FAO MODULE CODE IAU8X00

________________________________________________________________________________

FACULTY/COLLEGE College of Business and Economics

SCHOOL School of Economics
DEPARTMENT Accountancy Department
CAMPUS(ES) APK
MODULE NAME Internal Auditing
MODULE CODE IAU8X00
SEMESTER Second
ASSESSMENT OPPORTUNITY, Final Summative Assessment Opportunity
MONTH AND YEAR November 2019

ASSESSMENT DATE 08 November 2019 SESSION 08:30 – 13:00

ASSESSOR(S) Ms. Seabi Mokoena
MODERATOR(S) Prof. Benjamin Marx
Ms. Palesa Tlhabanelo
DURATION 3 hours 45 minutes TOTAL MARKS 150
(excluding reading
time)

NUMBER OF PAGES OF QUESTION PAPER (Including cover page) 14

INFORMATION/INSTRUCTIONS:
___________________________________________________________________________
1. This documentation represents the multiple choice questions as well as the
scenario for the long questions.
2. Thirty minutes (30) minutes of reading time is given for the paper, making the
assessment session 4 hours and 15 minutes.
3. During the 30 minutes reading time, you may:
 Highlight the information presented in this document; and
 Make such annotations on this document as you consider appropriate.
4. At the close of the 30 minute reading period, you will be given the question
(required) and stationery packs.
5. You will have 3 hours and 45 minutes in which to answer the required
section.
6. No questions may be asked during the assessment.
7. Please write your name and student number clearly on your answer sheet.
8. Make assumptions if you are uncertain regarding the interpretation of the
scenario.

_________________________________________________________________________________
Page 1 of 18
FAO MODULE CODE IAU8X00
________________________________________________________________________________

QUESTION 1 30 MARKS

1. Which of the following is not true with regard to the internal audit charter?
a. It defines the authorities and responsibilities for the internal audit activity
b. It specifies the minimum resources needed for the internal audit activity
c. It provides a basis for evaluating the internal audit activity
d. It should be approved by senior management and the board

2. Audit committees are most likely to participate in the approval of

a. Audit staff promotions and salary increases
b. The internal audit report observations and recommendations
c. Audit work schedules
d. The appointment of the chief audit executive

3. According to the IPPF, the independence of the internal audit activity is achieved
through
a. Staffing and supervision
b. Continuing professional development and due professional care
c. Human relations and communications
d. Organisational status and objectivity

4. Which of the following actions would be a violation of auditor independence?

a. Continuing on an audit assignment at a division for which the auditor will soon
be responsible as the result of a promotion
b. Reducing the scope of an engagement due to budget restrictions
c. Participating on a task force which recommends standards of control for a new
distribution system
d. Reviewing a purchasing agent’s contract drafts prior to their execution

5. Which of the following tools and techniques are the least appropriate for the
planning stage of the engagement?
a. Walk-through tests
b. Statistical sampling

_________________________________________________________________________________
Page 2 of 18
FAO MODULE CODE IAU8X00
________________________________________________________________________________

c. Analytical procedures
d. Flowchart

6. Which of the following are characteristics of engagement information (evidence)?

i. Sufficient
ii. Relevant
iii. Reliable
iv. Useful
a. i
b. ii and iv
c. i, ii, iii and v
d. None of the above

7. The engagement work programme is

a. The boundaries of the work to be performed during the audit engagement
b. A guide to the internal auditor and a detailed list of steps, actions and
procedures to be performed
c. The standards, measuring instruments or expectations used, against which
evaluations are made

8. An _________________ is a values-based approach selected by organisations

who are committed to ethical behaviour and want to walk the ethics talk. These
organisations want to raise the level of corporate ethics performance and recognise
the strategic importance of ethics. They proactively promote ethical behaviour and
strive to obtain commitment to a set of shared values from individual members of
the organisation.
a. An integrity strategy
b. The compliance strategy
c. The reactive strategy
d. An aligned strategy

_________________________________________________________________________________
Page 3 of 18
FAO MODULE CODE IAU8X00
________________________________________________________________________________

9. A code of ethics for senior financial officers is also required. The code should
include standards that promote:
i. Honest and ethical conduct, including the ethical handling of actual or
perceived conflicts of interest between personal and professional
relationships;
ii. Full, fair, accurate, timely and understandable disclosure in reports filed
by the company; and
iii. Compliance with applicable governmental rules and regulations.
a. All of the above
b. i and iii
c. i and ii
d. ii and iii

10. The elements of fraud include the following:

i. misrepresentation.
ii. acts which cause or may cause prejudice.
iii. unlawful acts.
iv. unintentional acts.
a. i, ii and iii.
b. i, iii and iv.
c. i and ii.
d. ii, iii and iv.

11. Red flags are conditions that indicate higher likelihood of fraud. Which of the
following is not considered a red flag?
a. Management has delegated the authority to make purchases under a certain
value to subordinates.
b. An individual has held the same cash handling job for an extended period
without any rotation of duties.
c. An individual handling investments is responsible for making the purchases,
recording any discrepancies and gains/losses to senior management.
d. The assignment of responsibility and accountability in the accounts receivable
department is not clear.

_________________________________________________________________________________
Page 4 of 18
FAO MODULE CODE IAU8X00
________________________________________________________________________________

12. Money laundering is an activity that has the effect of concealing:

a. the nature of unwanted activities.
b. the nature of unlawful activities.
c. the movement of any interest earned that another party may have.
d. b and c.

13. Which of the following is a role that internal audit should not undertake?
a. Giving assurance that risks are correctly evaluated
b. Setting the risk appetite
c. Evaluating the reporting of key risks
d. Facilitating identification and evaluation of risks

14. Which of the following are components of the enterprise risk management
framework?
i. Internal environment
ii. Objective setting
iii. Event identification
iv. Risk assessment
v. Risk response
vi. Control activities
vii. Information and communication
viii. Monitoring
a. All of the above
b. None of the above
c. iv, vi, vii and viii
d. i, ii, iii, vi and viii

15. Which one of the following is not a step in establishing an ERM organisation?
a. Determine a risk philosophy
b. Survey risk culture
c. Avoid risk management
d. Consider ethical organisational integrity and ethical values

_________________________________________________________________________________
Page 5 of 18
FAO MODULE CODE IAU8X00
________________________________________________________________________________

16. When the risk management maturity level is risk enabled, which internal audit
approach should be followed?
a. Audit risk management processes and use management assessment of risks
as appropriate
b. Promote enterprise wide approach to risk management and rely on own risk
assessment
c. Audit risk management processes and rely on own risk assessment
d. Promote risk management and rely on internal audit activity’s own risk
assessment

17. Which one of the following statements regarding performance auditing is false?
a. Performance auditing provides a focus advantage, as it is by definition always
structurally focused on the entity under review.
b. Performance auditing is not necessarily based on a financial year.
c. Performance auditing does not focus on questioning policy.
d. The effectiveness of a performance audit relies on the extent of research
performed during the audit.

18. Which of the so-called ‘3 E’s’ is/are under review when a performance auditor is
investigating the extent to which goods procured are being used to their full extent?
a. Economy.
b. Effectiveness.
c. Efficiency.
d. Economy and efficiency.

19. Which one of the following attributes of economy is under review when a
performance auditor is investigating the extent to which a competitive bidding
process have been followed in terms of the acquisition of goods and services?
a. Place.
b. Quality.
c. Quantity.
d. Lowest possible cost.

_________________________________________________________________________________
Page 6 of 18
FAO MODULE CODE IAU8X00
________________________________________________________________________________

20. Which one of the following criteria best applies the ‘quality’ attribute of economy to
the recruitment of staff?
a. The amount of overtime worked.
b. The minimum number of years of work experience that a candidate should have
to be short listed for a position.
c. The relationship between the cost to company of staff and their experience and
skills.
d. The extent to which staff is fully utilised.

21. Which one of the following standards does not relate to an environmental audit
engagement?
a. ISO14000.
b. ISO14001.
c. AA1000.
d. ISO19011.

22. Can a compliance audit form part of an environmental audit when requirements of
laws and regulations must be considered?
a. Definitely.
b. Sometimes.
c. Maybe.
d. Not at all.

23. Which one of the following statements best defines the term “environmental
management system”?
a. Organisational structure of responsibilities, policies and practices for the
protection of the environment.
b. The resources in place to manage environmental issues.
c. The directive approach followed by the executive management of a corporate
entity ensure the sustainability of the organisation.
d. The calculation of historical carbon emissions profiles and the reduction of
future emissions

_________________________________________________________________________________
Page 7 of 18
FAO MODULE CODE IAU8X00
________________________________________________________________________________

24. Which one of the following statements with regard to the Accountability Assurance
Standard 1000 (AA1000AS) is false?
a. Eskom is one of its current users.
b. It is the world’s first sustainability assurance standard.
c. It cannot be used as a stand-alone standard, but must be used as an integral
element of other standards.
d. It is developed to ensure the credibility and quality of sustainability reporting.

25. There are many benefits for an auditor in using data analytics during an audit. A
few benefits are listed below, which one is not correct:
a. The auditor can test the entire population, which increases the possibility of
uncovering issues that may otherwise have gone undetected and allows for
focusing on areas where exceptions are found.
b. It enables the auditor to perform tests that cannot be done manually, such as
complex calculations that increases the level of assurance.
c. The ability to obtain views of data that cannot be obtained through the
performance of manual procedures, improving risk assessment and the value
contribution to the organisation.
d. Tasks that are usually performed manually can be processed automatically
however, it takes time.

26. Which one of the following controls will best assist in addressing the risk that the
business continuity plan is inadequate to facilitate quick recovery?
a. An appropriate recovery point objective.
b. An appropriate recovery time objective.
c. Documented by-pass procedures.
d. Firewalls.

27. Which one of the following controls will best assist in addressing the risk of loss of
data due to a disaster, such as a natural disaster or a systems crash?
a. An appropriate recovery point objective.
b. An appropriate recovery time objective.
c. Documented by-pass procedures.
d. Firewalls.

_________________________________________________________________________________
Page 8 of 18
FAO MODULE CODE IAU8X00
________________________________________________________________________________

28. Which of the following sections of the business continuity management lifecycle
can be categorised as part of governance?
a. Project initiation and management.
b. Risk assessment and business impact analysis.
c. Solutions deployment and enhancement.
d. Training and awareness programs.

29. Which one of the following business continuity planning activities directly influence
the frequency of data backups?
a. Recovery time objective.
b. Recovery point objective.
c. Risk assessment.
d. Testing of the business continuity plan.

30. Which one of the following actions may most likely expose a computer to trojan
horse malicious software?

a. Unprotected intranet connections.

b. Connecting to the internet.
c. Opening an attachment to a suspect email.
d. Using a USB flash drive.

_________________________________________________________________________________
Page 9 of 18
FAO MODULE CODE IAU8X00
________________________________________________________________________________

QUESTION 2 80 MARKS

You are a senior internal auditor at House of BNG Limited (hereafter BNG), a retail
clothing company with 72 branched country-wide. The company's internal audit
charter requires that all audit engagements performed must be risk-based. You are
currently in charge of the procurement engagement and the following system (only a
section) is recorded after the preliminary investigation:

PROCUREMENT SYSTEM DESCRIPTION (EXTRACT)

 A formal list of authorised suppliers exists. When the inventory level is low or
a specific need arises, buyers negotiate with fashion houses (on the
authorised list) for the purchase of a specific item. When an agreement is
reached, the buyer completes a pre-numbered triplicate order form and the
purchase manager authorises the order. The original is sent to the supplier,
one copy is sent to the warehouse (blank quantity column) and the third is
kept in the order book.
 All empty order books are kept in a safe place. An authorised person issues
new order books to buyers when they return the old ones. Buyers need to
sign for a new book.
 Goods received at the warehouse are checked against the order form with
regard to the supplier and item description. A pre-numbered goods receive
note (GRN) is issued including the following information: supplier, date,
description of item(s) and quantity. A copy of the GRN is send to the
accounting department.

Your next step is to draw up the engagement programme.

BNG recently implemented a new enterprise resource planning (ERP) system with a
single operational database to enhance their information technology infrastructure.
BNG will also launch an on-line web portal for customers in the coming weeks.
Customers need to register as a user on the website and part of the registration screen
requires the following from them:

_________________________________________________________________________________
Page 10 of 18
FAO MODULE CODE IAU8X00
________________________________________________________________________________

ACCOUNT REGISTRATION SCREEN

Customer e-mail
Password ************
Re-Enter Password ************
Verification code

Enter Verification code

Pinky Ghel is BNG’s cash disbursement clerk and has the following database access
privileges on the new operational database:

Database Purchase Receiving Supplier Cash

Table Order Report Invoice Disbursements
Authority
Level
Read Y Y Y Y
Insert Y Y Y Y
Modify Y N N Y
Delete N N N Y

BNG will also be implementation a data warehouse in the next few weeks which will
be linked to the operational database.

The South African student population remains a key market segment for BNG. The
student population has always been one of the early adopters of technology and
research shows that almost 70% of students in the country have access to smart
phones. BNG’s board of directors have requested you to assist with a strategy to use
technology to better service this market segment of the organisation.

_________________________________________________________________________________
Page 11 of 18
 FAO MODULE CODE IAU8X00
________________________________________________________________________________

As part of its Corporate Social Responsibility, BNG hosted a national fashion

entrepreneurship competition in the current year. Young and upcoming fashion
designers were invited to make, showcase, market and sell their original designs to
enter the competition. The rules of the competition were as follows:

1 Only South African citizens are allowed to enter.

2 All applications must be submitted on the website before the deadline of
30 September 2019.
3 The prize amount of R1 million will be awarded to the entrant that can prove to
have shown the highest amount of profit made in a period of six months,
between 1 March 2019 and 31 August 2019.
4 The business must not have been registered before 1 February 2019.
5 Entrants will be short-listed based on information submitted on the BNG website
(such as the name of the entrant, business registration date, total income
received, total expenses, total profit, et cetera.)
6 The short-listed entrants will then be subjected to an audit to verify the accuracy
and validity of the information as well as to verify compliance with all the
competition rules.

BNG developed an information technology (IT) system to process the entrants via the
website and to provide each entrant with a unique entrant number. Entrants were
required to capture the above information on the website and the IT system was also
connected to a database file to store all the information. An extract from this file
appears below.

Entrant Entrant Entry ID No Entry Total Total Total Business

No Name Date Income Expenses Profit Reg Date
001 J Smith 7401290077181 19-09-04 41,447 34,228 7,219 19-02-16
002 O Dube 8005175081084 19-09-05 18,201 7,441 10,760 19-03-01
003 N Naidoo 8104010174074 19-09-05 24,237 10,054 14,183 19-01-28
… … … … … … … …

According to the above file a total of 554 entrants (numbered 001-554) were received
and a shortlist of 20 was compiled by the BNG adjudication committee during October

_________________________________________________________________________________
Page 12 of 18
FAO MODULE CODE IAU8X00
________________________________________________________________________________

2019. You were requested to oversee the competition and specifically to achieve the
following two engagement objectives:

 to determine whether the best entrants were in fact shortlisted; and

 to verify the accuracy and validity of the information submitted by the
20 shortlisted entrants, as well as the extent to which they complied with
competition rules.

You have a generalized audit software (GAS) package on your laptop and you have
already extracted the above file into the software.

_________________________________________________________________________________
Page 13 of 18
FAO MODULE CODE IAU8X00
________________________________________________________________________________

QUESTION 3 40 MARKS

You are an internal auditor at the South African Civil Aviation Authority (hereafter
SACAA), a Schedule 3 Public Entity, as listed by the Public Finance Management Act,
No 1 of 1999 (PFMA). The main mission of the SACAA is to regulate civil aviation
safety and security in support of sustainable development of the aviation industry. The
SACAA’s brand promise is: “Keeping you safe in the sky”.

In order to accomplish this mission, the SACAA consist of various departments. One
of these departments is known as the “Flight Operations Department”. This
department’s main objective is to ensure the safety of all aviation flights in South Africa
by enforcing regulations and conducting safety oversight within the industry. This is
mainly done by means of reviews conducted by trained mechanic, avionics and flight
operations inspectors who then carry out inspections on valid operators who hold an
Aircraft Operation Certificate (AOC) to conduct business. The members of flight
operations also conduct inspections at various airports or facilities to ensure safety
and compliance.

The SACAA also engage in various contractual agreements in order to meet its
mandate. These agreements range from the appointment of inspectors to normal day
to day agreements with suppliers. The executive management is currently
investigating ways to improve contract management processes. Internal audit has
been requested to conduct a consulting engagement on this matter. The objective of
the audit is to recommend a structure of internal controls regarding general contract
management processes.

According to the annual internal audit plan, you have been tasked with the following
three audit engagements:

 a PFMA compliance review;

 a performance audit of the Flight Operations Department; and
 a consulting engagement regarding the internal controls that should be in place
with regard to contract management processes.
Source: University of Pretoria

_________________________________________________________________________________
Page 14 of 18
FAO MODULE CODE IAU8X00
________________________________________________________________________________

FACULTY/COLLEGE College of Business and Economics

SCHOOL School of Economics
DEPARTMENT Accountancy Department
CAMPUS(ES) APK
MODULE NAME Internal Auditing
MODULE CODE IAU8X00
SEMESTER Second
ASSESSMENT OPPORTUNITY, Final Summative Assessment Opportunity
MONTH AND YEAR November 2019

ASSESSMENT DATE 08 November 2019 SESSION 08:30 – 13:00

ASSESSOR(S) Ms. Seabi Mokoena
MODERATOR(S) Prof. Benjamin Marx
Ms. Palesa Tlhabanelo
DURATION 3 hours 45 minutes TOTAL MARKS 150
(excluding reading
time)

NUMBER OF PAGES OF QUESTION PAPER (Including cover page) 4

INFORMATION/INSTRUCTIONS:
_______________________________________________________________________
9. This documentation represents the multiple choice questions as well as the
scenario for the long questions.
10. Thirty minutes (30) minutes of reading time is given for the paper, making the
assessment session 4 hours and 15 minutes.
11. During the 30 minutes reading time, you may:
 Highlight the information presented in this document; and
 Make such annotations on this document as you consider appropriate.
12. At the close of the 30 minute reading period, you will be given the question
(required) and stationery packs.
13. You will have 3 hours and 45 minutes in which to answer the required
section.
14. No questions may be asked during the assessment.
15. Please write your name and student number clearly on your answer sheet.
16. Make assumptions if you are uncertain regarding the interpretation of the
scenario.

_________________________________________________________________________________
Page 15 of 18
FAO MODULE CODE IAU8X00
________________________________________________________________________________

YOU ARE REQUIRED TO: MARKS

QUESTION 1

(a) Select and indicate the correct answer with an X on the “multiple choice” (30)
answer sheet provided. For example:

101 A B C D

QUESTION 2

(a) Explain the difference between the traditional approach to a compliance (4)
engagement and the new risk-based approach.

(b) Identify and briefly discuss the methods that can be applied to reduce the (6)
residual risk to equal the target risk when the residual risk is higher than the
target risk.

(c) With regards to House of BNG’s procurement system, complete the table (20)
below, addressing the following:
 risk factors
 current controls in place
 residual risks
 engagement procedures that must be performed during this
engagement;
 engagement findings identified without further investigation.

Inherent * Risk Current Residual * Engagement Engagement

Risk Factor Controls Risk Procedure Finding
Not H M
using
the best
supplier
Fictitious H M
orders
placed
Incorrect H L
quantity
/ poor
quality
delivery

(*) H = High
M = Medium
L = Low

_________________________________________________________________________________
Page 16 of 18
FAO MODULE CODE IAU8X00
________________________________________________________________________________

(d) Identify at least three (3) programmed controls clearly present in the account (6)
registration screen above and explain the purpose of each control.

(e) Discuss the appropriateness of the access privileges assigned to Pinky Ghel. (5)
What, if any, internal control problems may result.

(f) Explain why House of BNG also needs a separate data warehouse if the (5)
organisation already has an operational database and explain three common
analytical operations that will likely be performed on the content of the data
warehouse.

(g) Explain the importance for BNG of having presence on social media platforms (5)
such as Facebook and Twitter.

(h) Describe five risks associated with BNG have a Facebook page and, for each (10)
risk, recommend an appropriate control to manage the risk.

(i) Draft six (6) relevant engagement procedures that you would perform in order (12)
to achieve the above two engagement objectives by using the GAS package
on your laptop.

(j) Provide two examples of engagement procedures that must be performed in (4)
order to achieve the above two engagements objectives, but will not be
possible to perform with GAS.

Communication skills – clarity of expression and layout (1)

Communication skills – precision and interpretation (2)

TOTAL MARKS (80)

QUESTION 3

(a) Prepare an engagement work programme, in working paper format, listing (10)
ten (10) relevant engagement procedures you would conduct to ensure that
the SACAA is in compliance with Sections 51(1), (a), (b) and (c) of the PFMA
regarding the general responsibilities of accounting authorities.

_________________________________________________________________________________
Page 17 of 18
FAO MODULE CODE IAU8X00
________________________________________________________________________________

(b) Formulate three (3) appropriate engagement procedures that you perform to (9)
achieve each of the following engagement objectives, as part of the
performance audit:
 To determine the effectiveness of the Flight Operations Department;
 To determine the efficient utilisation of resources within the Flight
Operations Department; and
 To determine the economic acquisition of resources within the Flight
Operations Department.

(c) Draft an internal audit report wherein you document the outcome of the (18)
above-mentioned consulting engagement on internal controls regarding
general contract management processes.

Communication skills – clarity of expression and layout (1)

Communication skills – precision and interpretation (2)

TOTAL MARKS (40)

_________________________________________________________________________________
Page 18 of 18