Chapter 10

QUESTIONS
1. What are some of the limitations of periodic, manual, and sample-based audits?
Auditors may not be able to perform the correct risk assessment. Management intention and override
controls are sometimes could not detect by auditors. For example, internal control is reliable only if
people working in the entity follow and have the right to execute their roles.

2. Explain why auditing every transaction may be a requirement in today’s risk environment.
The reason why in every transaction is they were requires to audit it is simply because to find out as
soon as possible if there is mistakes or defects so by auditing it may be lead to reduce or lessen the
problem.

3. Is auditing all transactions feasible? Why or why not?

It is not feasible to audit and check every single item within the financial statements. It is because it will
be very costly and will take a lot of resources and time to do so.

4. Explain how auditing all transactions may in fact enable risk-based auditing and samplebased auditing
perpetuate control-based auditing. Support your answer with examples.
5. Describe five continuous analysis routines and how they support the efforts of internal auditors.
Establish priority areas- Identification of critical business processes that should be subject to continuous
auditing. These processes should be cross-referenced with an organization's top risks, as identified by
leadership and enterprise risk management programs.

Identify audit rules - Once a business process is selected, the auditor needs to determine audit rules
(e.g., indicators, analytics, or routines) that will guide the continuous auditing activity.

Determine process frequency - Consideration should be given to the cost, risk, benefit, and cadence of
the proposed frequency of the process being audited. The nature of some continuous audit objectives,
such as deterrence or prevention, may also determine frequency and variation.

Configure parameters and execute- Technological support is needed to improve operational

performance and business excellence. Testing scripts are developed and written using the audit rules
and process information created in the second and third steps. Simultaneously, rules need to be
configured before the continuous auditing procedure is implemented

Manage results and follow up- Establishing the appropriate threshold levels and correctly configuring
and building testing scripts ensure that an excessive number of false positives are not produced and
resources are not used ineffectively. A responsible party needs to be assigned to review exceptions,
evaluate results, and help make decisions related to future activities (e.g., changes, modifications).

6. Explain the concept and use of KPIs and KRIs for management review and operational auditors.
KRIs measure how risky an activity is, and KPIs measure how effective an activity was performed. KRIs
are an early warning to identify any potential event that may harm continuity of the activity in the long
term. KPIs address specific problems at business units or processes; and KRIs address systemic problems.

7. List five continuous monitoring/auditing routines you would recommend to a client for a payment
processing operation. Specify what data would be collected, how it would be analyzed, the reporting
mechanism, and frequency of its preparation.
8. List five continuous monitoring/auditing routines you would recommend to a client for a customer call
center facility. Specify what data would be collected, how it would be analyzed, the reporting
mechanism, and frequency of its preparation.
9. List five continuous monitoring/auditing routines you would recommend to a client for an IT service
enter. Specify what data would be collected, how it would be analyzed, the reporting mechanism, and
frequency of its preparation.
10. List five continuous monitoring/auditing routines you would recommend to an environmental health
and safety manager. Specify what data would be collected, how it would be analyzed, the reporting
mechanism, and frequency of its preparation.