CHAPTER 1:

A. Review questions
Q-5: What is the difference between internal assurance services and internal
consulting services?
 Primary purpose of internal assurance services is to assess evidence relevant to
subject matter of interest to someone and provide conclusions regarding the subject
matter. The internal audit function determines the nature and scope of assurance
engagements, which generally involve three parties: the auditee directly involved
with the subject matter of interest, the internal auditor making the assessment and
providing the conclusion, and the user relying on the internal auditor's assessment
of evidence and conclusion.
 Primary purpose of internal consulting services is to provide advice and other
assistance, generally at the specific request of engagement customers. The customer
and the internal audit function mutually agree on the nature and scope of consulting
engagements, which generally involve only two parties: the customer seeking and
receiving the advice, and the internal auditor offering and providing the advice.

Q-6: What is the difference between independence and objectivity as they pertain to
internal auditors?
Independence refers to the organizational status of the internal audit function while
objectivity refers to the mental attitude of the individual internal auditors.

Q-11: What types of procedures might an internal auditor use to test the design
adequacy and operating effectiveness of governance, risk management, and control
processes?

 Inquiring of managers and employees.

 Observing activities.
 Inspecting resources and documents.
 Reperforming control activities.
  Performing trend and ratio analysis.
 Performing data analysis using computer-assisted audit techniques.
 Gathering corroborating information from independent third parties.
 Performing direct tests of events and transactions.

Q-19: Why is it imperative that internal auditors have integrity?

Internal Auditors must have integrity because the users of their work products rely
on the internal auditors' professional judgements to make important business decisions.
These stakeholders must have confidence that internal auditors are trustworthy.

Q-21: What are the three common ways individuals enter the internal audit
profession?
 Many individuals enter the internal audit profession directly out of school.
 Others switch to internal auditing after beginning their careers in another area of the
organization or public accounting.
 Some organizations require prospective managers to spend time working in internal
auditing as part of their management trainee program.

B. Discuss questions
D-4: Prim Rose owns five flower shops in the suburbs of a large Midwestern city. Each
shop is managed by a different person. One of the tests Prim performs to monitor the
performance of his shops is a simple trend analysis of month-to-month sales for each
shop. Assume that Prim’s analysis of the reported sales performance for his flower
shop on Iris Street shows that monthly sales remained relatively consistent from
January through June. Should Prim be pleased or concerned about the sales
performance report for the shop on Iris Street over this six-month period? Explain.

I believed that Prism Should be Concerned about the sales pesfermance of his shap.
Because it isn't growing. Although it is an consistent, in comparison to other stomes it may
be performing below the standard that they are achieving.
 However if it is doing well or above the margin that they other stoses are acheiving
then it is important to analyse what that store is doing well. This can be beneficial because
those method can be applied to other store and grow the business overall. Assuming that
the store has regulars that consistently arrive that the store too, it would be importunt to
find out their opinion of the service so that they can find ways to improve the business.
CHAPTER 12

A. Review questions
Q-2: What are the three phases of the assurance engagement process?
 Planning
 Performing
 Communication

Q-3: What steps are included in the planning phase of an assurance engagement?
 Determine engagement objectives and scope
 Understand the audit, including audit objectives and assertions
 Identify and assess risks
 Idientify key controls
 Evaluate adequacy of control design
 Create a test plan
 Develope a work program
 Allocate resources to the engagement

Q-4: What is the relationship between business objectives and business assertions?
While business objectives indicate what the auditee is striving to achieve, assertions
are after-the-fact statements of what is achieved.

Q-14: What steps are included in the communication phase of an assurance

engagement?
 Conduct tests to gather evidence
 Evaluate evidence gathered and reach conclusions
 Develop observations and formulate recommendations

Q-15: What is the difference between “negative assurance” and “positive assurance?”
 Negative assurance (also referred to as limited assurance). Internal auditors express
negative assurance when they conclude that nothing has come to their attention that
indicates that the auditee's controls are designed inadequately or operating ineffectively.
Positive assurance (also referred to as reasonable assurance). Internal auditors
express positive assurance when they con- clude that, in their opinion, the auditee's controls
are designed adequately and operating effectively.

Q-17: How do internal audit consulting engagements differ from assurance

engagements?
Whereas the nature and scope of an assurance engagement are determined by the
internal audit function, the nature and scope of a consulting engagement are subject to
agreement with the engagement customer.
Consulting engagements are, accordingly, much more discretionary in nature than
assurance engagements. As indicated in the Glossary to the Standards, consulting services
include "counsel, advice, facilitation, and training."

B. Discuss questions
D-2: One definition of risk is that it is the possibility that an event will occur and
adversely affect the achievement of an objective. An illustrative objective and event
are presented below:
Objective Event
To safeguard the city’s citizens and resources An accident at a four-way intersection

a. Identify three potential adverse consequences of the event occurring.

 Drivers and passengers might suffer from physical effects such as minor cuts,
broken limbs, paralysis, whiplash, back or spinal injuries or even death in extreme
cases.
 Vehicles in the accident might be damaged or need costly repairs and in extreme
cases, might not be suitable for driving.
  People might suffer from emotional and mental distress such as post-traumatic stress
for being involved or losing a loved one in the accident.

b. Identify three inherent risk factors that make the event more or less probable.
 Factors arising from drivers are improper or erratic lane changing, sudden speed
changes, not obeying traffic control devices or signs, making improper turns,
driving too fast, prohibited and dangerous passing or merging and carelessness,
fatigue, alcohol or sleep.
 Risk factors due to defects in vehicles are failure of brakes, lighting system, tire
burst and steering system.

 Defective road designs include improper curves, improper lighting, ineffective

traffic control devices, inadequate sight distance, lack of width of shoulders and
others.

c. The city’s management must decide how to respond to this risk. Two of its
choices are to 1) avoid the risk or 2) reduce the risk to an acceptable level.
1. Explain how the city can avoid the risk.
The city can avoid road accidents by encouraging drivers to have the right attitude
about driving and practice as much as possible. Besides, they must be well trained for poor
conditions, strict legal actions need to be taken for traffic rule violators, cell phone use
must be prohibited and encouraging the drivers to drive a safe vehicle.

2. Identify two ways the city can reduce the risk.

The city can reduce the risk by limiting the speed of vehicles on the road during
peak hours and limiting night driving. During peak hours, the number of vehicles increases,
which further increases the possibility of accidents. Thus, stricter speed limits must be
enforced for ensuring careful and safe driving. Besides, limiting the number of vehicles
during the night would also help in reducing the accidents, as drivers engage in alcohol
intake, become sleepy or suffer from fatigue at this time.
D-3: Consider the following two statements:
Evaluating the adequacy of control design is necessary but not sufficient if the
objective of an assurance engagement is to reach a conclusion regarding the overall
effectiveness of controls.
If an internal auditor determines that a control is inadequately designed, there
is no good reason to test the operating effectiveness of the control.

Do you agree with each of these statements? Explain

 The first statement is true. Determining that controls are designed adequately is
necessary, but not sufficient, for reaching a conclusion regarding their effectiveness.
To reach a conclusion regarding their effectiveness, adequately designed controls
must be tested to determine whether they are operating as intended.
 The second statement is generally true. It typically does not make sense to determine
whether a poorly designed control is operating as designed. There are
circumstances, however, in which internal auditors gather and document errors that
have occurred as a result of control deficiencies to support their conclusions that
controls are ineffective. Additionally, there may be instances when internal auditors
want to measure the impact of a control deficiency.
CHAPTER 2

A. Review questions
Q-2: What are the six components of the IPPF? Which components constitute
mandatory guidance? Which components constitute recommended guidance?
 Mandatory
- Core Principles
- Definition
- Standards
- Code of Ethics
 Recommended
- Supplemental
- Implementation

Q-4: What is the purpose of The IIA’s Code of Ethics?

Purpose of the IIA’s Code of Ethics: To promote an ethical culture in the profession
of internal auditing.

Q-5: Identify the four principles of the Code of Ethics. Why should internal auditors
strive to comply with these principles?
 Integrity: Establishes trust and provides the basis for reliance on internal auditors'
judgment.
 Objectivity: Internal auditors are not unduly influenced by their own interests or by
others in forming judgments.
 Confidentiality: Internal auditors do not disclose information they receive without
proper authority unless there is a legal or professional obligation to do so.
 Competency: Internal auditors apply the knowledge, skills, and experience needed
in the performance of internal audit services.
Internal audit services can be performed by people who have integrity, are objective,
and maintain confidentiality, but those services are of little value if such persons do not
have the necessary knowledge and skills to perform the work and reach valid conclusions.
That is why there are specific standards requiring internal auditors to be competent and
continuously strive for improvement.

Q-6: What is the purpose of The IIA’s Standards? Explain the difference between
Attribute and Performance Standards.
 Purpose of The IIA’s Standards:
- Guide adherence with the mandatory elements of the IPPF
- Provide a framework for performing and promoting a broad range of value-
added internal auditing
- Establish the basis for the evaluation of internal audit performance
- Foster improved Organizational processes and operations
 The difference between Attribute and Performance Standards:
- Attribute Standards: Address the attributes of organizations and individuals
performing internal auditing
- Performance Standards: Describe the nature of IA and provide quality criteria
against which the performance of these services can be measured

Q-13: Identify the Performance Standards that pertain specifically to:

a. Engagement planning.
- 2201: Planning Considerations
- 2210: Engagement Objectives
- 2220: Engagement Scope
- 2230: Engagement Resource Allocation
- 2240: Engagement Work Program
b. Performing the engagement.
- 2310: Identify Information
- 2320: Analysis and Evaluation
- 2330: Documenting Information
- 2340: Engagement Supervision
 c. Communicating results.
- 2410: Criteria for Communicating
- 2420: Quality of Communications
- 2421: Errors and Commisions
- 2430: Use of “ Conducted in Conformance with the International Standards for
the Professional Practice of Internal Auditing
- 2431: Engagement Disclosure of Nonconformance
- 2440: Disseminating Results
- 2450: Overall Opinion

B. Discuss questions
D-1: Why is it important for a profession, such as internal auditing, to promulgate
standards?
The Standards, promulgated by The IIA, are the primary mechanism for ensuring
an organization's internal auditors consistently and accurately provide essential services in
a timely, cost-effective manner. The Standards also: Provide a framework for performing a
broad range of value-added internal auditing.

D-5: The CAE for Sargon Products reports administratively to the CFO and
functionally to the audit committee. The scope of the internal audit function assurance
services includes financial, operational, and compliance engagements. Is the internal
auditors’ objectivity regarding accounting-related matters impaired in each of the
situations described below? Briefly explain your answer.
a. The internal auditors are frequently asked to make accounting entries for
complex transactions that the company’s accountants do not have the expertise
to handle.
In this scenario, the internal auditor’s objectivity regarding accounting related
matters is impaired since it is not within the purview of internal auditor’s role to make
accounting entries. Internal auditors are to only review and audit the entries and give
opinions on them. If they start making the entries, it is highly likely that any errors or lapses
will not be found in internal audit process since the entries were made the internal auditor
in the first place and hence, he/she would most probably find all the entries to be alright.

b. A staff accountant reconciles the company’s monthly bankstatements. An

internal auditor reviews the bank reconciliations to make sure they are
completed properly.
In this scenario, the internal auditor’s objectivity regarding accounting related
matters is not impaired since the staff accountant is reconciling the statements and the
internal auditor is only reviewing the work.