work, etc.
c. Correct. Individuals differ in how actively participative they will be, even when given the
chance.
d. Incorrect. Appropriate conflict management can work even in various environments, even
when tensions may be greater than normal.
2. Solution: c
a. Incorrect. Effective teams do improve morale and provide cohesion.

b. Incorrect. Active involvement of team members does lead to acceptance.
c. Correct. Outcomes are not as easily linked to individuals.
d. Incorrect. Teams decide on “norms” that control and discipline members.
3. Solution: c
a. Incorrect. This is a characteristic of the classical model of bureaucracy.

b. Incorrect. This is a characteristic of the classical model of bureaucracy.
c. Correct. Today’s governmental bureaucracies are often criticized as placing an over-
emphasis on controls, leading inefficiency, slow responses, and unfair decisions.
d. Incorrect. This is a characteristic of today’s governmental bureaucracies, and, if properly
balanced (not overemphasized), is a positive characteristic.
(Note: The “father” of bureaucracy theory was Max Weber.)
4. Solution: c
a. Incorrect. Centralized decision-making is more efficient and rapid.

b. Incorrect. Decentralized decision makers are involved and, therefore, motivated.
c. Correct. Centralized decisions are, by nature, more uniform than decentralized decisions.
d. Incorrect. Decentralized decision makers can act without checking with the central office.
III-15

5. Solution: d
a. Incorrect. Basing personnel decisions on fairness and merit is a primary reason to have
centralized personnel systems in government offices.
b. Incorrect. The expansion of centralized personnel systems, with emphasis on fairness and
merit, has decreased the number of patronage positions.
c. Incorrect. Centralized personnel systems address the full range of personnel decisions and
management.
d. Correct. Correct discipline systems, processes, and rules must, and do, address both
performance problems (quantity, quality, pace) and conduct/behavior (e.g., late arrivals,
physical fighting, breaking office furniture, etc.).
6. Solution: a
a. Correct. This correctly states the three requirements of GPRA.

b. Incorrect. Federal auditors do not have a statutory requirement to audit performance data,
although some have chosen to do so.
c. Incorrect. The use of performance data to formulate budgets has been an active initiative by
the executive branch of the U.S. government. In fact, the “performance budgets” have been
used a part of the requirement for an annual performance plan.
d. Incorrect. Even before the enactment of GPRA, the CFO Act required “systematic
reporting on performance” as part of the Annual Financial Report (now the Performance
and Accountability Report).
7. Solution: b
Option b. shows the correct sequence. I. is a long-term goal, looking five years to the future, and
would be in a strategic plan. II. gives the performance measure to be used. III. presents a strategy
of how the intended performance will be achieved. IV. is the near-term — annual goal.
(Note: While this example is specific to a U.S. law and U.S. government agency, the concepts have
general applicability in other countries that use performance measurement and reporting.)
8. Solution: d
a. Incorrect. The U.S. law, titled the GPRA of 1993 requires a mission statement in the strategic
plan.
b. Incorrect. The GPRA also requires a discussion of the strategies intended to achieve
planned performance goals in the strategic plan.
c. Incorrect. The GPRA also requires a discussion of external factors that could impede a
government agency’s goals in the strategic plan.
d. Correct. Under the GPRA and related guidance, the alignment of the budget with
annual performance goals in is the annual performance plan (sometimes referred to as the
performance budget). The strategic plan is for a five-year period.
(Note: While the GPRA is specific to the U.S., the concepts may have value or applicability to
other countries that are developing/using performance measurement and reporting.)
III-16

Solutions for Domain III — Government Auditing Skills and Techniques
9. Solution: c
a. Incorrect. FASAB and OMB provide guidance to the federal level.

b. Incorrect. GPRA and other laws apply to the federal level of government.
c. Correct. GASB established GAAP for state and local levels of government and has issued
concept statements and other literature related to performance measurement. Also, various
state and local laws have been enacted.
d. Incorrect. The Urban Institute is not a governmental body, although it has published
relevant studies and guidance.
10. Solution: c
a. Incorrect. Output measures relate to levels of activity or production.

b. Incorrect. Efficiency measures relate efforts to accomplishments.
c. Correct. Outcome measures relate to results, such as gainful employment.
d. Incorrect. Effort measures relate to inputs.
11. Solution: b
a. Incorrect. Outcomes relate to results.

b. Correct. Efficiency measures relate efforts (US $100,000) to accomplishments (protection).
c. Incorrect. Outputs relate to the level of activity or production.
d. Incorrect. Efforts are inputs — financial or nonfinancial.
12. Solution: c
The correct sequence is presented in option c., based on The IIA’s CGAP Examination Study
Guide, Section III, B.3.c. It also is the most logical option. Therefore, options a., b., and d. are
incorrect answers.
13. Solution: c
a. Incorrect. Household surveys would not be as direct as the use of trained observers.
b. Incorrect. Relying on complaints would be a less objective and comprehensive approach
than the use of trained observers.
c. Correct. Ratings by trained observers is the most effective approach for areas such as park
or street cleanliness, or compliance with health regulations in food establishments.
d. Incorrect. Use of focus groups (small groups of stakeholders) would not be as comprehensive
and objective as the use of trained observers.
III-17

14. Solution: d
a. Incorrect. Technical tests are relevant to areas such as checking air or water quality, and not
very relevant in assessing traffic density.
b. Incorrect. Driver surveys would be more prone to drivers’ biases, lack of recall, etc., and
surveys would likely be difficult to administer.
c. Incorrect. Having observers on the ground is likely more useful in identifying the quantity
of traffic on specific highways or roads, but not necessarily the density of traffic, which
involves more than identifying quantities. Option d. is a better approach.
d. Correct. The use of video cameras is a very effective approach (and has been used) to
document traffic density.
15. Solution: c
a. Incorrect. Cycle time would be applicable to such areas as applications for passports,
permits, copyright registrations, etc.
b. Incorrect. Response time would be applicable to emergency vehicles.
c. Correct. Queuing time involves standing in lines waiting for renewals of driver’s licenses or
vehicle tags, a typical situation at a DMV.
d. Incorrect. On-time delivery would be applicable to areas such as biweekly payroll checks,
etc.
16. Solution: d
a. Incorrect. Timeliness is not always relevant, for example, in the quality and durability of
roadways or highways.
b. Incorrect. Efficiency is not always relevant, for example, in research and development or
perhaps in police operations.
c. Incorrect. While cost is associated with all outputs, cost is not inherent in the outputs.
d. Correct. Quality is considered inherent in every output, based on a wide range of authorita-
tive performance measurement literature.
17. Solution: d
a. Incorrect. Linking cost to objects is a fundamental part of ABC.

b. Incorrect. Process cost is associated with production of a large number of homogenous
products (e.g., vehicles) — not large individual projects like aircraft carriers.
c. Incorrect. ABC is generally seen as the most effective in assigning indirect costs to objects
in an accurate or useful manner.
d. Correct. The costliness and complexity of using ABC is of concern to managers, and has
caused some managers to avoid ABC implementation.
III-18

18. Solution: d
a. Incorrect. This is a valid reason for auditors to show interest. Government auditors generally
see legislative bodies as important customers.
b. Incorrect. This is a valid reason for auditor interest, since performance audits can focus on
effectiveness, as well as economy and efficiency. In fact, some auditors view evaluation as a
specialized type of performance audit.
c. Incorrect. This is also a valid interest for government auditors, and, in fact, some government
audit organizations have added selected techniques to their “toolkit.”
d. Correct. Protection of “turf ” is a very superficial reason to be interested in evaluation, and
would not enhance the professionalism of government auditors.
19. Solution: d
a. Incorrect. This option is not relevant to the statement presented. In a stratified sample, the
population is divided into relatively homogenous groups, and the sample is selected from
the groups.
b. Incorrect. Attributes sampling concerns binary, yes/no, or error/non-error propositions. It
can be used to test the effectiveness of controls, and requires the existence of evidence
indicating performance of the control.
c. Incorrect. This is not relevant to the statement presented. The objective of stop-and-go
sampling is to reduce the sample size. Sample size is not fixed, so the internal auditor can
achieve the desired result, even if deviations are found, by enlarging the sample sufficiently.
In contrast, discovery and acceptance sampling have fixed sample sizes.
d. Correct. Discovery sampling is appropriate only when a single deviation would be critical.
The occurrence rate is assumed to be at or near zero percent, and the method cannot be
used to evaluate results statistically if deviations are found in the sample.
20. Solution: d
a. Incorrect. Computation of a confidence level permits a statement of the probability that the
interval contains the population value.
b. Incorrect. Two-sided confidence intervals are more common.
c. Incorrect. Confidence level has no bearing on the size of the standard deviation.
d. Correct. Confidence level equals the sample statistic + or – a risk allowance.
21. Solution: c
a. Incorrect. An increase in allowable risk decreases sample size.

b. Incorrect. Doubling variability of the population will cause the sampling size to more than
double.
c. Correct. Tolerable rate is inversely related to sample size.
d. Incorrect. Sampling risk increases as sampling size decreases.
III-19

22. Solution: d
a. Incorrect. Tolerable error is related to materiality and auditor judgment.

b. Incorrect. An assumption of being able to use smaller samples is erroneous.
c. Incorrect. Obtaining more accurate results is an inappropriate (imprecise) way to describe
the difference between statistical and judgmental samples.
d. Correct. Statistical sampling allows the auditor to make a quantitative assessment of how
closely the sample represents the population for a given level of reliability.
23. Solution: c
a. Incorrect. The two approaches do not have an equal chance of being used in any area of a
financial statement audit. (See the other explanations.)
b. Incorrect. In fact, using variables sampling for this purpose (estimating the true value of
accounts receivable) would be a beneficial application.
c. Correct. Sampling for variables applies to monetary amounts but can be used for other
measures. It attempts to provide information about whether a stated amount is materially
misstated. The auditor uses this approach to either support or reject the conclusion about a
reported number.
d. Incorrect. Attribute sampling would be more applicable to assess whether supervisory
signoffs of subordinates’ work were effective.
24. Solution: d
Option d. is correct based on The IIA’s CGAP Study Guide, Section III, 4b. Thus, options a., b.,
and c. are incorrect.
25. Solution: b
a. Incorrect. This language is very ambiguous and unclear, and, thus, inappropriate.
b. Correct. This question is focused, clear, balanced, and unbiased, and does not “lead” the
respondent.
c. Incorrect. This is a biased, leading question, and addresses more than one idea.
d. Incorrect. This question does not have option symmetry (all are positive options, none are
negative), and is, thus, biased.
26. Solution: c
a. Incorrect. Trading verbal jabs is confrontational and does not represent a professional,
low-key style that is more effective in interviews.
b. Incorrect. Auditors are required to verify and validate old information. Not doing so can
hurt the auditor’s credibility.
c. Correct. If information from an interview is important to the audit, having the interviewee
sign off or confirm in some other manner is a good corroborative procedure.
d. Incorrect. If possible, use of two auditors at the interview will better assure that all answers
are heard and properly recorded in the audit documentation.
III-20

27. Solution: a
a. Correct. A decision is represented as a diamond shape.

b. Incorrect. This statement is correct.
c. Incorrect. This is a correct description of a flowchart.
d. Incorrect. Flowcharts may be available from the client or developed by the auditor. If the
flowchart is obtained from the client, the auditor has a responsibility to review and validate
the flowchart.
28. Solution: a
a. Correct. This statement properly describes the comparison between program evaluations
and performance measurement systems.
b. Incorrect. Many governments have mandated performance measurement systems — for
example, the Government Performance and Results Act of 1993 and other state and local
laws in the U.S.
c. Incorrect. The first clause is correct, but the second is incorrect. Performance measurement
is intended to collect data on effectiveness (e.g., accomplishments, outputs, outcomes), not
just “descriptive data.”
d. Incorrect. The second clause is correct, but the first clause is incorrect. Again, performance
measure systems should focus extensively on effectiveness, not just economy, efficiency, and/
or administrative actions.
29. Solution: a
a. Correct. Summative program evaluations focus on results — not process.

b. Incorrect. Typical methodologies do include case studies, experimental and quasi-
experimental, and interrupted time-series measurements. (See The IIA’s CGAP Examination
Study Guide, Section III, C, 1c.)
c. Incorrect. Summative program evaluations involve collection of data via observation,
document review, and interview.
d. Incorrect. Summative program evaluations can use content analysis and/or content summary
forms. Content analysis is an analytical method that investigates the meaning of data by
coding. A content summary form is a single sheet that contains a series of summarizing
questions about a field contact; the evaluator may supplement the text of the form with
matrices, graphs, or charts.
30. Solution: b
a. Incorrect. Formative evaluations do focus on process.

b. Correct. Case studies are a common technique in summative — not formative — evaluations.
c. Incorrect. This is a correct description of the formative approach. (See The IIA’s CGAP
Examination Study Guide, Section III, C 2.)
d. Incorrect. This is a correct description of ethnographic analysis, which is described in the
CGAP Examination Study Guide and in other references.
III-21

31. Solution: d
a. Incorrect. Focus groups are small groups of stakeholders.

b. Incorrect. Program modeling specifies all activities/interventions and links program activities
to expected intermediate and ultimate results.
c. Incorrect. Expert judgment involves obtaining opinions from individuals with extensive
experience.
d. Correct. This is the correct definition of ethnographic analysis per The IIA and in other
literature.
32. Solution: d
a. Incorrect. This question is closed-ended (i.e., yes-no).

b. Incorrect. This question is closed-ended (i.e., yes-no).
c. Incorrect. This question is closed-ended (i.e., yes-no).
d. Correct. This question cannot be answered with “yes” or “no,” and instead requires specifics.
33. Solution: d
a. Incorrect. Option d. is inclusive of “loading new batteries...”

b. Incorrect. Option d. is inclusive of “purchasing new tapes...”
c. Incorrect. Option d. is inclusive of “delivering…tapes…immediately…”
d. Correct. All the steps in a., b., and c. will enhance the admissibility of evidence and make
it harder to accuse the auditor of tampering with, or inadvertently losing or damaging,
evidence.
34. Solution: d
a. Incorrect. Written policies on handling integrity violations, while a good procedure, does
not address the overall relationship of controls and violations.
b. Incorrect. Management communication, while important, does not describe the overall
relationship of internal controls and integrity violations.
c. Incorrect. Auditors’ recommendations, if implemented, can reduce the risk of integrity
violations, but this statement does not describe an overall relationship between internal
controls and integrity violations.
d. Correct. This is the classical relationship of effective controls as the most important
deterrent against integrity violations.
35. Solution: d
a. Incorrect. Inclusion of additional details in an investigative report is appropriate and a

common practice.
b. Incorrect. The steps taken in the investigation are often included in an investigative report.
c. Incorrect. It is appropriate to discuss the weak or compromised controls in an investigative
report, and to make appropriate recommendations to prevent reoccurrence(s).
d. Correct. An investigative report would not necessarily include the traditional elements of
condition, criteria, cause, and effect.
III-22

36. Solution: d
a. Incorrect. Hotlines are an appropriate and widely used form of detecting potential integrity
violations. Appropriate follow-up is needed to validate the information reported and judge
its significance.
b. Incorrect. Unannounced audit procedures can be effective in detecting integrity violations.
c. Incorrect. Changing passwords is an effective procedure to prevent, and possibly detect,
unauthorized access (or attempts) into systems.
d. Correct. While of value, signing of annual statements of awareness of relevant laws would
be less effective in detecting integrity violations than the procedures discussed in options a.,
b., and c.
37. Solution: a
a. Correct. Government auditors are generally encouraged/required to coordinate their work

with other auditors, evaluators, and investigators. Such coordination enhances the overall
benefits from limited audit resources.
b. Incorrect. Evaluation of other related audits or studies is an appropriate step, and could
lead to changes in audit objective, scope, and methodology.
c. Incorrect. Considering the validity and fairness of other related audits/studies is also
appropriate.
d. Incorrect. The auditor can reasonably be expected to use and refer to the results of other
related studies and audits. (In fact, in this instance, the auditors specifically recommended
that the client prioritize the recommendations of the more than 100 reports and implement
them, or rebut them, as deemed appropriate.)
38. Solution: c
a. Incorrect. Non sequitur (“It does not follow.”) is the logical fallacy of suggesting something
did nor did not happen without a logical basis. That form of illogical thinking is not relevant
in this case.
b. Incorrect. Slippery slope (or “nose of the camel in the tent”) refers to an illogical conclusion
that, since action “A” happened, all actions through “Z” will definitely occur. (Examples —
gun control, abortion rights, etc.) That form of illogical thinking is not relevant in this case.
c. Correct. Ad hominem is pursuing an audit based on adverse feelings about a person(s), not
the evidence. This is relevant in this case.
d. Incorrect. Deductive fallacy is illogical use of a series of statements, which is not the form
of illogical thinking in this case.
III-23

39. Solution: c
a. Incorrect. Hasty generalization is “leaping” to a broad conclusion based on too few facts or
too little evidence. This is not the problem in this case.
b. Incorrect. Post hoc, ergo hoc is assuming, illogically, that because something happened after
an event, it is because of that even. Not relevant in this case.
c. Correct. False use of authority is, illogically, citing only the authority that fits your position.
This is the relevant illogical thinking in this case.
d. Incorrect. Inductive fallacy is illogical use of a series of statements, and is not relevant to the
auditor’s thinking in this case.
40. Solution: d
a. Incorrect. See the explanation for option d., the correct option.
b. Incorrect. In the private sector, where revenues are based on exchanges, the customer is
assumed to have more freedom and influence. Laws and internal controls in the government
do not substitute for audits and other forms of accountability.
c. Incorrect. In fact, government auditors are encouraged to set lower dollar thresholds of
materiality (meaning auditors do more, not less, transaction testing, etc.).
d. Correct. Because the source of most revenue to governments is involuntary (e.g., taxes),
governments have a strong need to demonstrate integrity and openness. Thus, auditors have
a greater need to go beyond just consideration of quantitative factors to consider other
factors.
41. Solution: b
The logical flow of these four steps is option b. See The IIA’s CGAP Examination Study Guide,
Section III, Section A. Thus, options a., c., and d. are incorrect.
42. Solution: a
a. Correct. See The IIA’s CGAP Examination Study Guide, Section III, B.
b. Incorrect. These are not the four generic categories of performance measures.
c. Incorrect. These are references to customers and interested parties.
d. Incorrect. These terms relate to the activity-based costing methodology.
43. Solution: c
a. Incorrect. Efforts are quantitative measures (financial or nonfinancial) of inputs.

b. Incorrect. Efficiency measures are quantitative measures relating efforts and accomplishments.
c. Correct. Explanatory data, usually narrative, assists the user in putting the quantitative data
on efforts and accomplishments in perspective.
d. Incorrect. Outcome measures are quantitative measures of results.
III-24

44. Solution: d
a. Incorrect. An approach of supplementing reported performance data with direct observation

with data from agency records and secondary sources would be appropriate.
b. Incorrect. In a results-based audit approach, the auditor independently develops his/her
own measures. Some audit organizations take this approach, and it is a legitimate option,
assuming the measures used by the auditor are defensible.
c. Incorrect. An audit approach that addresses both adequacy (relevance) and accuracy
(reliability) is appropriate. This would be especially true where the performance measures
are still evolving (a “work in progress”).
d. Correct. In view of the widespread initiatives in performance measurement systems in
government as a key part of accountability, government auditors should not ignore these
initiatives. Appropriate audit roles will not impair auditor independence.
45. Solution: d
a. Incorrect. Refusals to take leave are not a measure of employee productivity. Being present
may not mean the person is productive!
b. Incorrect. Theory X has to do with a management view that employees are, by nature, lazy
and need to be coerced. This view by the auditor would not be relevant, since it is the
employee refusing to take leave.
c. Incorrect. The auditor would need to make a more comprehensive assessment to determine
whether the area is understaffed.
d. Correct. Refusal to be absent is a classical “red flag” or a potential integrity issue (e.g.,
fraud). See The IIA’s CGAP Examination Study Guide, Section III, Section F3.
46. Solution: c
a. Incorrect. A “fishbone” analysis focuses primarily on identifying potential causes of a

problem, whereas a radar chart identifies and defines a problem, and assesses the significance
of the problem.
b. Incorrect. Based on opposing forces, “force field analysis” is intended to identify and select
solutions, and implement and monitor performance.
c. Correct. The definition given is for a “radar chart.”
d. Incorrect. A sequence flowchart includes all of the processing tasks or steps, and is used to
identify and analyze causes.
47. Solution: d
a. Incorrect. Photographs must be properly taken, and do not automatically provide

substantiation. (Photos can be misleading!)
b. Incorrect. Auditors need to keep in mind that documents can be erroneous, incomplete,
and/or outdated. Also, every event is not documented.
c. Incorrect. Auditors are not considered infallible, so the auditor’s analysis must be open to
scrutiny. (Instructor’s note: Answers with “never” are suspect!)
d. Correct. Auditors should routinely keep corroboration in mind.
III-25

48. Solution: b
a. Incorrect. This statement is true. See GAGAS paras. 7.24, 7.27, 7.65, and 7.69. If the data
is for background purposes only in the report, perhaps attribution may be used and less
extensive audit procedures may be needed.
b. Correct. This statement is not true. The auditor will have a different perspective if the data is
related to the audit objectives, findings, and conclusions (rather than only for background).
Also, see the explanation for option a.
c. Incorrect. This statement is true. See GAGAS para. 7.27c.
d. Incorrect. This statement is true. See GAGAS para. 7.65.
49. Solution: a
a. Correct. See GAGAS para. 7.72.

b. Incorrect. See GAGAS para. 7.72.
c. Incorrect. See GAGAS para. 7.72.
d. Incorrect. Recommendations are not cited as mandatory in GAGAS, and, for example,
would not necessarily be included in a condition-only report.
50. Solution: d
a. Incorrect. An impact-based finding does not include criteria.

b. Incorrect. An impact-based finding needs condition before and after, and includes effect
(impact) as well as cause (the program or intervention).
c. Incorrect. The correct elements for an impact-based finding are in option d.
d. Correct. This is the correct identification of elements in an impact-based finding.
51. Solution: b
a. Incorrect. Answering this audit objective does not require criteria, cause, or effect.
b. Correct. The only element needed to answer this audit objective is condition, just
information — sometimes called a descriptive finding.
c. Incorrect. Answering this objective does not require criteria.
d. Incorrect. The audit objective can be answered as is.
52. Solution: d
a. Incorrect. This is true, but option d. is inclusive.

b. Incorrect. This is true, but option d. is inclusive.
c. Incorrect. This is true, but option d. is inclusive.
d. Correct. All statements in a., b., and c. are true.
(Instructor’s note: Refer to The IIA’s Performance Auditing: A Measurement Approach,
Chapter 18.)
III-26

53. Solution: c
a. Incorrect. This statement is true.

b. Incorrect. This statement is true.
c. Correct. Even though an auditor cannot directly use certain designs, he/she still has the
option of encouraging management to use those designs.
d. Incorrect. This statement is true.
(See Chapter 18 of The IIA’s Performance Auditing: A Measurement Approach.)
54. Solution: c
a. Incorrect. This is a true statement.

b. Incorrect. This is a true statement.
c. Correct. In fact, this is a strong design for auditors.
d. Incorrect. This is a true statement.
(Instructor’s note: See Chapter 18 of The IIA’s Performance Auditing: A Measurement
Approach.)
55. Solution: a
a. Correct. This is a correct description of a run chart.

b. Incorrect. A Pareto Analysis is a technique that separates the “vital few” from the “trivial
many” (the 80/20 “rule”). Data is ranked.
c. Incorrect. A histogram is usually presented as a bar chart.
d. Incorrect. An aging schedule is related to time.
56. Solution: d
a. Incorrect. A scatter diagram interprets data to determine the strength of the relationship
between two variables.
b. Incorrect. Force field analysis is a problem-solving model that identifies the opposing forces
that help or hinder the “closing of a gap.”
c. Incorrect. A control chart is a special type of line chart that can be used to identify and
define a problem, and the extent.
d. Correct. This is a correct description of Pareto Analysis.
57. Solution: d
a. Incorrect. This is correct, but option d. is inclusive.

b. Incorrect. This is correct, but option d. is inclusive.
c. Incorrect. This is correct, but option d. is inclusive.
d. Correct. Overall, effective delivery includes all three aspects.
III-27

58. Solution: c
a. Incorrect. Inputs are financial and nonfinancial resources, not presented.

b. Incorrect. Outcomes are actual results — which are not presented here.
c. Correct. Outputs measure production, or levels of activity. The number of inspections are
outputs. (Examples of related outcomes might be increase in economic growth, reductions
in accidents or fires in homes, etc.)
d. Incorrect. Efficiency measures relate efforts to accomplishments — not presented here.
59. Solution: b
a. Incorrect. This Latin phrase means “It does not follow.” Logical fallacy does not apply to
the auditor’s thinking in this case.
b. Correct. Slippery slope is an illogical approach that means “if A happens, then surely B, C,
etc. will follow.” In this case, the auditor has made this logical error, thinking that if there is
a problem with the radio, then surely there is a problem with the entire helicopter.
c. Incorrect. This Latin phrase means “It happened after, so it must be because of…” That
fallacy is not indicated.
d. Incorrect. False use of authority means someone only accepts the sources of authority that
enforce their viewpoint. No applicable in this case.
60. Solution: c
a. Incorrect. Data envelope analysis (DEA) expands the single-input/single-output model of

efficiency measurement to the real-world environment of multiple-input/multiple-output
organizations. DEA can be used as stated.
b. Incorrect. Interrupted time series is accurately described.
c. Correct. These two terms have different meanings. Cost/benefit analysis involves the
comparison of projected costs and projected benefits. Cost effectiveness, in contrast to
cost/benefit, compares the cost of a program or activity to a measurable unit of output or
outcome (rather than to estimated or actual dollar benefits).
d. Incorrect. Regression analysis is accurately described.
III-28

domAin iv — Government
AuditinG environment
1. Performance-based budgeting:
a. Is an outmoded concept in the government, something that is now in disrepute.

b. Has evolved fully and been adopted in the same manner throughout the government.
c. Establishes a relationship between financial and performance information and the
appropriations process.
d. Is inconsistent with concepts advocated by the bodies that set accounting standards for
government.
2. An integral component of public accountability is standard-setting. Regarding standard-

setting in the U.S., which of the following statements is true?
a. The Federal Accounting Standards Advisory Board (FASAB) sets accounting standards
for all levels of government.
b. The Governmental Accounting Standards Board (GASB) sets auditing standards for
government auditors at the state and local level.
c. The U.S. Government Accountability Office (GAO) does not unilaterally set accounting
standards, but does provide support for the FASAB.
d. The standard-setting processes are too detailed and specialized to lend themselves to public
comment periods.
3. Under the GASB model of performance measurement at the state and local levels of
government in the U.S., the term accomplishment refers to:
a. Nonfinancial inputs.
b. Outputs.
c. Outcomes.
d. Outputs and outcomes.
4. Which of the following is an example of a crosscutting performance goal of a government unit?
a. The percentage of a school’s graduates accepted to enter colleges/universities.

b. The number of studies and corrective action plans completed for toxic waste sites.
c. The increase in budget resources provided to a high-priority goal.
d. Compliance with laws and regulations.
IV-1

5. Which of the following is an example of an effort by a government unit?
a. The inventory of vehicles used for highway maintenance.

b. The level of morale of employees assigned to a high priority goal.
c. The first-time achievement of an unqualified opinion on the unit’s financial statement.
d. A letter of recognition from the oversight body for a successful year.
6. A number of years ago, a county treasurer in the U.S. invested in derivatives, which resulted
in a major loss of public funds. Which of the following basic principles of public financial
management did the county treasurer violate?
a. Transparency.
b. Equity.
c. Prudence.
d. Probity.
7. Which of the following statements about types of government budgets is not true?
a. Zero-based budgets reevaluate the complete budget.

b. Line-item budgets tie budgets to agency missions.
c. Performance budgets attempt to tie results to costs.
d. Multiyear budgets are often associated with construction projects or entitlement programs.
8. The public sector relies heavily on the fund accounting concept for financial reporting.
Which of the following characteristics about the term fund is least accurate?
a. A self-balancing set of accounts.

b. Segregated for the purpose of carrying on specific activities or attaining certain objectives.
c. Must follow certain regulations, restrictions, or limitations.
d. The number of funds is expected to be unlimited.
9. Regarding particular types of funds used by state and local governmental units in the U.S.,
which of the following statements is not true?
a. Enterprise and internal service funds both involve identifying costs to be considered in setting
fees or prices.
b. Unless there is a compelling reason (e.g., legal requirement), state and local governments
use the general funds.
c. “Pass-through” funds are accounted for in debt service funds.
d. Special revenue funds are often used for federal grants.
IV-2

Domain IV — Government Auditing Environment
10. Requirements for state and local government accounting and reporting in the U.S. have
been significantly changed by GASB Statement #34. Under GASB#34:
a. Full accrual accounting is used for all activities in the entity-wide statements.
b. A new management discussion and analysis (MD&A) means that narrative material
previously required (in the CAFR) is no longer necessary.
c. Depreciation accounting is uniformly required for all capital assets, including infrastructure,
with no options.
d. Only one statement — statement of activities which reports expenses and revenues, and
focuses on net costs of functions is required at the entity level.
11. GASB has issued guidance on the preparation and publication of CAFRs. Which of the
following statements about the GASB requirement for CAFRs is not true?
a. CAFRs are suggested but not mandated by GASB.

b. The three basic sections in a CAFR are: (1) introduction, (2) financial, and (3) statistical.
c. The statistical section of a CAFR includes certain information for a 10-year period.
d. Inclusion of any recognition for achievement would be seen as puffery and unneeded.
12. In investing public funds, agency management faces a variety of restrictions. Which one of the
following statements most accurately describes such a restriction?
a. Laws may dictate that investments are to be made in “socially acceptable” (minority or
environmentally conscious) businesses, but would not include geographic restrictions.
b. Political factors are too arbitrary and, therefore, never cause restrictions.
c. Liquidity risk refers to the possibility of bankruptcy of a company in which there is an
investment of public funds.
d. The primary concern for safety in public investments tends to result in lower rates of return.
13. In the U.S., the federal government’s requirements for financial accounting and reporting
have been expanded and changed in the 1990s. All of the following requirements are
accurate except:
a. The federal government is required to use two types of accounting — budgetary and
proprietary.
b. Federal agencies are mandated by law to use a common general ledger.
c. Among the principal annual statements prepared is a Statement of Net Cost, reporting
costs by organizational unit and program (and ideally by output also).
d. To increase credibility, federal financial statements must be audited by private CPA firms.
14. Legal restrictions apply to the sources and uses of fund. In this regard, which of the following
statements is least accurate?
a. The use of grant funds is usually restricted to some purpose.

b. Borrowing to finance operating expenditures is generally considered an abuse.
c. Insurance trust revenue can only be used as intended.
d. Borrowing beyond the ability to repay is often a necessity, and therefore acceptable.
IV-3

15. “Federal appropriations law” in the U.S.:
a. Addresses whether obligations of budgetary resources are legal as to the (1) purpose, (2)
time, and (3) amount.
b. Is entirely independent of the U.S. Constitution.
c. Gives equal weight to authorizing legislation for federal programs as it does to the
appropriation legislation.
d. Gives a high-level official in the executive branch the final authority in determinations as to
the legality of obligations.
16. A primary disadvantage of delivering services by in-house government personnel (in lieu of
contracting out) is:
a. Government employees usually follow form over substance because of lack of understanding
program goals.
b. New programs require greater lead time due to existing assignments and resource allocations.
c. In-house delivery of programs has been proven to be more costly than contractor delivery.
d. Monitoring to assure uniform service delivery has been proven to be less effective when
services are delivered by government employees.
17. In considering grants to U.S. state and local governments from the federal level, advocates
of block grants would state that:
a. Block grants can more effectively address the nation’s specific policy goals.
b. Block grants are very similar to contracts in delivering services or completing projects.
c. Block grant use automatically assures effective competition.
d. Block grants allow a great deal of flexibility to states and localities.
18. Under which type of U.S. federal grant mechanism are there legally mandated levels and
restrictions on eligibility, with little or no discretion on the part of the grantor agency?
a. Formula.
b. Categorical.
c. Discretionary.
d. Project.
19. The delivery of government services is sometimes made through cooperative efforts. This
approach:
a. Includes joint ventures, partnerships/alliances, authorities, and special operating or quasi-

governmental agencies.
b. Tends to increase duplication of services and administrative costs.
c. Would seldom, if ever, be found at local levels of government.
d. When used, will be best if the private sector is not a party.
IV-4

20. Government auditors work in an environment that differs from the private sector, and may
therefore have different considerations. For example, in delivering services, the private sector’s
relationship with customers differs from the public sector’s relationship with citizens, because:
a. The private sector has little interest in customer satisfaction.

b. The private sector has a greater challenge determining which customers are eligible.
c. The public sector (1) must allow citizens “due process” and (2) must often follow set
eligibility requirements.
d. The appeals process in the private sector must be objective and “in place.”
21. Accountability of the government can best be demonstrated by:
a. Issuing an audited financial statement.

b. Keeping track of time cards.
c. Receiving prior approval for travel.
d. Always accepting the highest bid.
22. Government auditors sometimes audit social service programs under which parties receiving
services may not be required to pay (at least not in full) for those services. This imbalance
has received more oversight, public attention, and possible audit interest mostly because:
a. Those receiving services are often undeserving.

b. The percentage of the U.S. federal budget that goes to entitlement programs is very large.
c. Certain public policies in the U.S. advocate that recipients should pay a fee (price) based on
true costs.
d. Charitable organizations are demanding that the government stop competing with them.
23. Assume a U.S. government auditor at the Commerce Department is assigned to audit a program
to increase U.S. exports, including tobacco products, to foreign countries, including less developed
countries. The same auditor is aware from prior audits at the U.S. Agency for International
Development (USAID) that USAID has programs in developing countries aimed at improved
health, including reduction in the use of tobacco. The auditor’s best approach would be:
a. Criticize the Commerce Department for trying to expand tobacco exports.

b. Contact auditors at USAID to suggest that USAID should deemphasize its programs to
reduce tobacco use in developing countries.
c. Take a strictly “hands-off ” approach and not address this issue at all, since each agency has
legal authority for their mission.
d. At the least, recognize that government agencies can and do have conflicting missions, and
consider disclosing this situation to appropriate oversight bodies.
IV-5

24. Government auditors may be asked to review the effectiveness of programs for “at risk”
populations, e.g., the homeless, individuals addicted to drugs, people with mental illness, etc. In
these types of audits, the auditor should:
a. Apply the same standards of effectiveness as for other programs because the taxpayer’s
money is being used and there must be accountability.
b. Recommend that the agency abandon efforts to track outcomes, and restrict measurement
to only outputs, because the outcomes are often long term.
c. Attempt to identify and report the variables that are beyond the control of management.
d. Not support the use of program evaluation by management since any conclusions from
evaluations would be too arbitrary.
25. Which of the following is an example of a user fee?
a. A lottery ticket.
b. A driver’s license.
c. A building permit.
d. Greens fees at the city golf course.
26. A type of tax that is typically viewed as regressive is:
a. Income tax.
b. Property tax.
c. User fees.
d. Sales tax.
27. Which of the following is (are) potential advantages of privatization of services performed
(owned) by the government?
a. Less fraud and corruption.

b. Greater flexibility.
c. Greater assurance of actual delivery of services.
d. Due process for those who consider themselves eligible or entitled.
28. The term executive budget refers to:
a. A budget where the legislative branch is not involved.

b. A budget subject to extensive rules and regulations issued by the chief administrative officer.
c. A budget that is not subject to traditional budgetary controls.
d. A budget that incorporates all executive agencies.
IV-6

29. Generally, government agencies try to create a competitive environment in procuring goods or
services under contract. One component of a system for assuring adequate competition allows
unsuccessful bidders recourse to challenge the contract award process. That specific component
is called:
a. Sealed bids.
b. Award protest.
c. Evaluation of bids.
d. Publicizing the Request for Proposals (RFPs).
30. If the agency is uncertain about the times and amounts of goods or services it will need, the most
likely mechanism to use would be:
a. An indefinite quantity contract.

b. A firm-fixed-priced (FFP) contract.
c. A cost-sharing contract.
d. A fixed-price contract with an adjustment clause.
31. Government contract requirements typically include clauses related to all the following except:
a. Payments/billings.
b. Anti-kickback or non-bribery prohibitions.
c. Guaranteed program success.
d. Public policies.
32. Government auditors have added considerations because information they obtain and retain in
their workpapers (audit documentation) may be subject to laws that do not affect private sector
auditors. With which of the following statements regarding government auditors do you most
agree?
a. Because of the need for independence, auditors usually can disregard most exemptions
from public disclosure.
b. Auditors must be prepared to make their own final determination of what information might
affect national security (after hearing and considering client advice).
c. While confidential information may need to be destroyed or returned to a client, auditors
can safely assume no added requirements regarding the information are destroyed or
returned.
d. Auditors should be particularly alert to protecting information they obtain or use that may
have the potential of making telecommunications networks vulnerable to outsiders.
33. Under government contracts, which of the following are intended to assure “access” for small
businesses, minorities, women, or other specific groups?
a. Set-asides.
b. A multi-award contract.
c. A subcontracting opportunity.
d. All of the above are ways to assure access to the groups identified.
IV-7

34. Government entities must adhere to constraints on sanctions and firing of employees (sometimes
called “corrective discipline”). Which of the following statements about government corrective
discipline processes is true?
a. Governments generally allow the corrective discipline to be at the discretion of individual

supervisors, with no overall guidance.
b. The government corrective discipline processes effectively address performance problems,
but are generally ineffective in addressing behavior problems, e.g., unethical conduct.
c. Corrective discipline should be generally progressive in its corrective actions, but immediate
suspension (leading to later termination) is possible in some cases.
d. Since the corrective discipline process requires extensive efforts and documentation
by supervisors/managers (who are also faced with subordinate rights), accepting a few
unproductive employees as “reality” is justified.
35. Read the following: “To promote, develop, and implement policy and programs that, with
communities and families, provide assistance during times of unemployment, and ensure the
safe and fair treatment of all people on the job.” This is most likely:
a. Explanatory information from an agency’s performance report.

b. A strategic performance goal of a government agency.
c. A government agency’s mission statement.
d. None of the above.
36. The performance data reported by governments should have certain qualitative characteristics. In
this regard, the quality of the characteristic of relevancy:
a. Can be enhanced with an audit process more than other characteristics.

b. May require that a variety of performance measures be used.
c. Is closely related to a concern that the value of data diminishes over time.
d. Is the most challenging due to the broad and complex nature of government activity.
37. A higher level government office provides grant funds to 25 lower units of government for a
program to advocate “disability-friendly” policies and programs. The grant funds, on average,
add public funding of three to five percent to existing similar programs at the lower levels of
government. The biggest challenge in measuring performance would most likely be:
a. Outcomes are hard to measure.

b. Lack of baseline data.
c. Developing understandable measures.
d. The grant program is likely too small to draw inferences on its impact.
IV-8

38. A particularly difficult challenge in performance measurement and management in the govern-
ment is encountered when:
a. Legislative bodies exempt programs from performance measurement requirements.

b. Program managers refuse to develop meaningful measures.
c. Many variables beyond the program managers’ control significantly affect outcomes.
d. Baseline data has not yet been developed.
39. Being sovereign means a government can:
a. Take one’s property without compensation.

b. Enact any type of law it wishes.
c. Allow its citizens to sue the government.
d. Borrow money above the limits in its constitution.
40. What is the primary planning document in government?
a. The budget of the government unit.

b. The state of the state or state of the union address (or equivalent).
c. Structure plans of a department unit or government.
d. The annual report of the legislative auditor or controller.
41. For a state library, assume the following descriptions of performance measures are used:
I. Cost per item shelved.

II. Number of reference questions.
III. Number of volumes per capita compare to other state libraries.
IV. Percentage of users who say the state library meets their needs promptly.
V. Cost per percentage change in users who say the state library met their needs promptly.
Which of the following sequences properly matches the terms to the five descriptions above?
a. Cost effectiveness, benchmark standard, output, efficiency, outcome.

b. Efficiency, output, benchmark standard, outcome, cost effectiveness.
c. Efficiency, output, cost effectiveness, outcome, benchmark standard.
d. Efficiency, outcome, benchmark standard, output, cost effectiveness.
42. Alignment is an important notion in planning performance measurement systems. Which of the
following represents the best depiction of items that need to be properly aligned?
a. Missions, goals, and objectives.

b. Legislative mandates, missions, goals, objectives, and measures.
c. Inputs (efforts), outputs, outcomes, and efficiency measures.
d. Strategic (long-term) plans, annual performance plans, and annual performance reports.
IV-9

43. Consider the following: “Children will not live in poverty.” This statement is:
a. A mission statement.
b. A strategic objective.
c. A vision statement.
d. Unrealistic.
44. At the federal level of the U.S. government, the Statement of Budgetary Resources:
a. Is directly associated with proprietary accounting.

b. Is based on Generally Accepted Accounting Principles (GAAP), as established by the
Federal Accounting Standards Board (FASB).
c. Identifies the amount of budgetary resources and the status of the resources.
d. Is the one principal statement not subject to annual audit.
45. The type of government obligations in the U.S. that are backed by the full faith and credit
of the government are called:
a. Moral obligation bonds.

b. General obligations (GO) bonds.
c. Double-barreled bonds.
d. Revenue bonds.
46. Under modified accrual accounting, revenues are recognized when they are:
a. Earned.
b. Converted to cash or equivalent.
c. Measurable and available.
d. No longer restricted.
47. The primary difference between the terms benchmark and best practice is:
a. There is no difference.
b. Benchmarking represents a standard against which past or future performance can be
measured, and can include the organization’s previous objectives or performance, whereas
best practices come from other similar organizations.
c. Best practices derive from theoretical studies and assumptions about an ideal organization,
whereas benchmarking is based on comparison with real organizations.
d. Identifying best practices is the first step toward benchmarking.
IV-10

48. In a federal system, some political science literature refers to the idea that federalism is like
a marble cake. This reference is pointing out that:
a. In government programs, there is always some “stirring around,” and program managers
can feel like they are in a hot kitchen.
b. Contrasted with many private sector jobs, the public views government personnel as having
sweet jobs.
c. The lines between federal, state, and local levels of government are often blurred.
d. The founders of the federalism concept in the U.S. loved marble cake.
49. In the public sector, one major (but often legislatively imposed or related) entrenched impediment
to achieving program effectiveness is:
a. Internal controls.
b. Requirement for equal treatment to beneficiaries.
c. Internal regulations.
d. Fragmentation and overlap of programs.
50. At the state and local level of government in the U.S., funds use differing bases of accounting
(BA) and measurement focuses (MF). In this regard, the fund classification known as
proprietary uses:
a. The cash BA and the current economic resources MF.

b. The accrual BA and total economic resources MF.
c. The modified accrual BA and the current economic resources MF.
d. The accrual BA and the current economic MF.
51. Which would be a valid reason for incurring government debt?
a. To finance a pay raise for government employees.

b. To hire more police officers.
c. To build a new government building, which is needed.
d. To increase social welfare payments.
52. What do organizations rating the credit of governmental agencies assess?
a. The character of the agencies going into debt.

b. The likelihood of repayment of the agencies’ debts.
c. The wealth of those outside the governmental district.
d. The individual credit of members of governing boards.
IV-11

53. Which statement most accurately reflects the general notion of government accountability?
a. Government employees should be accountable for exhibiting a higher level of ethical and
moral behavior than others exhibit.
b. Government employees should be accountable for carrying out their duties to the best of
their abilities and in accordance with existing laws.
c. The public should be able to control the policies and behaviors of public organizations and
hold them answerable for what they do.
d. The public should be able to depend on government employees to carry out the laws and
formulate new laws consistent with the public’s will.
54. What should a written report disclosing the results of a performance audit that has assessed a
government program official’s accountability always contain?
a. All audit findings.

b. All audit objectives.
c. All instances of abuse.
d. All instances of noncompliance with laws and regulations.
55. Which defines objectivity as it relates to making judgments or decisions?
a. Complying with laws and regulations.

b. Basing judgments or decisions on facts and data that are readily available.
c. Reflecting no bias or prejudice of any kind toward any person, group, or organization.
d. Conforming strictly to the responsibilities and limitations spelled out in a job description or
scope of work.
56. You are a government contract auditor and believe fraud may be occurring in a program that is
“only somewhat” related to the major program being audited. How will you meet the requirement
of due care?
a. By verbally notifying the agency program manager of your suspicions.

b. By conducting follow-up work on your own to determine whether in fact fraud has occurred.
c. By writing up your findings in the working papers for follow-up by the next auditor in a
subsequent year’s audit.
d. By notifying the audit supervisor in writing of your suspicions and filing a copy of the
notification and the supervisor’s response in the working papers.
57. You have been asked to send a letter of recommendation to a prospective private sector employer
based upon your knowledge of the ability and character of an individual. To maintain your
professional integrity, under what circumstance should you use your official government title?
a. Only if the individual was a former employee of yours.

b. Only if the individual is a friend but has never worked for you.
c. Only if the individual is a friend who worked for you in the private sector.
d. Only if you can truthfully attest to the ability and character of the individual.
IV-12

58. For what primary reason should a chief financial officer (CFO) maintain budgetary control?
a. To prevent overspending.
b. To demonstrate accountability.
c. To facilitate year-end reporting.
d. To provide data for the general ledger.
59. Which is the most effective way to foster understanding and establish two-way communication?
a. Use clear, preferably brief, statements.

b. Never speak in the first person.
c. Attribute motives to the speaker.
d. Presume a common base of information.
60. What is important for modern government managers to understand about motivation?
a. That the primary motivator is always economic.

b. That individuals can be motivated, but groups cannot.
c. That motivating people is straightforward once an individual’s needs are identified.
d. That different people are motivated by different needs, and these needs change over time.
61. The notion of government accountability encompasses:
a. Only financial accountability.

b. Only performance accountability.
c. Both financial and performance accountability.
d. Only effective internal control.
62. If a government agency has been able to show an increase in the number of individuals of low
income levels who have housing, and those individuals also have better health, that would be
considered:
a. An increase in outputs.
b. An increase in outcomes.
c. An increase in efforts.
d. An increase in both outputs and outcomes.
IV-13

SOLUTIONS FOR
Domain IV — Government
Auditing Environment
1. Solution: c
a. Incorrect. Performance, or performance-based, budgeting is a popular initiative in many

governments.
b. Incorrect. The specific approach to performance-based budgeting varies in many respects
among governments.
c. Correct. This is an accurate description of the performance-based budgeting concept.
Budget approval processes consider performance against established goals or standards.
d. Incorrect. Performance-based budgeting is consistent with the concept of holding
governments accountable.
2. Solution: c
a. Incorrect. FASAB sets accounting standards for only the federal level.
b. Incorrect. GASB sets accounting — not auditing — standards for the state and local levels
of government.
c. Correct. GAO does not set accounting standards unilaterally, but is one of three sponsors
of FASAB, along with the Office of Management and Budget (OMB) and Treasury. Prior
to FASAB’s existence, GAO did set accounting principles.
d. Incorrect. FASAB’s “due process” (like GASB and the Financial Accounting Standards
Board [FASB]) allows a public comment period.
3. Solution: d
a. Incorrect. The GASB model refers to “inputs” as efforts.

b. Incorrect. Accomplishments include both outputs and outcomes.
c. Incorrect. Accomplishments include both outcomes and outputs.
d. Correct. Accomplishments include both outcomes and outputs.
4. Solution: d
a. Incorrect. This example is an outcome.

b. Incorrect. This example is an output.
c. Incorrect. This example is an input (effort).
d. Correct. Cross-cutting goals include compliance with laws, good information, and values.
They go beyond individual programs.
IV-15

5. Solution: a
a. Correct. Efforts refer to inputs, financial or nonfinancial; in this case, nonfinancial. (per the
GASB Service Efforts and Accomplishments [SEA] conceptual framework).
b. Incorrect. Morale is not an effort/input.
c. Incorrect. While an unqualified opinion is a good achievement, it is not an effort/input.
d. Incorrect. While a letter of recognition is a good achievement, it is not an effort/input. The
letter may be referred to in the unit’s Comprehensive Annual Financial Report (CAFR).
6. Solution: c
a. Incorrect. Transparency refers to accessibility/openness to the public.

b. Incorrect. Equity refers to the concept of fairness.
c. Correct. Prudence means avoiding excessive risk.
d. Incorrect. Probity refers to compliance with laws/rules.
7. Solution: b
a. Incorrect. This is a true statement about zero-based budgets.

b. Correct. Line-item budgets tie budgets to a narrow purpose (e.g., object classes, like
personnel, travel, etc.); program budgets are tied to agency missions.
c. Incorrect. This is a true statement about performance budgets.
d. Incorrect. This is a true statement about multiyear budgets.
8. Solution: d
a. Incorrect. A self-balancing set of accounts is part of a fund definition.

b. Incorrect. Segregation for a purpose is part of a fund definition.
c. Incorrect. Regulations, restrictions, and limitations apply to funds.
d. Correct. GASB encourages entities to limit the number of funds to a reasonable number.
9. Solution: c
a. Incorrect. Enterprise (provides goods or services to the public) and internal service fund
(provides goods and services internally) do charge fees, so they identify costs.
b. Incorrect. The general fund is viewed as the default fund, unless there is a requirement to
use a different fund type.
c. Correct. “Pass-through” funds should be accounted for in an agency fund; debt service
funds accumulate funds to pay long-term debt (a logical name!).
IV-16

Solutions for Domain IV — Government Auditing Environment
10. Solution: a
a. Correct. The entity-wide statements are prepared based on the accrual basis of accounting,
and the total economic resources measurement focus.
b. Incorrect. The introduction of the MD&A did not negate the other requirements for
narrative.
c. Incorrect. Under certain circumstances, an alternative (focused on condition) to depreciation
is permitted for infrastructure.
d. Incorrect. Two statements are required — the statement of activities and the statement of
net assets.
11. Solution: d
a. Incorrect. GASB suggests — does not mandate — CAFRs, but they are widely used.
b. Incorrect. The three sections of a CAFR are correctly identified.
c. Incorrect. For certain categories, 10 years’ information is reported.
d. Correct. GASB’s format permits/encourages inclusion of certificates of excellence.
12. Solution: d
a. Incorrect. Investment restrictions sometimes are geographic.

b. Incorrect. Investments can also be related to political considerations (e.g., South Africa’s
past apartheid policy).
c. Incorrect. Liquidity risk is related to access of resources.
d. Correct. This is true and logical.
13. Solution: d
a. Incorrect. The federal government uses both budgetary and proprietary accounting in its
external financial reports.
b. Incorrect. The Federal Financial Management Improvement Act of 1996 imposed three
statutory requirements, including the U.S. Standard General Ledger (issued by the Treasury
Department).
c. Incorrect. OMB’s “form and content” guidance includes a requirement of a Statement of
Net Costs, and FASAB SFFAS #4 requires cost accounting processes to identify costs by
program and output.
d. Correct. The CFO Act, as amended, assigns responsibility for financial statement audits to
the Offices of Inspector General, who contract out some audit work to CPA firms. GAO
audits the government-wide statements, and has the option of “stepping in” to audit the
statements of certain departments and agencies.
IV-17

14. Solution: d
a. Incorrect. Restrictions on how grant funds are spent are commonplace.

b. Incorrect. Borrowing for operating expenses is often not permitted — particularly at state
and local levels.
c. Incorrect. There are restrictions on insurance trust funds.
d. Correct. Borrowing beyond the ability to repay would be imprudent, so it should be avoided.
15. Solution: a
a. Correct. The three primary considerations of legality of obligations are correctly identified
as purpose, time, and amount.
b. Incorrect. The U.S. Constitution is one foundation of federal appropriations law; it gives
Congress the “power of the purse” and requires reporting from “time to time.”
c. Incorrect. If there are differences between the authorization and appropriation acts, the
appropriations act prevails as to purpose, time, and amount. For other differences, there is
an attempt to harmonize.
d. Incorrect. Decisions on legality of obligations can be made by the U.S. GAO (in the
legislative branch) or even in the courts (the judicial branch).
16. Solution: b
a. Incorrect. A greater level of understanding by government employees is generally viewed as

an advantage, compared to having contractors or grantees perform work.
b. Correct. Because government employees have existing, ongoing assignments, more lead
time is required, when compared with “outsider” providers who are presumed to have staff
available.
c. Incorrect. In-house delivery of services may or may not be more costly. For example, in
the U.S. government, when competitive processes are performed, the government agency
usually has been found to be less costly.
d. Incorrect. In-house performance is generally viewed as more uniform when compared with
performance by outside personnel.
17. Solution: d
a. Incorrect. “Categorical” grants identify more specific goals.

b. Incorrect. Block grants would generally be less specific than contracts.
c. Incorrect. The use of block grants does not automatically assure competition.
d. Correct. Block grants, by nature, allow more flexibility to the grantees, since the goals are
not as specific as in other types.
IV-18

18. Solution: a
a. Correct. This is a correct definition of a formula grant.

b. Incorrect. Categorical grants address specific policy goals (e.g., housing assistance,
employment referrals, etc.).
c. Incorrect. Discretionary grants are awarded at the discretion of the agency, and usually/
often involve competition. (Example: Funds for making society more accessible for people
with disabilities.)
d. Incorrect. Under project grants, grantees are paid by grantors for services, performance, or
a specific project.
(See The IIA’s CGAP Examination Study Guide, Section IV, C2.)
19. Solution: a
a. Correct. This is an accurate description of cooperative efforts.

b. Incorrect. Cooperative efforts are intended to decrease duplication of services and adminis-
trative costs.
c. Incorrect. Cooperative efforts are used extensively at local levels of government (at least in
the U.S.).
d. Incorrect. Involvement of the private sector in cooperative efforts is a frequent approach,
and is viewed favorably by many observers.
20. Solution: c
a. Incorrect. The private sector has a strong incentive to attempt to assure customer satisfaction,
in the interest of expanding sales.
b. Incorrect. The government — not the private sector — often must deal with rules of eligibility.
c. Correct. These two requirements are common for government organizations.
d. Incorrect. The private sector’s appeals process is generally more fluid than that process in
government organizations.
21. Solution: a
a. Correct. Issuance of audited financial statements is a way of “answering to the public” and
oversight bodies as to how monies are used.
b. Incorrect. This is an internal control technique and does not provide an answer to the public
and others.
c. Incorrect. This is an internal control technique and does not provide an answer to the public
and others.
d. Incorrect. This is an example of an inappropriate procedure.
IV-19

22. Solution: b
a. Incorrect. This would be a very judgmental reason for auditors to pursue. Programs
gain legislative and executive approval based on a judgment that there is a real need and
appropriate government role.
b. Correct. A very large percentage of the U.S. federal budget for entitlements (e.g., Social
Security, retirement, etc.) has received increased attention in the late 1900s and early 2000s.
c. Incorrect. While there are pressures from some groups to have citizens “pay their own way,”
the interest in entitlement growth has been even greater.
d. Incorrect. There is no real evidence that charitable organizations are concerned about
government competition with them.
23. Solution: d
a. Incorrect. The Commerce Department should not be criticized for running a program that
is part of its statutory mission.
b. Incorrect. The Commerce Department auditor may be exceeding his or her authority by
advising USAID, via its auditors, to deemphasize a program that may be within USAID’s
mission.
c. Incorrect. A “hands-off ” approach may be “safe” but not the most useful to legislative or
oversight bodies and stakeholders.
d. Correct. Recognition of the conflict is the most balanced and open approach. This approach
appropriately raises the issue, but does not become too judgmental.
24. Solution: c
a. Incorrect. Standards of effectiveness should be “tailored” to the program.

b. Incorrect. If possible, performance measures should try to identify outcomes, so recom-
mending that this be abandoned is inappropriate.
c. Correct. Identifying and reporting on variables beyond the control of management is useful
for decision makers and oversight bodies.
d. Incorrect. The use of program evaluation focuses on assessing effectiveness, and is a recog-
nized and valuable tool that goes beyond what some performance auditors do. Auditors
should be supportive.
25. Solution: d
a. Incorrect. Lottery tickets usually do not involve an exchange.

b. Incorrect. Licenses provide rights but are not a true exchange.
c. Incorrect. Permits are like licenses — not a true exchange.
d. Correct. The user pays for a service, and there is an exchange.
IV-20

26. Solution: d
a. Incorrect. Income taxes are generally progressive, higher percentages for higher income
brackets. The wealthier pay more!
b. Incorrect. Methods of administration of property taxes vary considerably, but the general
idea is a higher amount for higher valued property — thus, not regressive.
c. Incorrect. User fees — generally you pay for the service you get.
d. Correct. Sales tax is usually a fixed percentage, regardless of income or wealth, and thus
viewed as regressive.
27. Solution: b
a. Incorrect. Relevant sources suggest fraud and corruption are equal or greater in the private
sector. So, this is not a clear advantage.
b. Correct. The private sector tends to have available and flexible resources, whereas government
personnel and resources are “assigned” and hard to shift in the short term.
c. Incorrect. Use of privatization puts the services at risk of being less consistently applied,
and thus there is not a greater assurance of actual delivery. (Government resources for
monitoring to assure consistency may not be available.)
d. Incorrect. In the view of many, due process is likely more at risk when programs are
privatized. Again, not a clear advantage.
28. Solution: d
a. Incorrect. Not the correct definition. Also, lack of the legislative branch is not very likely in
most governmental budget processes.
b. Incorrect. Not the correct definition and not very meaningful.
c. Incorrect. Not the correct definition and an unlikely situation.
d. Correct. This is the correct definition and the question almost answers itself!
29. Solution: b
a. Incorrect. Sealed bids are one way of assuring competition. They are not directly related to
the recourse mechanism for unsuccessful bidders.
b. Correct. Governments often have a mechanism and office to protest a bid award. One name
is a Board of Contract Appeals.
c. Incorrect. Evaluation of bids is one element in a sealed bid contract.
d. Incorrect. Governments often publicize Invitations for Bids (IFBs) and RFPs to reach
prospective bidders.
IV-21

30. Solution: a
a. Correct. This is the correct answer and the question almost answers itself!
b. Incorrect. Under the FFP contract, the purchasing office pays a fixed amount. The
contractor/seller is more at risk than the government. The FFP option is associated with
firm requirements and full competition.
c. Incorrect. This is not the mechanism to be used when there is uncertainty. In a cost-sharing
contract, the contractor does not receive a fee, but has other motivations to participate.
d. Incorrect. Fixed-price contracts can have an added feature where the amount to be paid
may be adjusted based on factors such as inflation.
31. Solution: c
Options a., b., and d. are discussed as typical clauses in government contracts in The IIA’s CGAP
Examination Study Guide, Section IV, F. Option c. is the exception and the correct answer.
32. Solution: d
a. Incorrect. Government auditors are not free to disregard exemptions from public disclosure.
Auditors must follow laws and regulations.
b. Incorrect. Government auditors must follow the laws and regulations regarding disclosures
that might affect national security. Auditors can and do have discussions and maybe even
negotiations in this regard.
c. Incorrect. Government auditors must follow the appropriate laws and regulations regarding
the handling or destruction of confidential information.
d. Correct. This is an appropriate statement of auditors’ responsibilities.
33. Solution: d
a. Incorrect. True, but option d. is inclusive.

b. Incorrect. True, but option d. is inclusive.
c. Incorrect. True, but option d. is inclusive.
d. Correct. The approaches in a., b., and c. are all used. See The IIA’s CGAP Examination
Study Guide, Section IV, F 4.
34. Solution: c
a. Incorrect. Supervisors must follow an established system and relevant rules, and assure that
subordinates are given “due process.”
b. Incorrect. The government’s corrective discipline processes address both performance and
behavior problems.
c. Correct. While generally progressive in nature, corrective discipline processes may lead to
immediate severe action (suspension) if a very serious infraction occurs (e.g., physical injury
to the boss).
d. Incorrect. While supervisors may sometimes wish to avoid dealing with the necessary
documentation, supervisors and managers have a responsibility to appropriately address
unproductive employees.
IV-22

35. Solution: c
a. Incorrect. This is not typical of explanatory language in an agency’s performance reports.

Explanatory language is intended to help the report user put quantitative information (e.g.,
outputs) in perspective.
b. Incorrect. Strategic goals should be quantitatively measurable.
c. Correct. This is a typical mission statement, and was extracted from relevant literature.
d. Incorrect. Option c. is correct, so this cannot be the answer.
36. Solution: b
a. Incorrect. This definition relates to reliability.

b. Correct. Relevance should assure that one aspect is not being overemphasized to the
detriment of other aspects. (See The IIA’s CGAP Examination Study Guide, Section IV,
Section A3.)
c. Incorrect. This description relates to timeliness.
d. Incorrect. The challenges of performance measurement are not related to just reliability,
but extend to all characteristics.
37. Solution: d
a. Incorrect. Measuring outcomes could be a challenge, but the smallness of the program would
be a greater challenge.
b. Incorrect. There is no indication in the question that baseline data is lacking. While it could
be true, that is not stated to be the case.
c. Incorrect. Developing understandable measures could be a challenge, but the smallness of
the program would be a greater challenge.
d. Correct. Measuring the impact of an added three to five percent funding would be the
biggest challenge.
38. Solution: c
a. Incorrect. If legislative bodies exempt programs from performance measurement

requirements, there would not be a challenge!
b. Incorrect. Program managers’ refusing to develop measures, when asked to do so, is
unrealistic.
c. Correct. External factors can be a particularly difficult challenge.
d. Incorrect. Baseline data can be developed, even if subject to scrutiny.
IV-23

39. Solution: c
a. Incorrect. Governments generally compensate for property, although perhaps inadequately

in the view of the property owner.
b. Incorrect. Governments cannot violate constitutions, and lower level governments cannot
violate higher level laws.
c. Correct. This is a correct meaning of the term sovereignty.
d. Incorrect. This would be unconstitutional and impermissible.
(Note: This question is based on the democratic models of government, not on totalitarian
states.)
40. Solution: a
a. Correct. This is the classically correct answer.

b. Incorrect. This is primarily a status report from the top executive, even though some broad
goals may be succinctly identified.
c. Incorrect. Structure plans would be narrower than a budget.
d. Incorrect. This report is after-the-fact, not for planning.
41. Solution: b
The correct answer is b., per the Performance Measurement Concepts and Techniques by the Center
for Accountability and Performance. Options a., c., and d. are not proper matches. Definitions
are as follows: cost effectiveness = measure of cost per unit of outcome; benchmark = standard
against which past or future performance can be compared; output = units produced, etc.;
efficiency = resources per unit of output; outcome = results.
42. Solution: b
a. Incorrect. This presentation does not include the law (beginning) and measures (end).
b. Correct. This alignment goes from highest to lowest level. See Performance Measurement
Concepts and Techniques by the Center for Accountability and Performance.
c. Incorrect. These terms are not arranged in hierarchical alignment.
d. Incorrect. These terms are from the U.S. law titled the Government Performance and
Results Act, in logical order, but the presentation is not as complete as option b.
43. Solution: c
a. Incorrect. A mission is a concise statement of the unique, fundamental current and future
of an agency and its programs.
b. Incorrect. Strategic objectives are long-term (e.g., five years), and tend to have an outcome
(results) orientation. (Objectives should be measurable.)
c. Correct. Visions generally describe an organization’s preferred future, logically connected to
an organization’s mission but more idealistic and directive.
d. Incorrect. This is a meaningless response.
IV-24

44. Solution: c
a. Incorrect. The Statement of Budgetary Resources (quite logically) is related to budgetary —

not proprietary — accounting.
b. Incorrect. This statement is based on the rules of budgetary accounting, as established by
the OMB, not the proprietary accounting standards from FASAB.
c. Correct. This is a correct description and consistent with statement’s title.
d. Incorrect. All principal statements are subject to an annual audit.
45. Solution: b
a. Incorrect. There is no formal bond type with the name moral obligation.
b. Correct. A GO bond is backed by the full faith and credit of the government.
c. Incorrect. A double-barreled bond has more than one revenue stream.
d. Incorrect. A revenue bond relies on one revenue stream.
46. Solution: c
a. Incorrect. Revenue is recognized when earned under the accrual method, used in the private
sector and in the U.S. federal government.
b. Incorrect. Recognition of revenue upon receipt of cash is known as “cash accounting,”
which is not GAAP.
c. Correct. This statement is correct for modified accrual accounting, used by states and local
governments in the U.S.
d. Incorrect. The term “restricted” is unrelated to types of revenue recognition.
47. Solution: b
a. Incorrect. The two terms have separate meanings.

b. Correct. This is a correct characterization of the differences in meaning between the two
terms.
c. Incorrect. See the explanation for option b.
d. Incorrect. This statement about best practices may be seen by observers as having some
validity, but option b. is more descriptive and complete.
48. Solution: c
Options a., b. and d. are whimsical. Option c. is correct and refers to the political science view
of “blurred” lines between the three levels of government (like a marble cake swirled with white
and black colors). For example, city employees may be using resources from the state to adhere
to a federal law.
IV-25

49. Solution: d
a. Incorrect. If internal controls are properly designed, implemented, and monitored, they
should enhance effectiveness.
b. Incorrect. Equal treatment of beneficiaries is not an impediment.
c. Incorrect. Appropriate and streamlined regulations are not an impediment.
d. Correct. Fragmentation, overlap, and conflicting missions can be an impediment to
program effectiveness. (Example: Subsidies to tobacco farmers and health programs to stop
smoking.)
50. Solution: b
a. Incorrect. Proprietary funds do not use the cash BA.

b. Correct. This is the correct BA and MF for proprietary funds per GAAP as established by
the GASB.
c. Incorrect. Proprietary funds do not use the BA and MF as stated.
d. Incorrect. Proprietary funds do not use the current economic MF.
51. Solution: c
a. Incorrect. These operating costs are generally not a valid reason to incur debt.
b. Incorrect. These operating costs are generally not a valid reason to incur debt.
c. Correct. Building a needed building is generally a valid reason to incur debt.
d. Incorrect. These operating costs are generally not a valid reason to incur debt.
52. Solution: b
a. Incorrect. Character is not primarily what is being assessed.

b. Correct. Organizations rating the credit of governmental agencies are concerned with the
ability to make repayments.
c. Incorrect. The wealth outside the governmental district is not the primary interest.
d. Incorrect. The interest is in the ability of the agency to repay (not the creditworthiness of
individuals).
53. Solution: c
a. Incorrect. Ethics and morality do not directly translate to accountability.

b. Incorrect. Compliance is not the same as accountability.
c. Correct. This is a good explanation of accountability in government.
d. Incorrect. Carrying out and enacting laws does not address accountability.
54. Solution: b
a. Incorrect. Insignificant findings may be conveyed informally.

b. Correct. Audit standards require that all audit objectives be stated.
c. Incorrect. Abuse that is inconsequential may be omitted.
d. Incorrect. Noncompliance that is insignificant may be omitted.
IV-26

55. Solution: c
a. Incorrect. Compliance with laws and regulations is not the same as objectivity.
b. Incorrect. Decisions based on available data are not objective.
c. Correct. This is an appropriate definition of objectivity.
d. Incorrect. Following prescribed responsibilities is not objectivity.
56. Solution: d
a. Incorrect. Verbal notification does not exhibit due care.

b. Incorrect. Auditors are not trained to detect fraud, and should discuss the matter with the
supervisor, who may decide other resources (e.g., investigators) are needed.
c. Incorrect. This passive approach by the auditor is not due care.
d. Correct. This is the most appropriate course of action to show due care.
57. Solution: d
a. Incorrect. Relying solely on the working relationship would not show integrity.
b. Incorrect. Relying only on a friendship connection could clearly be seen as biased and
would lack integrity.
c. Incorrect. For the reasons discussed in options a. and b.
d. Correct. This is the most appropriate way to maintain professional integrity.
58. Solution: a
a. Correct. This reason relates to budgetary control.

b. Incorrect. This reason does not involve budgetary control.
c. Incorrect. This reason does not involve budgetary control.
d. Incorrect. This reason does not involve budgetary control.
59. Solution: a
a. Correct. This is proven to be more effective than other choices.

b. Incorrect. Not as effective as option a.
c. Incorrect. This would impede two-way communication.
d. Incorrect. This also would impede two-way communication.
60. Solution: d
a. Incorrect. Economic factors are more important for new employees.

b. Incorrect. Certain motivational strategies are known to be effective with groups — others
for individuals.
c. Incorrect. Motivational factors change over time and circumstance.
d. Correct. This is commonly accepted motivational theory.
IV-27

61. Solution: c
a. Incorrect. Financial accountability is only one of several kinds.

b. Incorrect. Performance accountability is only one of several kinds.
c. Correct. Both financial and performance accountability are recognized as important.
d. Incorrect. Internal control, while important, is a narrow aspect of the broader accountability
notion.
62. Solution: d
a. Incorrect. Outputs have increased but so have outcomes.

b. Incorrect. Outcomes have increased but so have outputs.
c. Incorrect. Information is not given on efforts.
d. Correct. This is accurate. The improvement in the number of individuals is an output. The
improved health is an outcome.
IV-28

1068.Dl - CGAP Exam Study Questions

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

1068.Dl - CGAP Exam Study Questions

Uploaded by

Copyright:

Available Formats

Certified Government

The Institute of Internal Auditors

Licensed to Customer No. . Re-distribution is prohibited.

Licensed to Customer No. . Re-distribution is prohibited.

Certified Government Auditing Professional (CGAP) Exam Topic Outline........................................1

Licensed to Customer No. . Re-distribution is prohibited.

Licensed to Customer No. . Re-distribution is prohibited.

ABC: Activity-based costing

Licensed to Customer No. . Re-distribution is prohibited.

Licensed to Customer No. . Re-distribution is prohibited.

Domain I — Standards, Governance, and

1. Role of a comprehensive set of auditing/evaluation standards (A)

2. Application of appropriate standards in all assignments (P)

2. Role of audit within the governance structure (P)

C. Risk/Control Frameworks (e.g., COSO, CoCo)

1. Role of frameworks (A)

2. Elements of a risk/control framework (P)

3. Application of frameworks (P)

D. IIA Code of Ethics (P)

A = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these

Domain II — Government Auditing Practice (35-45%)

1. Need for a formal document of purpose, authority, and responsibility (P)

Licensed to Customer No. . Re-distribution is prohibited.

2. Policies and procedures (A)

3. Quality assurance (A)

6. Marketing the audit function (A)

7. Mission/role/outcome of audit function within government (A)

B. Types of Audit Services

1. Audits of compliance (P)

2. Audits of performance/value-for-money/operations (e.g., economy, efficiency, effectiveness)

3. Audits of financial statements (A)

4. Audits of financial systems (P)

5. Audits of information and related technology (P)

6. Consulting/assistance services (e.g., nonaudit advisory services) (A)

7. Integrity services (e.g., fraud, waste, and abuse) (P)

C. Processes for Delivery of Audit Services

1. Management of individual projects (P)

3. Risk and control assessment practices (P)

4. Performing the engagement (P)

5. Communicating results (P)

6. Monitoring results (follow-up) (P)

P = Candidates must exhibit proficiency (thorough understanding; ability to apply concepts) in

A = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these

Licensed to Customer No. . Re-distribution is prohibited.

Domain III — Government Auditing

B. Performance Measurement (P)

C. Program Evaluation (A)

D. Quantitative Methods (e.g., statistical methods and analytical review) (P)

E. Qualitative Methods (e.g., questionnaires, interviews, and flow charts) (P)

F. Methods for the Identification and Investigation of Integrity Violations (P)

G. Research/Data Collection Techniques (P)

A = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these

Domain IV — Government Auditing Environment (20-25%)

1. Unique requirements in accounting for and reporting on government financial operations

2. Principles of taxation and revenue generation (P)

3. Unique aspects of governmental budgeting (e.g., encumbrances, earmarking) (P)

4. Government accounting (e.g., fund accounting, resource accounting) (P)

6. Investment restrictions for public funds (A)

7. Activity-based costing/cost-allocation (A)

Licensed to Customer No. . Re-distribution is prohibited.

C. Implications of Various Service Delivery Methods

1. Direct delivery by government employees (P)

4. Joint Ventures/Partnerships/Authorities/Special Operating Agencies/Quasi-governmental

A = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these

A = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these

A = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these

A = Candidates must exhibit awareness (knowledge of terminology and fundamentals) in these