Hock part 2 mock 1

PART 2 – Difficult questions and answers

20. In which of the following facilitated team workshops does the facilitator identify the key risks and
controls
before the beginning of the workshop?
a. Process-based.
b. Control-based.
c. Risk-based.
d. Objectives-based.

20. Solution: b
a. Incorrect. The process-based format focuses on selected activities that are elements of a chain of
processes.
b. Correct. The control-based format focuses on how well the controls are working. This format is
different
than the others because the facilitator identifies the key risks and controls before the start of
workshop.
During the workshop, the work team assesses how well the controls mitigate risks and promote
the achievement of objectives. The aim of the workshop is to produce an analysis of the gap between
how well controls are working and how well management expects the controls to be working.
c. Incorrect. The risk-based format focuses on listing the risks to achieving an objective.
d. Incorrect. The objective-based format focuses on the best way to accomplish a business objective.

26. A specific objective of an audit of a company's revenue-receivable cycle is to make sure that credit
sales are promptly and accurately recorded. This objective would address which of the following
primary objectives identified in the Standards?
I. Reliability and integrity of financial and operational information.
II. Compliance with laws, regulations, and contracts.
III. Effectiveness and efficiency of operations.
IV. Safeguarding of assets.
a. I and II only.
b. I and IV only.
c. I, II, and IV only.
d. II, III, and IV only.

26. Solution: b (I and IV only)

I. Correct. The specific engagement objective of making sure credit sales are promptly and accurately
recorded would address the objective regarding the reliability and integrity of information.
II. Incorrect. The specific engagement objective described does not address compliance.
III. Incorrect. The specific engagement objective described may address effectiveness of operations
but
does not address efficiency.
IV. Correct. The specific engagement objective of making sure that credit sales are promptly and
accurately
recorded would address the objective regarding safeguarding of assets.

29. Which of the following is an appropriate objective in an engagement to review a personnel

department?
Determining whether:
a. Hourly employees are being paid only for hours actually worked as indicated by time cards or
similar
reports.
b. An equitable training program exists that provides all employees with approximately the same
amount
of training each year.
c. Reference checks of prospective employees are being performed.
d. Recruitment is being delegated to the various departments that have personnel needs.

29. Solution: c
a. Incorrect. This would be an example of an engagement to review payroll, not to review the
personnel
department.
b. Incorrect. Not all employees are going to need the same training.
c. Correct. The personnel department is necessary for hiring, training, and monitoring the
organization’s
human resources. Thus, reference checks of prospective employees are needed to make sure the
prospective
employees have the right qualifications.
d. Incorrect. Recruitment is the responsibility of the personnel department.

30. Internal auditors must develop and document a work program for each engagement. The work
program
should include all of the following except:
a. The specific engagement objectives.
b. The procedures to be used by the internal auditor to collect, analyze, interpret, and document
information
during the engagement.
c. The reliability of the information necessary to achieve the engagement objectives.
d. The nature and extent of the required testing.

30. Solution: c
a. Incorrect. The work program must include the specific objectives of the engagement.
b. Incorrect. The work program documents the procedures to be used by the internal auditor to
collect,
analyze, and interpret information during the engagement.
c. Correct. The work program would not include the reliability of the information necessary to achieve
the engagement objectives. The sufficiency and reliability of information is discovered during the next
phase of the engagement, which is conducting the audit.
d. Incorrect. The work program would include the nature and extent of the required testing to be done
during the engagement.

56. In internal auditing sampling applications, there are four types of errors that may occur. These four
errors are divided into two categories of risks. These risks:
a. Result directly from the chance that the sample obtained by the internal auditor does not represent
the
entire population.
b. Can be decreased by using more reliable, albeit more expensive, audit procedures.
c. Have a magnitude based only on the economic consequences of incorrect sample-based
conclusions.
d. Refer respectively to the risks that (1) internal controls will fail, and (2) the resultant error(s) will
go
undetected.

56. Solution: a
a. Correct. Sampling risk is the risk that the sample will not be representative of the population. Alpha
and Beta risk are types of risks inherent in the practice of sampling. Alpha risk will cause the auditor
to
do additional and unnecessary work in coming to the correct conclusion. This makes the audit less
efficient.
Beta risk will cause the auditor to come to the wrong conclusion. This reduces audit effectiveness.
b. Incorrect. Non-sampling risk is dependent on the quality of engagement procedures.
c. Incorrect. These risks do not inherently depend on economic consequences.
d. Incorrect. Audit risk includes control risk and detection risk.

60. Which of the following computer-assisted auditing techniques allows fictitious and real transactions
to
be processed together without operating personnel being aware of the testing process?
a. Parallel simulation.
b. Generalized audit software programming.
c. Integrated test facility.
d. Test data approach.

60. Solution: c
a. Incorrect. Parallel simulation uses real data and processes it through test or audit programs.
b. Incorrect. Generalized audit software performs automated functions and is useful for testing both
controls
and balances.
c. Correct. Integrated test facility is similar to test data, except that in ITF the auditor is creating a
false
company in the records and then creating different transactions for the fictitious company that are
processed
alongside real data.
d. Incorrect. Test data uses only fictitious data that is processed separately from real data.

65. The objective of the engagement is to verify the existence and completeness of all operational
equipment
owned by the company. In this case, the inspection of the equipment is:
a. Sufficient and reliable.
b. Sufficient and relevant.
c. Reliable and relevant.
d. Sufficient, reliable, and relevant.

65. Solution: c
a. Incorrect. The information is reliable but not sufficient. Inspection can only tell you that the
equipment
exists, but you still don’t know whether the company owns the equipment. Maybe it was set up as an
operational lease.
b. Incorrect. The information is relevant because it has to do with checking for the existence of the
company’s
equipment. However, inspecting the equipment still does not tell you whether the company
owns the equipment or not.
c. Correct. Inspection is reliable because the auditor saw the piece of equipment. It is also relevant
because
it helps the auditor achieve the engagement objectives.
d. Incorrect. The information is reliable and relevant, but not sufficient.

70. Which of the following tools could be useful to help an internal auditor determine fundamental
issues
with a process, such as when the wrong people are involved and/or no one is accountable?
a. Dataflow diagram.
b. Flowchart.
c. Spaghetti diagram.
d. RACI diagram.

70. Solution: d
a. Incorrect. A dataflow diagram is a graphical notation of the path and transformation of data as it
moves through an information system. A dataflow diagram would not be able to determine
fundamental
issues with a process.
b. Incorrect. Flowcharts are diagrams that create a visual representation of processes or events.
Flowcharts are good to identify the different elements of a process and understand the
interrelationships
among the various steps. A flowchart would not be able to determine fundamental issues with a
process.
c. Incorrect. The purpose of a Spaghetti diagram is to expose inefficient process layouts, unnecessary
travel distance between process steps, and overall process waste.
d. Correct. A RACI diagram can be used to determine fundamental issues with a process, such as when
the wrong people are involved and/or no one is accountable. In its most basic form, a RACI diagram is
a way to examine a process step, task, activity, effort, decision, or inspection to determine who is
responsible,
accountable, consulted, or informed.

71. Which of the following could be a barrier that impedes an internal auditor’s root cause analysis?
a. Determining true root cause may be difficult and subjective.
b. The internal auditor may not be qualified to conduct the analysis.
c. Determining whether it costs more to remove the root cause than to treat the symptom.
d. Management may resist the analysis because of resource limitations.

71. Solution: c
a. Incorrect. There could be more than just one root cause of the problem.
b. Incorrect. The internal auditor not being qualified to conduct the analysis is barrier.
c. Correct. Determining whether it costs more to remove the root cause than to treat the symptom is a
decision for management. However, the decision is not a barrier to conducting the analysis.
d. Incorrect. Resource limitations could be a barrier to conducting a root cause analysis.

72. An internal auditor learns that a company has 80 remote warehouses and that each warehouse
contains
between 100 and 500 different products. From this information, the auditor can conclude that:
a. There are at least two warehouses with the same number of products.
b. The majority of the warehouses have more than 250 products.
c. The total number of products contained in all of the warehouses is at least 8,400.
d. The average number of products in the warehouses is 300.

72. Solution: c
a. Incorrect. Two warehouses would not necessarily have the same number of products.
b. Incorrect. All of the warehouses but one could have less than 250 products.
c. Correct. At minimum, 79 warehouses could contain 100 products and one could have 500 products,
resulting in 8,400 products.
d. Incorrect. The average number of products in the warehouses cannot be computed from the
information
given.
86. Which of the following situations would not be considered whistleblowing?
a. A financial controller writes a letter to a local newspaper accusing the CFO of financial fraud.
b. A financial controller tells the manager of the clothing department how the CFO is committing
financial
fraud.
c. A financial controller informs the CEO about financial fraud being committed by the CFO.
d. A financial controller exposes financial fraud to the securities exchange commission.

86. Solution: c
a. Incorrect. Whistleblowing is where an employee goes outside the chain of command. Therefore,
reporting
the financial fraud to a newspaper would be an example of whistleblowing.
b. Incorrect. Whistleblowing includes telling anyone outside of the chain of command even if the
person
works for the company.
c. Correct. Whistleblowing is where an employee goes outside the chain of command. In this case,
because
the CFO is accused of the financial fraud, the CEO would be someone in the chain of command.
d. Incorrect. Exposing the financial fraud to the securities exchange commission would be considered
whistleblowing.

96. When conducting audit follow-up of a finding related to cash management routines, which of the
following
does not need to be considered?
a. Inherent risk has been eliminated as a result of resolution of the condition.
b. The steps being taken resolved the condition disclosed by the finding.
c. Controls have been implemented to deter or detect a recurrence of the finding.
d. Benefits have accrued to the entity as a result of resolving the condition.

96. Solution: a
a. Correct. Inherent risk could only be accomplished by eliminating the use of cash, which is probably
not realistic.
b. Incorrect. It would be appropriate to assess whether steps being taken resolved the condition.
c. Incorrect. It would be appropriate to assess whether appropriate controls have been implemented.
d. Incorrect. It would be appropriate to assess whether benefits have accrued to the entity.

97. An organization’s internal auditors have conducted a series of assurance engagements. The
resulting
recommendations have been readily accepted by engagement clients because of the potential cost
savings.
Given the acceptance of the cost savings engagements and the scarcity of internal auditing resources,
the manager in charge of these engagements also decided that follow-up action was not
needed. The manager reasoned that cost savings should be sufficient to motivate the client to
implement
the engagement recommendations. Thus, follow-up was not scheduled as a regular part of the
engagement plan. Was the manager’s decision appropriate?
a. Yes. Follow-up is not customary.
b. No. The internal auditors should determine whether the client has appropriately implemented all of
the
engagement recommendations.
c. No. Scarcity of resources is not a sufficient reason to omit follow-up.
d. Yes. Given sufficient evidence of motivation by the client, follow-up is not needed.
97. Solution: c
a. Incorrect. A follow-up is required.
b. Incorrect. The follow-up will determine what management actions have been taken, not merely
whether
the engagement recommendations have been implemented.
c. Correct. The CAE must establish and maintain a system to monitor the disposition of results
communicated
to management (Standard 2500). Follow-up should have been scheduled, and scarcity of resources
would not be a sufficient reason to omit a follow-up.
d. Incorrect. A follow-up is required.

98. The CAE realized that corrective action had not been taken even when agreed to by the
engagement
client. In this circumstance, the CAE should:
a. Decide the extent of necessary follow-up work.
b. Allow management to decide when to follow up because it is management’s ultimate responsibility.
c. Decide to conduct follow-up work only if management requests the internal auditor’s assistance.
d. Write a follow-up engagement communication with all observations and recommendations and their
significance to the operations.

98. Solution: a
a. Correct. The CAE is responsible for scheduling follow-up activities as part of developing engagement
work schedules. Scheduling of follow-up is based on the risk and exposure involved, as well, as the
degree
of difficulty and the significance of timing in implementing corrective action (PA 2500.A1-1.4).
b. Incorrect. It is the CAE’s responsibility to determine the nature and extent of follow-up. It is not
management’s
responsibility.
c. Incorrect. It is the CAE’s responsibility to determine the nature and extent of follow-up.
Management’s
responsibility is to decide the appropriate action to be taken in response to reported engagement
observations
and recommendations.
d. Incorrect. The CAE must

Hock part 2 mock 2

Question 47: After the preliminary survey, an internal auditor developed the objectives to review
controls
over the accounts receivable process. Which of the following would not be one of the internal auditor’s
objectives?
a) Verify that there is proper segregation of duties over incoming customer payments and the creation
of credit memos.
b) Verify that the accounts receivable balance is properly stated.
c) Verify that bad debt write-offs are properly approved by the accounts receivable manager.
d) Verify that cash receipts are properly recorded to the right client account.

Answer: C
Question 48: An internal auditor has started to plan for an upcoming engagement to review controls
over procurement. This will be internal audit’s first engagement of the activity. In this respect, the
first step for the internal auditor is to:
a) Finalize the objectives of the engagement.
b) Get the procurement manager’s permission to conduct the audit.
c) Determine the risks related to the activity.
d) Conduct a preliminary survey of the process.

Answer: D

Question 51: An internal auditor is preparing to meet the manager of the accounts receivable
department
for the first time. All of the following are reasons for a preliminary meeting except:
a) To explain how the audit will be conducted.
b) To determine the method of testing controls.
c) To do a “walk-through” of the controls.
d) To collect more information about controls.

Answer: B

Question 83: A critical aspect of shaping a company’s control system is to make sure that supervisors
get
the information they need to direct and control operations. Once a supervisor understands what
information
he or she needs, the supervisor then needs to make sure his or her needs are properly communicated
within
the organization. There can be a variety of reasons why information does not flow as freely as it
should.
Which of the following is not a reason for this hindrance?
a) The supervisor likes to listen more than talk.
b) The supervisor does not respond well to criticism.
c) The supervisor is not good at focusing on current issues, such as control deficiencies.
d) The supervisor is not willing to ask for help when help is needed.

Answer: A

Question 84: At the end of an engagement, the chief audit executive (CAE) sent out a questionnaire to
the engagement client asking for feedback about the engagement. The reasons for the questionnaire
include:
I. Finding reasons to fire unproductive auditors.
II. Evaluating whether client managers are competent to perform their functions.
III. Getting immediate feedback on the auditor’s performance.
IV. Understanding areas where auditor performance could be improved.
a) I and II only.
b) II and IV only.
c) I and III only.
d) III and IV only.

Answer: D

Question 85: An important responsibility of the chief audit executive (CAE) is to make sure every
engagement is conducted so that the engagement objectives are achieved. This means that every
engagement has to be properly supervised. Which of the following are true concerning proper
supervision?
I. Proper supervision is making sure internal auditors have the necessary knowledge and skill to
complete the engagements.
II. Proper supervision is providing appropriate instructions at the beginning of engagement and
approving the engagement work program.
III. Proper supervision is making sure the working papers support the observations, conclusions, and
recommendations.
IV. Proper supervision is making sure the client manager signs off on the final recommendation.
a) I and III only.
b) I and II only.
c) II, III, and IV.
d) I, II, and III.

Answer: D

Question 91: The following recommendation was presented to the chief audit executive (CAE) by a staff
internal auditor.
“The internal audit activity is recommending having better segregation of duties over the extension of
credit
to customers. Credit should be extended by someone outside of the sales department, not the sales
manager, because there might be a temptation to extend credit to customers who are not credit
worthy.”
The CAE criticized the writing style of the recommendation for:
a) Using passive voice.
b) Using too much jargon.
c) Not being clear and concise.
d) Being too long.

Solution: a

Question 93: In which of the following situations would an oral communication be appropriate?
a) The internal auditor was having difficulty reconciling the bank statement to the cash account.
b) The internal auditor wanted to make sure the client was in agreement with the reasons for the
engagement.
c) The internal auditor discovered that there was a breach in security that could result in the loss of
client information.
d) The internal auditor was concerned that the audit would not be finished according to the time
schedule.

Answer: C