Professional Documents
Culture Documents
Management Controls PDF Free
Management Controls PDF Free
Management Controls PDF Free
B. Lapping of receivables.
[1] Source: CIA 1188 II-24
C. Receivables not being properly aged.
One payroll audit objective is to determine if there is
proper segregation of duties. Which of the following
D. Statements being intercepted prior to mailing.
activities is incompatible?
1
B. Establish accountability when the cash is first C. Require supervisory approval of employee time
received. cards.
C. Prevent paying cash disbursements from cash D. Witness the distribution of payroll checks.
receipts.
B. Customers not meeting trade-credit standards are C. Recording every transaction on the day it occurs.
shipped merchandise on a cash-on-delivery (C.O.D.)
basis only. D. Requiring all members of the internal auditing
department to be CIAs.
C. Salespeople are responsible for evaluating and
monitoring the financial condition of prospective and
continuing customers. [17] Source: CIA 1192 II-20
An audit of the payroll function revealed several instances
D. An authorized signature from the credit in which a payroll clerk had added fictitious employees to
department, denoting approval of the customer's the payroll and deposited the checks in accounts of close
credit, is to appear on all credit-sales orders. relatives. What control should have prevented such
actions?
[13] Source: CIA 0591 I-23 A. Using time cards and attendance records in the
A means of ensuring that payroll checks are drawn for computation of employee gross earnings.
properly authorized amounts is to
B. Establishing a policy to deal with close relatives
A. Conduct periodic floor verification of employees working in the same department.
on the payroll.
C. Having the treasurer's office sign payroll checks.
B. Require that undelivered checks be returned to the
cashier. D. Allowing changes to the payroll to be authorized
2
only by the personnel department. C. Perform operational audits.
A. To ensure adequate separation of duties, the A. The petty cash custodian has the ability to steal
warehouse receiving clerk should work independently petty cash. Documentation for all disbursements from
from the warehouse manager. the fund must be submitted with the request for
replenishment of the fund.
B. Ensure that the warehouse receiving department
has a purchase order copy with the units described, B. An inventory control clerk at a manufacturing plant
but both prices and quantities omitted. has the ability to steal one completed television set
from inventory a year. The theft probably will never
C. Require that all receipts receive the approval of be detected.
the warehouse manager.
C. An accounts receivable clerk, who approves sales
D. Ensure that the warehouse receiving department returns and allowances, receives customer
has a true copy of the original purchase order. remittances and deposits them in the bank. Limited
supervision is maintained over the employee.
[19] Source: CMA 1294 2-30 D. A clerk in the invoice processing department fails
There are three components of audit risk: inherent risk, to match a vendor's invoice with its related receiving
control risk, and detection risk. Inherent risk is report. Checks are not signed unless all appropriate
documents are attached to a voucher.
A. The susceptibility of an assertion to a material
misstatement, assuming that there are no related
internal control structure policies or procedures. [23] Source: CMA 0689 3-15
Which one of the following situations represents an internal
B. The risk that the auditor may unknowingly fail to control weakness in accounts receivable?
appropriately modify his or her opinion on financial
statements that are materially misstated. A. Internal auditors confirm customer accounts
periodically.
C. The risk that a material misstatement that could
occur in an assertion will not be prevented or B. Delinquent accounts are reviewed only by the
detected on a timely basis by the entity's internal sales manager.
control structure policies or procedures.
C. The cashier is denied access to customers'
D. The risk that the auditor will not detect a material records and monthly statements.
misstatement that exists in an assertion.
D. Customers' statements are mailed monthly by the
accounts receivable department.
[20] Source: CIA 0589 III-2
The director of internal auditing at a large multinational firm
is evaluating the draft of a new travel policy that requires [24] Source: CMA 0690 3-26
preparation of a travel planning form for all travel. The Control risk is the risk that a material misstatement in an
travel planning form must be approved by the employee's account will not be prevented or detected on a timely basis
supervisor and the regional vice president. The director of by the client's internal control structure policies or
internal auditing should procedures. The best control procedure to prevent or
detect fictitious payroll transactions is
A. Avoid involvement in reviewing policies and
procedures because such involvement would impair A. To use and account for prenumbered payroll
audit independence. checks.
B. Ensure that examples of all signatures are on file to B. Personnel department authorization for hiring, pay
use during travel reimbursement procedures. rate, job status, and termination.
C. Suggest that a copy of the travel planning form C. Internal verification of authorized pay rates,
should be sent to the internal audit department. computations, and agreement with the payroll
register.
D. Address whether the new travel approval policy is
an effective control and an efficient use of time for the D. Periodic independent bank reconciliations of the
supervisors and vice presidents involved. payroll bank account.
[21] Source: CMA 1283 3-15 [25] Source: CMA 0690 3-27
For an internal audit department to be considered as a One of the steps in assessing control risk in a computerized
relevant internal control by the external auditor, the internal information control system is identifying necessary controls
auditor must to prevent data from being lost, added, duplicated, or
altered during processing. An example of this type of
A. Be independent of the accounting function. control is the
3
groups.
B. Review of data output by data control groups. [30] Source: CMA 0690 3-23
The primary reason an auditor assesses control risk in
C. Use of external and internal file labels. conjunction with financial statement audits is to
D. Use of control totals, limit and reasonableness A. Identify the causes of errors or irregularities in an
checks, and sequence tests. internal control structure.
A. Signing of paychecks and custody of blank payroll D. Determine the nature, timing, and extent of
checks. substantive tests.
D. Some assurance of compliance with the Foreign [32] Source: CIA 0589 II-7
Corrupt Practices Act of 1977. Which of the following controls could be used to detect
bank deposits that are recorded but never made?
[28] Source: CMA 1288 3-21 A. Establishing accountability for receipts at the
According to SAS 55 (AU 319), Consideration of the earliest possible time.
Internal Control Structure in a Financial Statement Audit,
an entity's internal control structure (ICS) consists of the B. Linking receipts to other internal accountabilities
policies and procedures established to provide reasonable (i.e., collections to either accounts receivable or
assurance that specific entity objectives will be achieved. sales).
Only some of these objectives, policies, and procedures
are relevant to a financial statement audit. Which one of the C. Consolidating cash receiving points.
following would most likely be considered in such an audit?
D. Having bank reconciliations performed by a third
A. Timely reporting and review of quality control party.
results.
B. Maintenance of control over unused checks. [33] Source: CMA 1288 3-26
In a well-designed internal control structure in which the
C. Marketing analysis of sales generated by cashier receives remittances from the mail room, the cashier
advertising projects. should not
B. Management.
[34] Source: CMA 1288 3-23
C. The controller. If internal control is well-designed, two tasks that should be
performed by different persons are
D. The treasurer.
A. Approval of bad debt write-offs, and
4
reconciliation of the accounts payable subsidiary master price list. The annotated packing slip is then
ledger and controlling account. forwarded to inventory control and goods are automatically
moved to the retail sales area. The most significant control
B. Distribution of payroll checks and approval of strength of this activity is
sales returns for credit.
A. Matching quantity received with the packing slip.
C. Posting of amounts from both the cash receipts
journal and cash payments journal to the general B. Using a master price list for marking the sale price.
ledger.
C. Automatically moving goods to the retail sales
D. Recording of cash receipts and preparation of area.
bank reconciliations.
D. Forwarding the annotated packing slip to
inventory control.
[35] Source: CMA 0689 3-16
Which one of the following situations represents an internal
[39] Source: Publisher
control weakness in the payroll department? The audit risk against which the auditor and those who rely
on his/her opinion require reasonable protection is a
A. Payroll department personnel are rotated in their combination of three separate risks at the account-balance
duties. or class-of-transactions level. The first risk is inherent risk.
The second risk is that material misstatements will not be
B. Paychecks are distributed by the employees' prevented or detected by internal control. The third risk is
immediate supervisor. that
C. Payroll records are reconciled with quarterly tax A. The auditor will reject a correct account balance
reports. as incorrect.
D. The timekeeping function is independent of the B. Material misstatements that occur will not be
payroll department. detected by the audit.
D. Inherent risk.
[37] Source: CIA 0589 II-10
Which of the following observations, made during the
preliminary survey of a local department store's [41] Source: Publisher
disbursement cycle, reflects a control strength? Audit risk consists of inherent risk, control risk, and
detection risk. Which of the following statements is true?
A. Individual department managers use prenumbered
forms to order merchandise from vendors. A. Cash is more susceptible to theft than an inventory
of coal because it has a greater inherent risk.
B. The receiving department is given a copy of the
purchase order complete with a description of goods, B. The risk that material misstatement will not be
quantity ordered, and extended price for all prevented or detected on a timely basis by internal
merchandise ordered. control can be reduced to zero by effective controls.
C. The treasurer's office prepares checks for C. Detection risk is a function of the efficiency of an
suppliers based on vouchers prepared by the auditing procedure.
accounts payable department.
D. The existing levels of inherent risk, control risk,
D. Individual department managers are responsible and detection risk can be changed at the discretion of
for the movement of merchandise from the receiving the auditor.
dock to storage or sales areas as appropriate.
5
acceptable level of detection risk decreases, the auditor activities, information and communication systems,
may do one or more of the following except change the and monitoring.
A. Nature of substantive tests to more effective C. Risk assessment, backup facilities, responsibility
procedures. accounting, and natural laws.
B. Timing of substantive tests, such as performing D. Legal environment of the firm, management
them at year-end rather than at an interim date. philosophy, and organizational structure.
C. If misstatements are not important individually but C. The routine supervisory review of production
are important in the aggregate, the concept of planning.
materiality does not apply.
D. The existence of a preventive maintenance
D. Material fraud but not material errors cause program.
financial statements to be materially misstated.
B. Control environment, risk assessment, control D. Financial statements are fairly presented.
6
detected and corrected within a timely period by
employees in the course of performing their assigned
[50] Source: Publisher duties.
Internal control can provide only reasonable assurance of
achieving entity control objectives. One factor limiting the B. Management's plans have not been circumvented
likelihood of achieving those objectives is that by worker collusion.
A. The auditor's primary responsibility is the C. The internal auditing department's guidance and
detection of fraud. oversight of management's performance is
accomplished economically and efficiently.
B. The board of directors is active and independent.
D. Management's planning, organizing, and directing
C. The cost of internal control should not exceed its processes are properly evaluated.
benefits.
[53] Source: CIA 1195 I-67 A. Data sources, data flows, computer
Auditors regularly evaluate controls. Which of the following configurations, flowchart, and data storage.
best describes the concept of control as recognized by
internal auditors? B. Data source, data destination, data flows,
transformation processes, and data storage.
A. Management regularly discharges personnel who
do not perform up to expectations. C. Data flows, data storage, and program flowchart.
B. Management takes action to enhance the D. Data flows, program flowchart, and data
likelihood that established goals and objectives will destination.
be achieved.
C. Control represents specific procedures that [58] Source: CIA 1193 II-8
accountants and auditors design to ensure the Corporate directors, management, external auditors, and
correctness of processing. internal auditors all play important roles in creating a proper
control environment. Top management is primarily
D. Control procedures should be designed from the responsible for
"bottom up" to ensure attention to detail.
A. Establishing a proper environment and specifying
an overall internal control structure.
[54] Source: CIA 0592 II-16
According to The IIA, internal controls are designed to B. Reviewing the reliability and integrity of financial
provide reasonable assurance that information and the means used to collect and report
such information.
A. Material errors or fraud will be prevented or
7
C. Ensuring that external and internal auditors C. Fraud involves actions of management but
adequately monitor the control environment. excludes the actions of employees or third parties.
D. Implementing and monitoring controls designed by D. An audit rarely involves the authentication of
the board of directors. documentation; thus, fraud may go undetected by the
auditor.
B. Provide assurances to users as part of the C. Decision point, conditional testing, or branching.
traditional audit attest function that the client is in
compliance with the present legislation. D. Predefined process.
8
C. Requires that relatively more effort be directed to C. Encourage compliance with organizational
those assertions that are more susceptible to objectives.
misstatement.
D. Ensure the accuracy, reliability, and timeliness of
D. Requires the auditor to make judgments as to information.
whether misstatements affect the fairness of the
financial statements.
[72] Source: Publisher
Internal controls may be preventive, detective, or
[67] Source: Publisher corrective. Which of the following is preventive?
According to AU 319, after obtaining a sufficient
understanding of internal control, the auditor assesses A. Requiring two persons to open mail.
A. The need to apply GAAS. B. Reconciling the accounts receivable subsidiary file
with the control account.
B. Detection risk to determine the acceptable level of
inherent risk. C. Using batch totals.
C. Detection risk and inherent risk to determine the D. Preparing bank reconciliations.
acceptable level of control risk.
D. Control risk to determine the acceptable level of [73] Source: CIA 1187 I-10
detection risk. The internal auditor recognizes that certain limitations are
inherent in any internal control system. Which one of the
following scenarios is the result of an inherent limitation of
[68] Source: Publisher internal control?
Basic to a proper control environment are the quality and
integrity of personnel who must perform the prescribed A. The comptroller both makes and records cash
procedures. Which is not a factor in providing for deposits.
competent personnel?
B. A security guard allows one of the warehouse
A. Segregation of duties. employees to remove company assets from the
premises without authorization.
B. Hiring practices.
C. The firm sells to customers on account, without
C. Training programs. credit approval.
B. Provide reasonable assurance that the objectives D. The flow of forms that relate to a particular
of the organization are achieved. transaction through an organization.
9
[76] Source: CIA 1191 II-13 B. Are a good guide to potential segregation of
Factors that should be considered when evaluating audit duties.
risk in a functional area include:
C. Are generally kept up to date for systems
1. Volume of transactions. changes.
2. Degree of system integration.
3. Years since last audit. D. Show only computer processing, not manual
4. Significant management turnover. processing.
5. (Dollar) value of assets at risk.
6. Average value per transaction.
7. Results of last audit. [81] Source: CIA 0590 I-9
Factors that best define the materiality of audit risk are Which of the following activities represents both an
A. 1 through 7 appropriate personnel department function and a deterrent
to payroll fraud?
B. 2, 4, and 7
A. Distribution of paychecks.
C. 1, 5, and 6
B. Authorization of overtime.
D. 3, 4, and 6
C. Authorization of additions and deletions from the
payroll.
[77] Source: CIA 0592 II-17
An adequate system of internal controls is most likely to D. Collection and retention of unclaimed paychecks.
detect a fraud perpetrated by a
A. Control is the result of proper planning, organizing, A. Internal control will be enhanced because these
and directing by management. are duties that the treasurer should perform.
B. Controls are the broadest statements of what the B. The treasurer will be in a position to make and
organization chooses to accomplish. conceal unauthorized payments.
C. Control is provided when cost-effective actions C. The treasurer will be able to make unauthorized
are taken to restrict deviations to a tolerable level. adjustments to the cash account.
D. Control accomplishes objectives and goals in an D. Controls will be enhanced because the treasurer
accurate and timely fashion with minimal use of will have two opportunities to discover inappropriate
resources. disbursements.
[80] Source: CIA 0595 I-5 [84] Source: CIA 0592 II-15
An auditor reviews and adapts a systems flowchart to A utility company with a large investment in repair vehicles
understand the flow of information in the processing of cash would most likely implement which internal control to
receipts. Which of the following statements is true regarding reduce the risk of vehicle theft or loss?
the use of such flowcharts? The flowcharts
A. Review insurance coverage for adequacy.
A. Show specific control procedures used, such as
edit tests that are implemented and batch control B. Systematically account for all repair work orders.
reconciliations.
10
C. Physically inventory vehicles and reconcile the [89] Source: CIA 1195 I-16
results with the accounting records. A restaurant food chain has over 680 restaurants. All food
orders for each restaurant are required to be input into an
D. Maintain vehicles in a secured location with electronic device which records all food orders by food
release and return subject to approval by a custodian. servers and transmits the order to the kitchen for
preparation. All food servers are responsible for collecting
cash for all their orders and must turn in cash at the end of
[85] Source: CIA 0592 II-22 their shift equal to the sales value of food ordered for their
Corporate management has a role in the maintenance of I.D. number. The manager then reconciles the cash
internal control. In fact, management sometimes is a received for the day with the computerized record of food
control. Which of the following involves managerial orders generated. All differences are investigated
functions as a control device? immediately by the restaurant. Corporate headquarters has
established monitoring controls to determine when an
A. Supervision of employees. individual restaurant might not be recording all its revenue
and transmitting the applicable cash to the corporate
B. Use of a corporate policies manual. headquarters. Which one of the following would be the
best example of a monitoring control?
C. Maintenance of a quality control department.
A. The restaurant manager reconciles the cash
D. Internal auditing. received with the food orders recorded on the
computer.
[86] Source: CIA 1192 II-16 B. All food orders must be entered on the computer,
To minimize the risk that agents in the purchasing and there is segregation of duties between the food
department will use their positions for personal gain, the servers and the cooks.
organization should
C. Management prepares a detailed analysis of gross
A. Rotate purchasing agent assignments periodically. margin per store and investigates any store that
shows a significantly lower gross margin.
B. Request internal auditors to confirm selected
purchases and accounts payable. D. Cash is transmitted to corporate headquarters on
a daily basis.
C. Specify that all items purchased must pass value
per unit of cost reviews.
[90] Source: CIA 1189 II-7
D. Direct the purchasing department to maintain The procedure requiring preparation of a prelisting of
records on purchase prices paid, with review of such incoming cash receipts, with copies of the prelist going to
being required each 6 months. the cashier and to accounting, is an example of which type
of control?
B. Reviewing the reliability and integrity of financial [91] Source: CIA 1190 I-18
information and the means used to collect and report A multinational corporation has an office in a foreign branch
such information. with a monetary transfer facility. Effective internal control
requires that
C. Ensuring that external and internal auditors
adequately monitor the control environment. A. The person making wire transfers not reconcile the
bank statement.
D. Implementing and monitoring controls designed by
the board of directors. B. The branch manager not deliver payroll checks to
employees.
[88] Source: CIA 1194 I-26 C. Foreign currency translation rates be computed
Management can best strengthen internal control over the separately by two branch employees in the same
custody of inventory stored in an off-site warehouse by
implementing department.
A. Reconciliations of transfer slips to/from the D. The hiring of individual branch employees be
warehouse with inventory records. approved by the headquarters office.
11
B. One employee issues a prenumbered receipt for B. Implementation of specifications for purchases.
all cash collections; another employee reconciles the
daily total of prenumbered receipts to the bank C. Timely follow-up on unfavorable usage variances.
deposits.
D. Determination of spoilage at the end of the
C. Predetermined totals (hash totals) of cash receipts manufacturing process.
are used to control posting routines.
D. The employee who receives customer mail [97] Source: CIA 1191 I-13
receipts prepares the daily bank deposit, which is In auditing a cost-plus construction contract for a new
then deposited by another employee. catalog showroom, the internal auditor should be cognizant
of the risk that
[93] Source: CIA 1190 I-10 A. The contractor could be charging for the use of
Which of the following controls would be the most equipment not used in the construction.
appropriate means to ensure that terminated employees
had been removed from the payroll? B. Income taxes related to construction equipment
depreciation may have been calculated erroneously.
A. Mailing checks to employees' residences.
C. Contractor cash budgets could have been
B. Establishing direct-deposit procedures with inappropriately compiled.
employees' banks.
D. Payroll taxes may have been inappropriately
C. Reconciling payroll and time-keeping records. omitted from billings.
[94] Source: CIA 0589 II-10 A. Material errors or fraud will be prevented or
Which of the following observations, made during the detected and corrected within a timely period by
preliminary survey of a local department store's employees in the course of performing their assigned
disbursement cycle, reflects a control strength? duties.
A. Individual department managers use prenumbered B. Management's plans have not been circumvented
forms to order merchandise from vendors. by worker collusion.
B. The receiving department is given a copy of the C. The internal auditing department's guidance and
purchase order complete with a description of goods, oversight of management's performance is
quantity ordered, and extended price for all accomplished economically and efficiently.
merchandise ordered.
D. Management's planning, organizing, and directing
C. The treasurer's office prepares checks for processes are properly evaluated.
suppliers based on vouchers prepared by the
accounts payable department.
[99] Source: CIA 1192 I-18
D. Individual department managers are responsible Controls can be classified according to the function they
for the movement of merchandise from the receiving are intended to perform; for example, to discover the
dock to storage or sales areas as appropriate. occurrence of an unwanted event (detective), to avoid the
occurrence of an unwanted event (preventive), or to ensure
the occurrence of a desirable event (directive). Which of
[95] Source: CIA 1190 II-8 the following is a directive control?
An internal auditor found that employee time cards in one
department are not properly approved by the supervisor. A. Monthly bank statement reconciliations.
Which of the following could result?
B. Dual signatures on all disbursements over a
A. Duplicate paychecks might be issued. specific dollar amount.
B. The wrong hourly rate could be used to calculate C. Recording every transaction on the day it occurs.
gross pay.
D. Requiring all members of the internal auditing
C. Employees might be paid for hours they did not department to be CIAs.
work.
D. Payroll checks might not be distributed to the [100] Source: CIA 1194 I-45
appropriate payees. A retailer of high-priced durable goods operates a
catalog-ordering division that accepts customer orders by
telephone. The retailer runs frequent price promotions.
[96] Source: CIA 1190 II-9 During these times, the telephone operators enter the
Which of the following controls would most likely minimize promotional prices. The risk of this practice is that
defects in finished goods because of poor quality raw
materials? A. Customers could systematically be charged lower
prices.
A. Proper handling of work-in-process inventory to
prevent damage. B. Frequent price changes could overload the order
12
entry system. III. Is not necessary because each product manager is
evaluated on
C. Operators could give competitors notice of the profit generated, thus this control is redundant
promotional prices. A. II and III.
B. The product manager negotiates the purchase B. This version of the formula assists in planning a
price and sets the selling price. specific substantive test of details.
C. Evaluating product managers by total gross profit C. The overall allowable audit risk cannot be
generated by product line will lead to dysfunctional
behavior. determined.
D. There is no receiving function located at individual D. Auditors always consider tests of details first.
stores.
13
C. Marketing analysis of sales generated by A. Figure 11
advertising projects.
B. Figure 12
D. Maintenance of statistical production analyses.
C. Figure 13
B. Figure 20
[108] Source: CMA 0695 4-25
The National Committee on Fraudulent Financial Reporting C. Figure 21
(Treadway Commission) recommended that
D. Figure 22
A. All public companies have an audit committee
made up of members of top management to assist the
internal auditor in identifying potential areas of [113] Source: CMA 1281 5-17
external auditor concern. (Refer to Figures 23 through 26.) The symbol used to
represent the physical act of collecting employees' time
B. Internal auditors perform many of the functions of cards for processing is
the external auditor in order to minimize audit fees
while increasing the effectiveness of audits. A. Figure 23
14
D. Figure 34 B. File them daily by batch number.
A. Figure 35
[121] Source: CMA 1287 5-10
B. Figure 36 (Refers to Fact Pattern #2)
(Refer to Figure 40.) The appropriate description that
C. Figure 37 should be placed in symbol D would be
B. Manual operation, processing, offline storage, and [122] Source: CMA 1287 5-11
input-output activity. (Refers to Fact Pattern #2)
(Refer to Figure 40.) The appropriate description that
C. Display, document, online storage, and entry should be placed in symbol E would be
operation.
A. Accounts receivable master file.
D. Manual operation, document, online storage, and
entry operation. B. Bad debts master file.
15
Practitioners of Management Accounting and Financial
B. Avoidance of conflict of interest. Management?
D. Objectivity.
[126] Source: Publisher
Under the express terms of the IMA Code of Ethics, a
financial manager/management accountant may not [130] Source: CMA 3
In accordance with Statements on Management
A. Advertise. Accounting Number 1C (SMA 1C) (revised), Standards
of Ethical Conduct for Practitioners of Management
B. Encroach on the practice of another financial Accounting and Financial Management, a management
manager/management accountant. accountant who fails to perform professional duties in
accordance with relevant standards is acting contrary to
C. Disclose confidential information unless authorized which one of the following standards?
or legally obligated.
A. Competency.
D. Accept other employment while serving as a
financial manager/management accountant. B. Confidentiality.
C. Integrity.
[127] Source: Publisher
In which situation is a financial manager/management D. Objectivity.
accountant permitted to communicate confidential
information to individuals or authorities outside the firm?
[131] Source: Publisher
A. There is an ethical conflict and the board has Lauryn is in charge of auditing Palace Co. She determines
refused to take action. Palace has a control risk of 15%, there is an inherent risk
of 30%, and she has an acceptable detection risk of 50%.
B. Such communication is legally prescribed. What is the risk of a material misstatement of an assertion?
A. Competency. B. 12%
B. Confidentiality. C. 30%
C. Integrity. D. 333%
D. Objectivity.
[133] Source: Publisher
The auditors of Maut・ Inc. have discovered that the
[129] Source: CMA 2 company has no effective internal controls. The auditors
At Key Enterprises, the controller is responsible for have set detection risk at 5% and inherent risk at 90%.
directing the budgeting process. In this role, the controller What is the allowable audit risk according to the audit risk
has significant influence with executive management as model?
individual department budgets are modified and approved.
For the current year, the controller was instrumental in the A. 0%
approval of a particular line manager's budget without
modification, even though significant reductions were made B. 4.5%
to the budgets submitted by other line managers. As a
token of appreciation, the line manager in question has C. 5%
given the controller a gift certificate for a popular local
restaurant. In considering whether or not to accept the D. 5.6%
certificate, the controller should refer to which section of
Statements on Management Accounting Number 1C
(SMA 1C) (revised), Standards of Ethical Conduct for [134] Source: Publisher
16
Courtney and Kim are using the audit risk model on their
audit assignment. They have set inherent risk at 90%, A. Sets forth basic principles in the practice of
control risk at 90%, the allowable risk of incorrect internal auditing.
acceptance associated with a test of details at 50%, and
the risk that analytical procedures and other substantive B. Charges IIA members to maintain high standards
tests will fail to detect misstatements at 9%. What is the of conduct.
allowable audit risk?
C. Explains the internal audit profession's
A. 3.65% responsibility to society at large.
C. Go beyond the limitation of personal technical C. Failing to comply with the law.
skills to advance the interest of the company or
organization. D. Prudence in the use of information.
17
is to [146] Source: CIA 0588 I-28
You are planning a 3-year effort to audit all branches of a
A. Summarily discharge the auditor and notify The large international car rental agency. Management is
Institute. especially concerned with standardized operation of the
accounting, car rental, and inventory functions. What type
B. Take no action because the auditor did not benefit of audit program would be most appropriate for this
from the transaction. project?
C. Inform the Institute's Board of Directors and take A. A pro forma audit program developed and tested
the personnel action required by company policy. by your internal auditing department.
D. Inform the employee of other methods of D. Assess the performance of the subsidiary and
communicating this type of information. indicate where additional audit work may be needed.
[144] Source: CIA 0589 II-43 [148] Source: CIA 0590 II-1
In their reporting, Certified Internal Auditors are required In a comprehensive audit of a not-for-profit activity an
by the Code of Ethics to internal auditor is primarily concerned with the
A. Disclose all material evidence obtained by the A. Extent of compliance with policies and
auditor as of the date of the audit report. procedures.
B. Obtain factual evidence within the established time B. Procedures related to the budgeting process.
and budget parameters.
C. Extent of achievement of the organization's
C. Reveal material facts known to the auditor that mission.
could distort the report if not revealed.
D. Accuracy of reports on the source and use of
D. Express an opinion only if it is based on sufficient funds.
competent evidence.
C. Audit objectives define specific desired [150] Source: CIA 0592 I-11
accomplishments; audit procedures provide the According to the Standards, audit planning should be
means of achieving audit objectives. documented and the planning process should include all the
following except
D. Once the necessary audit procedures have been
established, audit objectives can be defined. A. Establishing audit objectives and scope of work.
18
activities to be audited.
B. Supervision is primarily exercised at the final
C. Collecting audit evidence on all matters related to review stage of an audit to ensure the accuracy of the
the audit objectives. audit report.
D. Determining how, when, and to whom the audit C. Supervision is most important in the planning
results will be communicated. phase of the audit to ensure appropriate audit
coverage.
[151] Source: CIA 1192 I-13 D. Supervision is a continuing process beginning with
An audit program for a comprehensive audit of a planning and ending with conclusion of the audit
purchasing function should include assignment.
C. Specific methods to accomplish audit objectives. A. The qualifications of the audit staff selected for the
engagement.
D. A focus on risks affecting the financial statements
as opposed to controls. B. The auditee's objectives and control structure.
[155] Source: CIA 0591 II-15 D. Having budget revisions approved by the project
Which of the following best describes audit supervision as supervisor.
envisioned by the Standards?
A. The manager of each audit has the ultimate [160] Source: CIA 0590 II-2
responsibility for supervision. What action should an internal auditor take upon
19
discovering that an audit area was omitted from the audit
program? D. No, because a small dollar amount is in error.
C. Continue the audit as planned and include the A. Computation of selected sales commissions.
unforeseen problem in a subsequent audit.
B. Calculating commission ratios.
D. Evaluate whether completion of the audit as
planned will be adequate. C. Use of analytical procedures.
C. Time budgets for specific audit tasks. B. Examination of notes for appropriate debtors'
signatures.
D. Determination of the resources necessary to
perform the audit. C. Reconciliation of the detail of notes receivable and
the provision for uncollectible amounts to the general
ledger control.
[162] Source: CIA 0594 II-20
An internal auditor is interviewing three individuals, one of D. Examination of cash receipts records to determine
whom is suspected of committing a fraud. Which of the promptness of interest and principal payments.
following is the least effective interviewing approach?
A. Ask each individual to prepare a written statement [167] Source: CIA 0592 I-23
explaining his or her actions. An internal auditor would trace copies of sales invoices to
shipping documents in order to determine that
B. Take the role of one seeking the truth.
A. Customer shipments were billed.
C. Listen carefully to what the interviewee has to say.
B. Sales that are billed were also shipped.
D. Attempt to get the suspect to confess.
C. Shipments to customers were also recorded as
receivables.
[163] Source: CIA 0591 I-17
The personnel department receives an edit listing of payroll D. The subsidiary accounts receivable ledger was
changes processed at every payroll cycle. If it does not updated.
verify the changes processed, the result could be
A. Undetected errors in payroll rates for new [168] Source: CIA 1193 II-42
employees. Upon reviewing the results of the audit report with the audit
committee, executive management agreed to accept the
B. Inaccurate Social Security deductions. risk of not implementing corrective action on certain audit
findings. Evaluate the following and select the best
C. Labor hours charged to the wrong account in the alternative for the internal auditing director.
cost reporting system.
A. Notify regulatory authorities of management's
D. Employees not being asked if they want to decision.
contribute to the company pension plan.
B. Perform additional audit steps to further identify
the policy violations.
[164] Source: CIA 0591 I-26
An internal auditor discovered an error in a receivable due C. Conduct a follow-up audit to determine whether
from a major stockholder. The receivable's balance corrective action was taken.
accounts for less than 1% of the company's total
receivables. Would the auditor be likely to consider the D. Internal audit responsibility has been discharged,
error to be material? and no further audit action is required.
20
A. Receiving reports. [174] Source: CIA 0593 I-11
Shipments are made from the warehouse based on
B. Purchase orders. customer purchase orders. The matched shipping
documents and purchase orders are then forwarded to the
C. Canceled checks. billing department for sales invoice preparation. The
shipping documents are neither accounted for nor
D. Paid vendor invoices. prenumbered. Which of the following substantive tests
should be extended as a result of this control weakness?
[170] Source: CIA 1192 I-47 A. Select bills of lading from the warehouse and trace
If an internal auditor finds that no corrective action has the shipments to the related sales invoices.
been taken on a prior audit finding that is still valid, the
Standards state that the internal auditor should
B. Foot the sales register and trace the total to the
A. Restate the prior finding along with the findings of general ledger.
the current audit.
C. Trace quantities and prices on the sales invoice to
B. Determine whether management or the board has the customer purchase order and test extensions and
assumed the risk of not taking corrective action. footings.
C. Seek the board's approval to initiate corrective D. Trace a sample of purchase orders to the related
action. sales invoices.
A. Might not select documents that are in error as B. Managed its resources economically and
part of the examination. efficiently.
B. May not be able to properly evaluate an activity C. Prepared its financial statements in accordance
because of its poor internal accounting controls. with generally accepted accounting principles.
C. May fail to detect a significant error or weakness D. Applies the funds in a way that would benefit the
during an examination. greatest number of people.
A. Take no action. To do otherwise would be an B. Interviewing persons responsible for collecting and
exercise of operational control. storing the scrap.
B. Discuss the issue with the director of internal C. Comparing the quantities of scrap expected from
auditing. The problem requires an ad hoc solution. the production process with the quantities sold.
C. Discuss the issue with the person(s) responsible D. Comparing current revenue from scrap sales with
for the problem. (S)he or they should know how to industry norms.
solve the problem.
D. Order the person(s) responsible to correct the [177] Source: CIA 0593 I-19
problem. They have had long enough to do so. To control daily operating costs, an organization decreased
the number of times a messenger service was used each
day. Despite those measures, the monthly bill continued to
[173] Source: CIA 1192 II-23 increase. What procedure should the internal auditor use to
Which of the following statements is an audit objective? detect whether improper services were being billed?
A. Observe the deposit of the day's cash receipts. A. Reconcile a sample of messenger invoices to
pickup receipts.
B. Analyze the pattern of any cash shortages.
B. Test the mathematical accuracy of a sample of
C. Evaluate whether cash receipts are adequately messenger invoices.
safeguarded.
C. Scan ledger accounts and messenger invoices.
D. Recompute each month's bank reconciliation.
D. Observe daily use of the messenger service.
21
[183] Source: CIA 0590 I-33
[178] Source: CIA 1190 I-13 In which section of the final report should the internal
An internal auditor would most likely judge a misstatement auditor describe the audit objectives?
in an account balance to be material if it involves
A. Purpose.
A. A large percentage of net income.
B. Scope.
B. An unverified routine transaction.
C. Criteria.
C. An unusual transaction for the company.
D. Condition.
D. A related party.
A. Sales journal with the accounts receivable ledger. A. None. The engineers and buyers are
professionals. It is inappropriate for an internal
B. Accounts receivable ledger with the cash receipts auditor to interfere in what is essentially a personal
journal. decision.
C. Accounts receivable ledger with sales B. Informally counsel the engineers and buyers who
documentation. accept the vacation trips. This helps prevent the
possibility of kickbacks, while preserving good
D. Cash receipts documentation with the accounts auditor-auditee relations.
receivable ledger.
C. Formally recommend that the organization
establish a corporate code of ethics. Guidelines of
[182] Source: CIA 0591 I-33 acceptable conduct, within which individual decisions
An auditor has set an audit objective of determining may be made, should be provided.
whether mail room staff is fully used. Which of the following
audit techniques will best meet this objective? D. Issue a formal deficiency report naming the
personnel who accept vacations but make no
A. Inspection of documents. recommendations. Corrective action is the
responsibility of management.
B. Observation.
22
A. The efficiency and effectiveness of the scrap B. Reason for the difference between the expected
disposal function and include any findings requiring and actual conditions.
corrective action.
C. The risk or exposure because of the condition
B. Whether the scrap material inventory is reported found.
as a current asset.
D. Resultant evaluations of the effects of the findings.
C. Whether the physical inventory count of the scrap
material agrees with the recorded amount.
[193] Source: CIA 0589 I-38
D. Whether the scrap material inventory is valued at According to the Standards, audit findings are the result of
the lower of cost or market.
A. Comparing what should be with what is.
[188] Source: CIA 1187 I-41 B. Determining the impact on the organization of what
The primary reason for having written formal internal audit should be.
reports is to
C. Analyzing differences between organizational and
A. Provide an opportunity for auditee response. departmental objectives.
B. Direct senior management to corrective actions. D. The internal auditor's conclusions (opinions).
[190] Source: CIA 1188 I-43 [195] Source: CIA 0590 II-34
An objective report is one that is described as In beginning an audit, an internal auditor reviews written
procedures that detail segregations of responsibility
A. Through content and tone, designed to help the adopted by management to strengthen internal controls.
auditee as well as the organization. These written procedures should be viewed as which
attribute of a finding?
B. Logical and easily understood.
A. Criteria.
C. To the point and free of unnecessary detail.
B. Condition.
D. Factual, unbiased, and free from distortion.
C. Effect.
C. Related activities not audited. A. The same information as the written report but in
diagram form.
D. Documentation of previous oral communications.
B. Highlights of the audit results.
[192] Source: CIA 1192 I-44 C. Internal auditing's assessment of the adequacy of
Internal audit reports should contain the purpose, scope, internal controls.
and results. The audit results should contain the criteria,
condition, effect, and cause of the finding. The cause can D. Only that information needed to resolve the
best be described as disagreements between the auditees and internal
auditing.
A. Factual evidence that the internal auditor found.
23
[197] Source: CIA 1187 I-42 D. The advertising manager.
Which of the following situations is most likely to be the
subject of a written interim report to auditee management?
[202] Source: CIA 1190 I-42
A. 70% of the planned audit work has been Summary written audit reports are ordinarily intended for
completed with no significant adverse findings.
A. Local operating management.
B. The auditors have decided to substitute survey
procedures for some of the planned detailed review B. Review by other internal auditors only.
of certain records.
C. High-level management and/or the audit
C. The audit program has been expanded because of committee.
indications of possible fraud.
D. Independent external auditors only.
D. Open burning at a subsidiary plant is a possible
violation of pollution regulations.
[203] Source: CIA 0593 I-38
An internal auditor has uncovered illegal acts committed by
[198] Source: CIA 0590 II-35 a member of senior management. According to the
Interim reports are issued during an audit to Standards, such information
A. Explain the purpose of the audit. A. Should be excluded from the internal auditor's
report and discussed orally with the senior manager.
B. Eliminate the need for a final report.
B. Must be immediately reported to the appropriate
C. Communicate information requiring immediate local authorities.
attention.
C. May be disclosed in a separate report and
D. Define the scope of the audit so the final report
can be brief. distributed to all senior management.
D. Discussion of the report might center unduly on D. To identify management's actions and responses
words rather than on the substantive issues. to the findings.
[200] Source: CIA 1187 I-44 [205] Source: CIA 1194 II-17
Which of the following individuals would normally not Several levels of management are interested in the results
receive an internal auditing report related to a review of the of
purchasing cycle? the marketing department audit. What is the best method of
communicating the results of the audit?
A. The director of purchasing.
A. Write detailed reports for each level of
B. The independent external auditor. management.
C. The treasurer.
24
B. Omit the finding and recommendation. A. A cell.
[207] Source: CIA 1191 I-44 [212] Source: CIA 0594 III-29
Why should organizations require auditees to promptly What is the best thing a microcomputer user should do if a
reply and outline the corrective action that has been program takes longer than usual to load or execute?
implemented on reported deficiencies?
A. Test the system by running a different application
A. To remove items from the pending list as soon as program.
possible.
B. Reboot the system.
B. To effect savings or to institute compliance as
early as possible. C. Run antivirus software.
[209] Source: CIA 0594 III-9 D. Privately-held companies have an internal audit
Which of the following microcomputer applications would staff with an adequate number of qualified personnel
be least helpful in preparing audit workpapers? appropriate for the size of the company.
A. Spreadsheet software.
[214] Source: CMA 0695 4-26
B. Word processing software. In relation to nonfinancial internal audits, the Treadway
Commission recommended
C. Utilities software.
A. That internal auditors not be involved in any
D. Database software. nonfinancial audits because their findings in financial
audits might be biased.
[210] Source: CIA 0594 III-10 B. The full involvement of internal auditors to give
Generalized Audit Software (GAS) is designed to allow them greater knowledge of the company and a more
auditors to informed perspective.
A. Monitor the execution of application programs. C. That the public accountant review completely the
work performed by internal auditors.
B. Process test data against master files that contain
real and fictitious entities. D. That the public accountants review the
nonfinancial audits prepared by internal auditors and
C. Select sample data from files and check include the internal auditors' findings in their reports.
computations.
D. Insert special audit routines into regular application [215] Source: CMA 0682 3-17
programs. From a modern internal auditing perspective, which one of
the following statements represents the most important
benefit of an internal audit department to management?
[211] Source: CIA 0594 III-20
The internal audit department designed a transferable A. Assurance that published financial statements are
spreadsheet file to assess a particular type of process that correct.
occurs at several geographic locations. Which of the
following terms describes this file, which has no specific B. Assurance that fraudulent activities will be
data but contains column headings, formulas, and detected.
formatting instructions?
C. Assurance that the organization is complying with
25
legal requirements.
B. Compare remittance advices and duplicate deposit
D. Assurance that there is reasonable control over slips to postings in the cash receipts journal and the
day-to-day operations. accounts receivable subsidiary ledger cards.
B. Attest to the fairness of financial statements. [221] Source: CMA 0687 3-15
Operational audits are designed to
C. Assist members of the organization in the effective
discharge of their responsibilities. A. Produce an opinion on the fairness of the firm's
financial statements.
D. Provide audit assistance and guidance to the
external accountant. B. Produce an opinion on the accuracy of a firm's
financial accounting system.
[217] Source: CIA 1192 I-23 C. Produce recommendations for improving the
To identify shortages of specific items in an inventory of accuracy of a firm's financial accounting system.
expensive goods held for retail sale, the most appropriate
audit work step is to D. Review performance of an organization or some
portion of an organization (e.g., department, function,
A. Apply the retail method of inventory valuation. etc.) using some pre-established standard as the
primary evaluation criterion.
B. Compare physical inventory counts with perpetual
records.
[222] Source: CMA 0687 3-17
C. Develop inventory estimates based on the gross Which one of the following items is included in an
profit percentage method. operational audit but is not required in a financial audit
conducted by an external auditor?
D. Analyze current and previous inventory turnover
rates. A. Planning and control over the work done by an
audit team.
[218] Source: CMA 0684 3-33 B. Supervision of the audit team's activities and
While assisting the external auditor in the performance of output.
substantive tests or tests of controls, the internal auditor
should C. Fact-finding, analysis, and documentation.
A. Establish limits of materiality that are below the D. Recommendations for improvement.
usual limits set by the external auditor.
B. Establish limits of materiality that are above the [223] Source: CMA 0687 3-16
usual limits set by the external auditor. An example of the subject of an operational audit would be
B. Sample size for the confirmation of accounts [224] Source: CMA 0687 3-18
receivable. In conducting an operational audit, which one of the
following activities would not be expected of the internal
C. Effect of weaknesses in the credit sales system. auditor?
D. Extent of procedures used to test the validity of A. Make an objective observation and
accounts receivable. comprehensive analysis of specific activities.
A. Prepare a schedule of interbank transfers. D. Perform the operational activity of the line
26
personnel. C. Comparison with budgets and forecasts.
D. Ratio analyses.
[225] Source: CMA 0687 3-19
In operational audits when fraud is not an issue, the results
of the operational audit are ideally exposed initially to [230] Source: CIA 0593 I-40
The internal auditing department for a chain of retail stores
A. The manager in charge of the subject department recently concluded an audit of sales adjustments in all
or function. stores in the southeast region. The audit revealed that
several stores are costing the company an estimated
B. The supervisor of the manager in charge of the $85,000 per quarter in duplicate credits to customers'
subject department or function. charge accounts. The audit report, published 8 weeks after
the audit was concluded, included the internal auditors'
recommendations to store management that should prevent
C. The chief executive officer of the corporation. duplicate credits to customers' accounts. Which of the
following standards for reporting has been disregarded in
D. The divisional controller or corporate controller of the above case?
the subject department or function.
A. The follow-up actions were not adequate.
[226] Source: CMA 0682 3-18 B. The auditors should have implemented appropriate
The internal auditor should follow up to ascertain that corrective action as soon as the duplicate credits
appropriate action is taken on deficiency findings. To were discovered.
accomplish this, the internal auditor should
C. Auditor recommendations should not be included
A. Work closely with the external auditor. in the report.
B. Be guided by the wishes of the audit committee. D. The report was not timely.
[227] Source: CMA 0696 4-28 B. Senior management and the Standards.
In conducting internal audits, secondary evidence is used to
support primary evidence. Secondary evidence may C. Management and the board of directors.
include a copy of written evidence or oral evidence. Which
one of the following is the weakest form of supportive D. The audit committee and the chief financial officer.
evidence?
[228] Source: CMA 0696 4-29 B. Provide a systematic format to ensure audit
In assessing relative risks, internal auditors should be least coverage.
concerned with
C. Should be corroborated by gathering objective
A. Reliability and integrity of information. data.
B. Compliance with internal and external rules and D. Are best suited to reaching audit conclusions.
regulations.
27
interview so as not to arouse suspicions.
C. Multiple locations with similar operations. C. The internal auditor's role involves attempting to
obtain confessions of guilt.
D. Subsequent inventory audits performed at the
same location. D. Internal auditors are authorized to waive
punishment of the employee if the employee restores
the item(s) stolen.
[235] Source: CIA 0592 II-18
Audit programs testing internal controls should
[240] Source: CIA 0595 I-60
A. Be tailored for the audit of each operation. It has been established that an internal auditing charter is
one of the more important factors positively affecting the
B. Be generalized to fit all situations without regard to internal auditing department's independence. The Standards
departmental lines. help clarify the nature of the charter by providing guidelines
as to the contents of the charter. Which of the following is
C. Be generalized so as to be usable at all locations not suggested in the Standards as part of the charter?
of a particular department.
A. The department's access to records within the
D. Reduce costly duplication of effort by ensuring organization.
that every aspect of an operation is examined.
B. The scope of internal auditing activities.
[236] Source: CIA 1192 I-21 C. The length of tenure for the internal auditing
An internal auditor has just completed an on-site survey to director.
become familiar with the company's payroll operations.
Which of the following should be performed next? D. The department's access to personnel within the
organization.
A. Assign audit personnel.
C. The auditor starts with the financial statements of C. Indicate that the audit will examine the function
an activity being audited and works backward to the only in accordance with the standards set by, and
basic processes involved in producing them. approved by, the quality assurance function before
beginning the audit.
D. The auditor can use analytical skills and tools that
are not necessary in financial auditing. D. Terminate the audit because an operational audit
will not be productive without the auditee's
cooperation.
[238] Source: CIA 1196 II-14
Which of the following is not a major purpose of an audit
report? [242] Source: CIA 1195 I-47
Management has requested the internal auditing department
A. Inform. to perform an operational audit of the telephone marketing
operations of a major division and to recommend
B. Get results. procedures and policies for improving management control
over the operation. The auditor should
C. Assign responsibility.
A. Not accept the engagement because
D. Persuade. recommending controls would impair future
28
objectivity of the department regarding this auditee.
B. Legislated internal auditing requirements in
B. Not accept the engagement because audit Country X.
departments are presumed to have expertise on
accounting controls, not marketing controls. C. The fact that the director will report to the audit
committee of the board of directors.
C. Accept the engagement, but indicate to
management that recommending controls would D. The fact that the director is to be a Certified
impair audit independence so management knows Internal Auditor.
that future audits of the area would be impaired.
D. Accept the audit engagement because [246] Source: CIA 1196 I-26
independence would not be impaired. Audit committees have been identified as a major factor in
promoting both the internal and external auditor's
independence. Which of the following is the most important
[243] Source: CIA 1195 I-45 limitation on the effectiveness of audit committees?
In considering the internal auditing department's
independence, which of the following facts, by themselves, A. Audit committees may be composed of
could contribute to a lack of internal audit independence? independent directors. However, those directors may
have close personal and professional friendships with
I. The CEO accused the new director of not operating "in management.
the best
interests of the organization." B. Audit committee members are compensated by
II. The majority of audit committee members come from the organization and thus favor a shareholder's view.
within the
organization. C. Audit committees devote most of their efforts to
III. The internal audit charter has not been approved by the external audit concerns and do not pay much
board or attention to internal auditing and the overall control
the audit committee. environment.
A. I only.
D. Audit committee members do not normally have
B. II only. degrees in the accounting or auditing fields.
29
placed in certified containers for shipment to a federal
disposal site. The container must bear an inspection seal C. Preliminary survey.
signed within the last 90 days by a federal inspector. Based
on the following tests, the auditor concluded that the D. Audit program.
company was in compliance for the audit period:
1. Determine from each chemical loading supervisor that [253] Source: CIA 0594 I-27
compliance Assume your company is considering purchasing a small
requirements are understood. toxic waste disposal company. As internal auditors, you are
2. Inspect sealed containers for evidence of leakage. part of the team doing a due diligence review for the
3. Ask chemical loading personnel about procedures acquisition. Your scope (as auditors) would most likely not
performed. include:
Identify which of the following evidential criteria are
violated. A. An evaluation of the merit of lawsuits currently
filed against the waste company.
A. Sufficiency.
B. A review of the purchased company's procedures
B. Competency. for acceptance of waste material and comparison
with legal requirements.
C. Relevance.
C. Analysis of the company's compliance with, and
D. No criteria are violated. disclosure of, loan covenants.
Identify which of the following evidential criteria are B. An operational audit of a division of a company to
violated. determine if divisional management is complying with
laws and regulations.
A. Sufficiency.
C. A review of operations as requested by the audit
B. Competency. committee to determine whether the operations
comply with audit committee and organizational
C. Relevance. policies.
B. Scheduling and time estimates. D. Assess the probable level of and the extent of
30
complicity in the fraud within the organization. The audit was performed to accomplish several objectives:
キ Verify the existence of unused machinery being stored in
the warehouse.
[257] Source: CIA 1192 II-49 キ Determine whether machinery had been damaged during
Internal auditing is responsible for reporting fraud to senior storage.
management or the board when キ Review the handling procedures being performed by
personnel at the
A. The incidence of fraud of a material amount has warehouse.
been established to a reasonable certainty. キ Determine whether proper accounting procedures are
being followed for
B. Suspicious activities have been reported to internal machinery kept in the warehouse.
auditing. キ Calculate the current fair market value of warehouse
inventories.
C. Irregular transactions have been identified and are キ Compare the total value of the machinery to company
under investigation. accounting records.
It was confirmed that, of the 30 machines selected from
D. The review of all suspected fraud-related purchasing records for the sample, 13 were present on the
transactions is complete. warehouse floor and another five were on the loading dock
ready for conveyance to the production facility. Twelve
others had already been sent to the production facility at a
[258] Source: CIA 0593 II-45 previous time. An examination of the accounting
Which of the following policies is most likely to result in an procedures used at the warehouse revealed the failure by
environment conducive to the occurrence of fraud? the warehouse accounting clerk to reconcile inventory
records monthly, as required by policy. A sample of 25
A. Budget preparation input by the employees who machines was examined for possible damage, and all but
are responsible for meeting the budget. one was in good condition. It was confirmed by the
auditors that handling procedures outlined in the warehouse
B. Unreasonable sales and production goals. policy manual appear to be adequate, and warehouse
personnel apparently were following those procedures,
C. The division's hiring process frequently results in except for the examination of items being received for
the rejection of adequately trained applicants. inventory.
D. The application of some accounting controls on a [261] Source: CIA 1196 II-16
sample basis. (Refers to Fact Pattern #4)
When an auditor is communicating with auditees, both
situational factors and message characteristics can damage
[259] Source: CIA 0594 I-12 the communication process. An auditor has only limited
When comparing perpetrators who have embezzled control over situational factors but has substantial control
company funds to perpetrators of financial statement fraud over message characteristics. Which of the following would
(falsified financial statements), those who have falsified seem to be a message characteristic that the auditor who
financial statements would be less likely to: prepared the above report overlooked?
A. A statement that an internal audit conducted with A. Appropriately organize the report.
due professional care cannot provide absolute
assurance that irregularities have not occurred. B. Keep most sentences short and simple.
31
to maintain the highest standards of ethical conduct.
C. Result, conclusion, recommendation. Accordingly, the IMA Code of Ethics explicitly requires
that they
D. Purpose, scope, recommendation.
A. Obtain sufficient competent evidence when
expressing an opinion.
[264] Source: Publisher
If a financial manager/management accountant has a B. Not condone violations by others.
problem in identifying unethical behavior or resolving an
ethical conflict, the first action (s)he should normally take is C. Comply with generally accepted auditing
to standards.
A. Do nothing since she has a duty of loyalty to the B. The immediate superior assures the financial
organization. manager/management accountant that the problem
will be resolved.
B. Consult the audit committee.
C. The immediate superior reports the situation to
C. Present the matter to the next higher managerial his/her superior.
level.
D. The immediate superior, the firm's chief executive
D. Confront her immediate superior. officer, knows about the situation but refuses to
correct it.
A. Consult the board of directors immediately. B. Report any relevant information that could
influence users of financial statements.
B. Discuss the problem with the immediate superior if
(s)he is involved in the conflict. C. Disclose confidential information when authorized
by his/her firm or required under the law.
C. Communicate the problem to authorities outside
the organization. D. Refuse gifts from anyone.
32
unfavorable.
33
PART 1C management decision-making processes
34
wishes. One means of achieving this control objective
is the establishment of policies as guides to action. Answer (A) is correct. Piecework is production that
When a decision affects the capitalization of the is compensated at a set amount per unit of output
entity, a policy should be in force requiring review at rather than time spent on the job. Comparing
the highest level. production amounts (inventory additions) with
payments (piecework records) is therefore an
Answer (C) is incorrect because it does not state a appropriate control over payroll.
control but rather a specific means of issuing
securities. Answer (B) is incorrect because foremen should not
distribute paychecks since they may have access to
Answer (D) is incorrect because a better control is to time cards. The paymaster should distribute checks.
use an independent registrar and transfer agent.
Answer (C) is incorrect because someone other than
an employee could punch his/her time card.
[8] Source: CIA 1188 I-20
Answer (D) is incorrect because unclaimed
Answer (A) is correct. Payroll checks should be paychecks should be deposited in a bank account.
signed by the treasurer, i.e., by someone who is not
involved in timekeeping, record keeping, or payroll
preparation. The payroll clerk performs a [12] Source: CIA 1187 I-43
record-keeping function.
Answer (A) is incorrect because trade-credit
Answer (B) is incorrect because preparing the payroll standards may be evaluated and approved by a
register is one of the record-keeping tasks of the committee of the board or delegated to management.
payroll clerk.
Answer (B) is incorrect because the procedure
Answer (C) is incorrect because the payroll register described is customary.
should be approved by an officer of the company
(this represents a control strength). Answer (C) is correct. Salespeople should be
responsible for generating sales and providing service
Answer (D) is incorrect because paychecks should to customers. For effective control purposes, the
be drawn on a separate payroll checking account finance department should be responsible for
(this is a control strength). monitoring the financial condition of prospective and
continuing customers in the credit approval process.
[9] Source: CIA 1192 II-17 Answer (D) is incorrect because the credit
department should approve transactions based upon
Answer (A) is incorrect because cash receipts may credit information before sales are processed.
be physically safeguarded by such measures as
maintaining a secure cash receiving point.
[13] Source: CIA 0591 I-23
Answer (B) is incorrect because initial accountability
may be fixed by issuing a source document (a Answer (A) is incorrect because employees may be
receipt) when the cash is received. properly included on payroll, but the amounts paid
may be unauthorized.
Answer (C) is incorrect because separating cash
receipts and record keeping does not prevent paying Answer (B) is incorrect because returning
cash disbursements directly from cash receipts. undelivered checks to the cashier provides no
evidence regarding the validity of the amounts of
Answer (D) is correct. Separating cash receipts and checks.
record keeping prevents an employee from
misappropriating cash and altering the records to Answer (C) is correct. Review and approval of time
conceal the irregularity. cards by line supervisors is appropriate because they
should know whether work has been performed.
Also, because they do not distribute paychecks, they
[10] Source: CIA 1193 II-11 are not in a position to divert falsely authorized
checks.
Answer (A) is incorrect because the requesting
department normally develops specifications. Answer (D) is incorrect because witnessing a payroll
distribution does not assure that the amounts paid are
Answer (B) is incorrect because open purchase authorized.
orders are customary for high-use items.
Answer (C) is correct. Purchasing from parties [14] Source: CIA 0587 III-22
related to buyers or other company officials is a risk
factor because it suggests the possibility of fraud. Answer (A) is correct. A feedback control system
Such conflicts of interest may result in transactions ensures that a desired state is attained or maintained.
unfavorable to the company. The control object is the variable of the system's
behavior chosen for monitoring. A detector measures
Answer (D) is incorrect because an approved vendor what is happening in the variable being controlled. A
list is often maintained as a control factor to help reference point represents the standards against
ensure that purchases are made only from reliable which performance may be measured or matched. A
vendors. However, rotation is not usually comparator (analyzer) is a device for assessing the
appropriate. significance of what is happening, usually by
comparing information supplied by the detector (what
is actually happening) with the established reference
[11] Source: CIA 1186 I-9 points (what should be happening). An activator is a
35
decision maker. It evaluates alternative courses of responsible for authorizing and executing employee
corrective action available given the nature of the transactions such as hiring, firing, and changes in pay
deviation identified and transmitted by the rates and deductions. Segregating these functions
comparator. The output of the activating mechanism helps prevent fraud. Thus, the payroll for each period
is typically corrective action. should be compared with the active employment files
of the personnel department. Authorization by the
Answer (B) is incorrect because it gives the elements personnel department is the only control placed in the
in a communication network. transaction flow early enough to prevent the addition
of bogus employees to the payroll.
Answer (C) is incorrect because it states behavior
motivators.
[18] Source: CIA 1193 I-12
Answer (D) is incorrect because it concerns
management functions other than controlling. Answer (A) is incorrect because a receiving function
can be effective within normal organizational
parameters.
[15] Source: CIA 1189 I-9
Answer (B) is correct. The receiving department
Answer (A) is correct. The sequential numbering of should maintain a file of properly authorized purchase
documents provides a standard control over orders so that unauthorized shipments are not
transactions. The numerical sequence should be accepted. However, prices and quantities should be
accounted for by an independent party. A major omitted from these copies of the orders. If the
objective is to detect unrecorded and unauthorized receiving clerk does not know the quantity ordered,
transactions. an independent count can be assured.
Answer (B) is incorrect because this check would not Answer (C) is incorrect because more than the
prevent or detect unrecorded and unauthorized warehouse manager's approval is needed.
transactions.
Answer (D) is incorrect because the receiving
Answer (C) is incorrect because credit approval department's copy should omit prices and quantities.
does not assure billing.
Answer (D) is incorrect because it states an analytical [19] Source: CMA 1294 2-30
procedure, not a preventive control.
Answer (A) is correct. According to AU 312,
"Inherent risk is the susceptibility of an assertion to a
[16] Source: CIA 1192 I-18 material misstatement, assuming that there are no
related internal control structure policies or
Answer (A) is incorrect because monthly bank procedures. The risk of such misstatement is greater
statement reconciliation is a detective control. The for some assertions and related balances or classes
events under scrutiny have already occurred. than for others." Unlike detection risk, inherent risk
and control risk "are independent of the audit."
Answer (B) is incorrect because dual signatures on all Furthermore, inherent risk and control risk are
disbursements over a specific dollar amount is a inversely related to detection risk. Thus, the lower the
preventive control. The control is designed to deter inherent risk, the higher the acceptable detection risk.
an undesirable event.
Answer (B) is incorrect because the risk that the
Answer (C) is incorrect because recording every auditor may unknowingly fail to appropriately modify
transaction on the day it occurs is a preventive his or her opinion on financial statements that are
control. The control is designed to deter an materially misstated is audit risk.
undesirable event.
Answer (C) is incorrect because the risk that a
Answer (D) is correct. Requiring all members of the material misstatement that could occur in an assertion
internal auditing department to be CIAs is a directive will not be prevented or detected on a timely basis by
control. The control is designed to encourage a the entity's internal control structure policies or
desirable event to occur, i.e., to enhance the procedures is control risk.
professionalism and level of expertise of the internal
auditing department. Answer (D) is incorrect because the risk that the
auditor will not detect a material misstatement that
exists in an assertion is detection risk.
[17] Source: CIA 1192 II-20
Answer (A) is incorrect because the clerk could [20] Source: CIA 0589 III-2
circumvent using time cards and attendance records
in the computation of employee gross earnings. Answer (A) is incorrect because drafting procedures,
not reviewing them, would impair independence.
Answer (B) is incorrect because the problem is with
fictitious employees, not close relatives working in the Answer (B) is incorrect because it describes a
same department. possible procedure in a future audit if the travel
approval system is implemented.
Answer (C) is incorrect because having the
treasurer's office sign payroll checks takes place after Answer (C) is incorrect because no reason exists for
the fact. internal auditing to receive copies of these forms. In
an audit, auditee copies will be sufficient.
Answer (D) is correct. The payroll department is
responsible for assembling payroll information Answer (D) is correct. The objectivity of internal
(record keeping). The personnel department is auditors is not impaired by recommending standards
36
of control for systems or reviewing procedures monthly by the accounts receivable department
before implementation (Standard 120). Indeed, the without allowing access to the statements by
scope of work encompasses examining and employees of the cashier's department. The sales
evaluating the adequacy and effectiveness of internal manager should not be the only person to review
control (Standard 300). The review for adequacy delinquent accounts because (s)he may have an
concerns efficiency and economy. According to interest in not declaring an account uncollectible.
SIAS 1, "Efficient performance accomplishes
objectives and goals in an accurate and timely fashion Answer (C) is incorrect because it states an
with minimal use of resources." The review for important internal control procedure in the area of
effectiveness is to determine whether the system will accounts receivable.
function as intended. Effective control is present when
there is reasonable assurance that objectives and Answer (D) is incorrect because it states an
goals will be achieved. important internal control procedure in the area of
accounts receivable.
Answer (B) is incorrect because intangible benefits Answer (B) is correct. The payroll department is
may render an internal audit function an effective responsible for assembling payroll information
control even if it is not cost effective. It may not be (record keeping). The personnel department is
good management to have an internal auditor who is responsible for authorizing employee transactions
not cost effective, but that does not affect the internal such as hiring, firing, and changes in pay rates and
audit function's status as a control. deductions. Segregating the recording and
authorization functions helps prevent fraud.
Answer (C) is incorrect because operational audits
deal with effectiveness and efficiency and thus would Answer (C) is incorrect because a test for
not influence the effectiveness of the auditor as a mathematical accuracy does not prevent or detect
control relevant to financial statement audits. fictitious transactions.
Answer (D) is incorrect because an effective control Answer (D) is incorrect because reconciling the
need not use statistical procedures. accounting records to the bank statement is a test of
the accuracy of the cash balance.
37
Answer (C) is incorrect because it concerns the
effectiveness, economy, and efficiency of
[26] Source: CMA 1286 3-29 management decision processes that ordinarily do not
relate to an entity's ability to record, process,
Answer (A) is incorrect because persons with record summarize, and report financial data consistent with
keeping but not custody of assets responsibilities financial statement assertions.
should have access to blank checks, while the duty of
signing checks (custodianship) should be assigned to Answer (D) is incorrect because it concerns the
persons (e.g., the treasurer) with no record keeping effectiveness, economy, and efficiency of
function. management decision processes that ordinarily do not
relate to an entity's ability to record, process,
Answer (B) is incorrect because payroll preparation summarize, and report financial data consistent with
and payment to employees should be segregated financial statement assertions.
since they are incompatible record keeping and
custodianship functions.
[29] Source: CMA 1288 3-25
Answer (C) is incorrect because approval of time
cards is an authorization function that is incompatible Answer (A) is incorrect because auditors must
with the record keeping function of preparation of consider the internal control structure, but they do not
paychecks. establish and maintain it.
Answer (D) is correct. Combining the timekeeping Answer (B) is correct. Establishing and maintaining
function and the preparation of the payroll journal an internal control structure is the responsibility of
entries would not be improper because the employee management. An internal control structure is intended
has no access to assets or to employee records in the to provide reasonable assurance that the entity's
personnel department. Only through collusion could objectives are achieved. Achievement of these
an embezzlement be perpetrated. Accordingly, the objectives is the basic function of management.
functions of authorization, record keeping, and
custodianship remain separate. Answer (C) is incorrect because this individual is only
responsible to the extent that he(she) is a part of the
management team.
[27] Source: CMA 1283 3-11
Answer (D) is incorrect because this individual is only
Answer (A) is incorrect because it is a benefit of a responsible to the extent that he(she) is a part of the
strong internal control structure. The cost of the management team.
external audit will be lower because of the reduction
of the audit effort related to substantive testing.
[30] Source: CMA 0690 3-23
Answer (B) is correct. Even the best internal control
structure (ICS) cannot guarantee the complete Answer (A) is incorrect because the ultimate purpose
elimination of employee fraud. An effective ICS will of the assessment of control risk in a financial
reduce the amount of employee fraud and probably statement audit is to determine the degree of audit
detect losses on a timely basis. effort to be devoted to substantive tests.
Answer (C) is incorrect because it is a benefit of a Answer (B) is incorrect because the ultimate purpose
strong internal control structure. Management will of the assessment of control risk in a financial
have better data for decision-making purposes. statement audit is to determine the degree of audit
effort to be devoted to substantive tests.
Answer (D) is incorrect because it is a benefit of a
strong internal control structure. Management will Answer (C) is incorrect because advice to
have some assurance of compliance with the FCPA. management is only a by-product of a financial
statement audit.
[28] Source: CMA 1288 3-21 Answer (D) is correct. The assessed levels of control
risk and inherent risk are used to determine the
Answer (A) is incorrect because it concerns the acceptable level of detection risk for financial
effectiveness, economy, and efficiency of statement assertions. This level of detection risk is
management decision processes that ordinarily do not then used to determine the nature, timing, and extent
relate to an entity's ability to record, process, of the auditing procedures to detect material
summarize, and report financial data consistent with misstatements in financial statement assertions.
financial statement assertions. Procedures designed to detect these misstatements
are substantive tests. As the acceptable level of
Answer (B) is correct. The policies and procedures detection risk decreases, the assurance to be
most likely to be relevant to a financial statement provided by substantive tests increases.
audit pertain to the entity's ability to record, process,
summarize, and report financial data consistent with
the assertions embodied in the financial statements. [31] Source: CMA 0690 3-25
Maintenance of control over unused checks is an
example of a relevant procedure because the Answer (A) is incorrect because determination of
objective is to safeguard cash. The auditor must proper amounts of sales invoices concerns the
understand the ICS policies and procedures relevant valuation assertion. Also, sales invoices are part of
to the assertions about cash in the financial the sales-receivables (revenue) cycle.
statements. (S)he must then assess control risk for
those assertions; that is, (s)he must evaluate the Answer (B) is correct. A completeness assertion
effectiveness of the ICS in preventing or detecting concerns whether all transactions and accounts that
material misstatements in the assertions. should be presented in the financial statements are so
presented. The exclusive use of sequentially
38
numbered documents facilitates control over
expenditures. An unexplained gap in the sequence Answer (B) is incorrect because distribution of
alerts the auditor to the possibility that not all payroll checks and approval of sales returns are
transactions have been recorded. A failure to use independent functions. People who perform such
prenumbered checks would therefore suggest a disparate tasks are unlikely to be able to perpetrate
higher assessment of control risk. If a company uses and conceal a fraud. In fact, some companies use
prenumbered checks, it should be easy to determine personnel from an independent function to distribute
exactly which checks were used during a period. payroll checks.
Answer (C) is incorrect because cash receipts are Answer (C) is incorrect because posting both ledgers
part of the revenue cycle. would cause no conflict as long as the individual
involved did not have access to the actual cash. If a
Answer (D) is incorrect because consideration of the person has access to records but not the assets, there
qualifications of accounting personnel is not a test of is no danger of embezzlement without collusion.
controls over the completeness of any cycle. This
procedure is appropriate during the consideration of Answer (D) is correct. Recording of cash establishes
the control environment. accountability for assets. The bank reconciliation
compares that recorded accountability with actual
assets. The recording of cash receipts and
[32] Source: CIA 0589 II-7 preparation of bank reconciliations should therefore
be performed by different individuals since the
Answer (A) is incorrect because this control is preparer of a reconciliation could conceal a cash
implemented before deposits are prepared and shortage. For example, if a cashier both prepares the
recorded in the company's books. The problem here bank deposit and performs the reconciliation, (s)he
is the detection of the diversion of funds that have could embezzle cash and conceal the theft by
been properly recorded upon receipt. falsifying the reconciliation.
Answer (A) is incorrect because it is a part of the [36] Source: CMA 0689 3-17
custodial function, which is the primary responsibility
of a cashier. Answer (A) is incorrect because prenumbered
receiving reports should be issued sequentially. A gap
Answer (B) is incorrect because it is a part of the in the sequence may indicate an erroneous or
custodial function, which is the primary responsibility fraudulent transaction.
of a cashier.
Answer (B) is incorrect because invoices should not
Answer (C) is incorrect because it is a part of the be approved by purchasing. That is the job of the
custodial function, which is the primary responsibility accounts payable department.
of a cashier.
Answer (C) is incorrect because annual review of
Answer (D) is correct. The cashier is an assistant to unmatched receiving reports is too infrequent. More
the treasurer and thus performs an asset custody frequent attention is necessary to remedy deficiencies
function. Individuals with custodial functions should in the internal control structure.
not have access to the accounting records. If the
cashier were allowed to post the receipts to the Answer (D) is correct. A voucher should not be
accounts receivable subsidiary ledger, an opportunity prepared for payment until the vendor's invoice has
for embezzlement would arise that could be been matched against the corresponding purchase
concealed by falsifying the books. order and receiving report. This procedure provides
assurance that a valid transaction has occurred and
that the parties have agreed on the terms, such as
[34] Source: CMA 1288 3-23 price and quantity.
39
Answer (A) is incorrect because the managers should audit risk are inherent risk, control risk, and detection
submit purchase requisitions to the purchasing risk.
department. The purchasing function should be
separate from operations.
[40] Source: CMA 1286 3-26
Answer (B) is incorrect because, to encourage a fair
count, the receiving department should receive a Answer (A) is incorrect because audit risk is the risk
copy of the purchase order from which the quantity that the auditor may unknowingly fail to appropriately
has been omitted. modify an opinion on financial statements that are
materially misstated.
Answer (C) is correct. Accounting for payables is a
recording function. The matching of the supplier's Answer (B) is incorrect because detection risk is the
invoice, the purchase order, and the receiving report risk that the auditor will not detect a material
(and usually the purchase requisition) should be the misstatement that exists in an assertion.
responsibility of the accounting department. These
are the primary supporting documents for the Answer (C) is incorrect because sampling risk is the
payment voucher prepared by the accounts payable risk that a particular sample may contain
section that will be relied upon by the treasurer in proportionately more or fewer monetary
making payment. misstatements or deviations from controls than exist in
the population as a whole (AU 350).
Answer (D) is incorrect because the receiving
department should transfer goods directly to the Answer (D) is correct. Inherent risk is the
storeroom to maintain security. A copy of the susceptibility of an assertion to a material
receiving report should be sent to the storeroom so misstatement in the absence of related controls. This
that the amount stored can be compared with the risk is greater for some assertions and related
amount in the report. balances or classes than others. For example,
complex calculations are more likely to be misstated
than simple ones, and cash is more likely to be stolen
[38] Source: CIA 0593 II-11 than an inventory of coal. Inherent risk exists
independently of the audit (AU 312).
Answer (A) is incorrect because matching quantity
received with the packing slip does not ensure receipt
of the quantity ordered. [41] Source: Publisher
Answer (B) is correct. Use of the master price list Answer (A) is correct. Inherent risk is the
assures that the correct retail price is marked. susceptibility of an assertion to material misstatement
in the absence of related controls. Some assertions
Answer (C) is incorrect because goods may or may and related balances or classes of transactions have
not be needed in retail sales. greater inherent risk. Thus, cash has a greater
inherent risk than less liquid assets.
Answer (D) is incorrect because the crucial function
of the receiving department is to make an Answer (B) is incorrect because some control risk
independent, accurate count of the goods received. will always exist. Internal control has inherent
Packing slip information is irrelevant. The buyer limitations.
needs to know whether the appropriate goods have
been received in good condition and in the quantities Answer (C) is incorrect because detection risk is a
ordered. function of auditing effectiveness (achieving results),
not efficiency.
Answer (C) is incorrect because the components of Answer (C) is incorrect because changing the extent
audit risk are inherent risk, control risk, and detection of testing is a possible response to a decrease in the
risk. acceptable level of detection risk.
Answer (D) is incorrect because the components of Answer (D) is correct. The overall allowable audit
40
risk of material misstatement in a financial statement structure and management philosophy are factors in
assertion equals the product of inherent risk, control the control environment component.
risk, and detection risk (expressed as probabilities).
The audit risk formula in AU 350 further divides Answer (B) is correct. Internal control includes five
detection risk for a substantive test of details into (1) components: the control environment, risk
the risk that analytical procedures and other assessment, control activities, information and
substantive tests will fail to detect misstatements equal communication, and monitoring. The control
to tolerable misstatement and (2) the allowable risk of environment sets the tone of an organization,
incorrect acceptance for the substantive test of influences control consciousness, and provides a
details. After determining the level to which (s)he foundation for the other components. Risk
wishes to restrict the risk of material misstatement assessment is the identification and analysis of
and the assessed levels of control risk and inherent relevant risks to achievement of objectives. Control
risk, the auditor performs substantive tests to restrict activities help ensure that management directives are
detection risk to the acceptable level. Accordingly, executed. Information and communication are the
the level of detection risk that an auditor may accept identification, capture, and exchange of information in
is inversely related to control risk and inherent risk. If a form and time frame that allow people to meet their
either increases, the acceptable level of detection risk responsibilities. Monitoring assesses the performance
decreases, and the audit or should change the nature, of internal control over time (AU 319).
timing, or extent of substantive tests to increase the
assurance they provide. Answer (C) is incorrect because risk assessment is
the only component listed.
Answer (C) is incorrect because the concept of Answer (C) is incorrect because physical controls is
materiality recognizes that some misstatements, either a category of control activities.
individually or in the aggregate, are important for the
fair presentation of financial statements. Qualitative as Answer (D) is correct. Control activities are policies
well as quantitative factors affect materiality and procedures that help ensure that management
judgments. directives are carried out. They are intended to
ensure that necessary actions are taken to address
Answer (D) is incorrect because both material errors risks to achieve the entity's objectives. Control
and material fraud cause financial statements to be activities have various objectives and are applied at
materially misstated. various organizational and functional levels. However,
an internal audit function is part of the monitoring
component.
[44] Source: Publisher
Answer (A) is correct. AU 350 states that the model [47] Source: CMA 1284 3-22
for the overall allowable audit risk is not intended to
be a mathematical formula including all factors that Answer (A) is correct. Internal auditing examines and
may influence the determination of individual risk evaluates the adequacy and effectiveness of an
components. However, the model is sometimes useful organization's controls. Its scope of work includes
in considering and planning appropriate risk levels. reviewing the reliability and integrity of financial data.
AR is equal to the joint probability that material The internal audit function is part of the monitoring
misstatements will occur in an assertion, that internal component of internal control and therefore may have
control will not prevent or detect material an important effect on the entity's ability to record,
misstatements, and that subsequent procedures will process, summarize, and report financial data.
also not detect them. Hence, AR is expressed as the
product of IR, CR, AP, and TD. Answer (B) is incorrect because operational audits
are concerned with operational efficiency and
Answer (B) is incorrect because this is a nonsensical effectiveness.
relationship.
Answer (C) is incorrect because routine supervisory
Answer (C) is incorrect because this is a nonsensical review of production planning is a concern of
relationship. management but does not directly affect the fairness
of the financial statements.
Answer (D) is incorrect because this is a nonsensical
relationship. Answer (D) is incorrect because the existence of a
preventive maintenance program is not directly
relevant to a financial statement audit.
[45] Source: CMA 0695 4-28
Answer (A) is incorrect because planning is not a [48] Source: CIA 1195 I-66
component of internal control. Organizational
41
Answer (A) is incorrect because budgetary
comparison is a typical example of a monitoring [51] Source: Publisher
control.
Answer (A) is incorrect because the auditor gains an
Answer (B) is incorrect because investigation of understanding of internal control primarily through
exceptions is a monitoring control used by previous experience with the entity, inquiries,
lower-level management to determine when their inspection of documents and records, and
operations may be out of control. observation of activities.
Answer (C) is correct. Monitoring assesses the Answer (B) is correct. The purpose of tests of
quality of internal control over time. Management controls is to evaluate the effectiveness of the design
considers whether internal control is properly or operation of controls in preventing or detecting
designed and operating as intended and modifies it to material misstatements. The auditor tests whether
reflect changing conditions. Monitoring may be in the controls are suitably designed to prevent or detect
form of separate, periodic evaluations or of ongoing material misstatements in specific assertions. The
monitoring. Ongoing monitoring occurs as part of auditor also tests how a control was applied, by
routine operations. It includes management and whom it was applied, and whether it was applied
supervisory review, comparisons, reconciliations, and consistently during the audit period (AU 319).
other actions by personnel as part of their regular
activities. However, reconciling batch control totals is Answer (C) is incorrect because the auditor is not
a processing control. obligated to search for reportable conditions but
should communicate those of which (s)he becomes
Answer (D) is incorrect because internal auditing is a aware.
form of monitoring. It serves to evaluate
management's other controls. Answer (D) is incorrect because inherent risk is the
susceptibility of an assertion to a material
misstatement in the absence of related controls.
[49] Source: CMA 0685 3-17
Answer (D) is incorrect because the absence of Answer (C) is incorrect because control is not limited
monitoring weakens internal control. to processing. Moreover, it is instituted by
management, not auditors.
42
Answer (D) is incorrect because some control [57] Source: CMA 1295 4-27
procedures may be designed from the bottom up, but
the concept of control flows from management down Answer (A) is incorrect because computer
through the organization. configuration is not an element of a data flow
diagram.
[54] Source: CIA 0592 II-16 Answer (B) is correct. Structured analysis is a
graphical method of defining the inputs, processes,
Answer (A) is correct. According to The IIA's SIAS and outputs of a system and dividing it into
1, "Reasonable assurance is provided when subsystems. It is a top down approach that specifies
cost-effective actions are taken to restrict deviations the interfaces between modules and the
to a tolerable level. This implies, for example, that transformations occurring within each. Data flow
material errors and improper or illegal acts will be diagrams are used in structured analysis. The basic
prevented or detected and corrected within a timely elements of a data flow diagram include data source,
period by employees in the normal course of data destination, data flows, transformation
performing their assigned duties. The cost-benefit processes, and data storage.
relationship is considered by management during the
design of systems. The potential loss associated with Answer (C) is incorrect because a program flowchart
any exposure or risk is weighed against the cost to is not an element of a data flow diagram.
control it."
Answer (D) is incorrect because a program flowchart
Answer (B) is incorrect because collusion is an is not an element of a data flow diagram.
inherent limitation of internal control.
Answer (C) is incorrect because the board of [58] Source: CIA 1193 II-8
directors or a similar body is responsible for the
guidance and oversight of management. Answer (A) is correct. According to SIAS 1,
"Management plans, organizes, and directs in such a
Answer (D) is incorrect because the examination and fashion as to provide reasonable assurance that
evaluation of management processes is a function of established goals and objectives will be achieved."
the internal auditing department. Also, "Management establishes and maintains an
environment that fosters control."
Answer (B) is incorrect because each is a normal and Answer (C) is incorrect because the FCPA contains
appropriate reporting relationship. no requirement that an auditor express an opinion on
internal control.
Answer (C) is correct. The audit committee has a
control function because of its oversight of internal as Answer (D) is correct. Whether a client is in
well as external auditing. It should be made up of conformity with the Foreign Corrupt Practices Act is
directors who are independent of management. The a legal question. Auditors cannot be expected to
authority and independence of the audit committee provide clients or users of the financial statements
strengthen the position of internal auditing. The board with legal advice. The role of the auditor is to assess
should concur in the appointment or removal of the control risk in the course of an engagement to attest
director of internal auditing, who should have direct, to the fair presentation of the financial statements.
regular communication with the board (Standard
110).
[60] Source: CMA 1285 3-30
Answer (D) is incorrect because each is a normal and
appropriate reporting relationship. Answer (A) is incorrect because compliance with the
FCPA is not the specific responsibility of the chief
43
financial officer. pictorial fashion the flow of data, documents, and/or
operations in a system. Flowcharts may summarize a
Answer (B) is incorrect because compliance with the system or present great detail, e.g., as found in
FCPA is not the specific responsibility of the board program flowcharts. According to the American
of directors. National Standards Institute, the diamond-shaped
symbol represents a decision point or test of a
Answer (C) is incorrect because compliance with the condition in a program flowchart, that is, the point at
FCPA is not the specific responsibility of the director which a determination must be made as to which
of internal auditing. logic path (branch) to follow. The diamond is also
sometimes used in systems flowcharts.
Answer (D) is correct. The accounting requirements
apply to all public companies that must register under Answer (D) is incorrect because a predefined
the Securities Exchange Act of 1934. The processing step is represented by a rectangle with
double lines on either side.
responsibility is thus placed on companies, not
individuals.
[64] Source: Publisher
[61] Source: Publisher Answer (A) is incorrect because the audit should
provide reasonable assurance about whether the
Answer (A) is incorrect because industry conditions financial statements are free of material
relate to fraudulent reporting. misstatements.
Answer (B) is incorrect because operating Answer (B) is incorrect because the risk of material
characteristics relate to fraudulent reporting. misstatement due to fraud must be assessed.
Answer (C) is incorrect because management's Answer (C) is incorrect because the risk of material
characteristics relate to fraudulent reporting. misstatement due to fraud must be assessed.
Answer (D) is correct. The auditor must specifically Answer (D) is correct. AU 316, Consideration of
assess the risk of material misstatement due to fraud, Fraud in a Financial Statement Audit, requires that
a risk that is part of audit risk. The assessment is the auditor specifically assess the risk of material
considered in designing audit procedures. misstatement due to fraud. This assessment is
Accordingly, AU 316 states that the auditor should considered in the design of audit procedures. The
consider three categories of risk factors related to fraud risk factors to be considered in this assessment
fraudulent reporting: management's characteristics relate to misstatements arising from (1) fraudulent
and influence over the control environment, industry reporting and (2) misappropriation of assets.
conditions, and operating characteristics and financial
stability. The two categories of risk factors related to
misappropriation of assets are controls and [65] Source: Publisher
susceptibility of assets to misappropriation.
Answer (A) is correct. The auditor would be
concerned if the decision process were dominated by
[62] Source: Publisher one individual or a small group. In that case,
compensating controls, e.g., effective oversight by the
Answer (A) is incorrect because the two conditions audit committee, reduce risk.
are ordinarily present in fraud.
Answer (B) is incorrect because one risk factor is
Answer (B) is incorrect because misstatements management's commitment to third parties to achieve
arising from fraudulent reporting are intentional unduly aggressive or clearly unrealistic forecasts.
misstatements or omissions to deceive financial
statement users, and misstatements arising from Answer (C) is incorrect because another risk factor is
misappropriation of assets involve theft, the effect of display of an excessive interest in improving the
which is nonconformity of the financial statements entity's stock price or earnings trend through use of
with GAAP. unusually aggressive accounting practices.
Answer (C) is correct. Misappropriation of assets Answer (D) is incorrect because still another risk
may be accompanied by false or misleading records factor pertaining to management's characteristics and
and may involve one or more individuals among influence over the control environment is an interest in
management, employees, or third parties. inappropriate methods of minimizing earnings for tax
purposes.
Answer (D) is incorrect because auditors are not
trained or expected to be experts in authentication,
and there is some risk that fraud may go undetected. [66] Source: Publisher
Answer (A) is incorrect because the rectangle is the Answer (B) is incorrect because materiality applies to
appropriate symbol for a process or a single step in a all GAAS.
procedure or program.
Answer (C) is incorrect because the degree of
Answer (B) is incorrect because a terminal display is inherent risk is the reason that more effort must be
signified by a symbol similar to the shape of a directed to assertions (e.g., cash) that are more
cathode ray tube. susceptible to misstatement.
Answer (C) is correct. Flowcharts illustrate in Answer (D) is correct. The concept of materiality
44
recognizes that some, but not all, matters are
important to the fairness of the financial statements. Answer (B) is correct. Internal control is a process
"Audit risk is the risk that the auditor may designed to provide reasonable assurance regarding
unknowingly fail to appropriately modify the opinion the achievement of organizational objectives. Because
on financial statements that are materially misstated" of inherent limitations, however, no system can be
(AU 312). A decrease either in the amount of designed to eliminate all fraud.
misstatements deemed to be material or in the
acceptable level of audit risk requires the auditor to Answer (C) is incorrect because internal control can
select more effective procedures, perform provide reasonable assurance regarding compliance
procedures closer to the balance sheet date, or with applicable laws and regulations.
increase the extent of procedures.
Answer (D) is incorrect because internal control can
provide reasonable assurance regarding effectiveness
[67] Source: Publisher and efficiency of operations.
Answer (B) is incorrect because inherent risk and Answer (A) is correct. The need for management to
control risk, which depend on the entity's unique spend time on a day-to-day basis reviewing
circumstances and not the auditor's procedures, must exception reports is reduced when internal control is
both be assessed to calculate the acceptable working effectively. An effective internal control
detection risk. should prevent as well as detect exceptions.
Answer (C) is incorrect because the acceptable Answer (B) is incorrect because some risks are
detection risk is a function of the assessments of unavoidable and others can be eliminated only at
inherent risk and control risk. excessive costs.
Answer (D) is correct. The risk of material Answer (C) is incorrect because the potential for
misstatement (audit risk) in a financial statement management override is a basic limitation of internal
assertion equals the product of inherent risk, control control.
risk, and detection risk (expressed as probabilities).
Inherent risk is the risk that an assertion could be Answer (D) is incorrect because controls should be
materially misstated in the absence of related modified as appropriate for changes in conditions.
controls. Control risk is the risk that a material
misstatement that could occur in an assertion will not
be prevented or detected on a timely basis by the [71] Source: Publisher
related control policies and procedures. Detection
risk is the risk that the auditor will not detect a Answer (A) is incorrect because safeguarding
material misstatement. The acceptable level of resources is subsumed under the overall purpose of
detection risk is a function of the assessed levels of providing reasonable assurance that the objectives of
inherent risk and control risk. Hence, as the latter the organization are achieved.
increase, the acceptable level of detection risk
decreases. Answer (B) is correct. According to AU 319,
"Internal control is a process, effected by an entity's
board of directors, management, and other
[68] Source: Publisher personnel, designed to provide reasonable assurance
regarding the achievement of objectives in the
Answer (A) is correct. Human resource policies and following categories: reliability of financial reporting,
practices are a factor in the control environment effectiveness and efficiency of operations, and
component of internal control. They affect the entity's compliance with applicable laws and regulations."
ability to employ sufficient competent personnel to
accomplish its objectives. Policies and practices Answer (C) is incorrect because encouraging
include those for hiring, orientation, training, compliance with management's intentions is subsumed
evaluating, promoting, compensating, and remedial under the overall purpose of providing reasonable
actions. Although control activities based on the assurance that the objectives of the organization are
segregation of duties are important to internal control, achieved.
they do not in themselves promote employee
competence. Answer (D) is incorrect because ensuring the
accuracy, reliability, and timeliness of information is
Answer (B) is incorrect because effective hiring subsumed under the overall purpose of providing
practices result in selection of competent employees. reasonable assurance that the objectives of the
organization are achieved.
Answer (C) is incorrect because effective training
programs increase the competence of employees.
[72] Source: Publisher
Answer (D) is incorrect because performance
evaluations improve competence by identifying Answer (A) is correct. Preventive controls are
substandard work and by serving as a basis for designed to prevent an error or an irregularity.
rewarding exceptional efforts. Detective and corrective controls attempt to identify
and correct errors or irregularities that have already
occurred. Preventive controls are usually more cost
[69] Source: Publisher beneficial than detective or corrective controls.
Assigning two individuals to open mail is an attempt
Answer (A) is incorrect because internal control can to prevent misstatement of cash receipts.
provide reasonable assurance regarding reliability of
financial reporting. Answer (B) is incorrect because reconciling the
45
subsidiary file with the master file may detect and lead graphically presents the flow of forms (documents)
to the correction of errors, but the control does not through a system that relate to a given transaction,
prevent errors. e.g., the processing of a customer's order. It shows
the source, flow, processing, and final disposition of
Answer (C) is incorrect because the use of batch the various copies of all related documents.
totals may detect a missing or lost document but will
not necessarily prevent a document from becoming
lost. [76] Source: CIA 1191 II-13
Answer (D) is incorrect because bank reconciliations Answer (A) is incorrect because factors 2, 3, 4, and
disclose errors in the accounts but have no preventive 7 are not quantifiable in dollars.
effect.
Answer (B) is incorrect because factors 2, 4, and 7
are not quantifiable in dollars.
[73] Source: CIA 1187 I-10
Answer (C) is correct. Audit risk is the risk that the
Answer (A) is incorrect because failure to segregate audit will not detect material misstatements.
the functions of recording and asset custody is an Materiality is a function of quantitative and qualitative
avoidable condition. factors, of which the former are obviously more
readily defined. Factors 1, 5, and 6 can all be
Answer (B) is correct. Inherent limitations of internal quantified.
control arise from faulty judgment in decision making,
simple error or mistake, and the possibility of Answer (D) is incorrect because factors 3 and 4 are
collusion and management override (AU 319). Thus, not quantifiable in dollars.
a control (use of security guards) based on
segregation of functions may be overcome by
collusion among two or more employees. [77] Source: CIA 0592 II-17
Answer (C) is incorrect because transactions can and Answer (A) is incorrect because a group has a better
should be authorized before execution. chance of successfully perpetrating a fraud than does
an individual employee.
Answer (D) is incorrect because assignment of an
unqualified employee is an avoidable, not an inherent, Answer (B) is correct. Segregation of duties and
control weakness. other control procedures serve to prevent or detect a
fraud committed by an employee acting alone. One
employee may not have the ability to engage in
[74] Source: CMA 1283 3-14 wrongdoing or may be subject to detection by other
employees in the course of performing their assigned
Answer (A) is incorrect because authorization and duties. However, collusion may circumvent controls.
record keeping should be separate. For example, comparison of recorded accountability
with assets may fail to detect fraud if persons having
Answer (B) is incorrect because authorization and custody of assets collude with record keepers.
asset custody should be separate.
Answer (C) is incorrect because management can
Answer (C) is incorrect because record keeping and override controls.
asset custody should be separate.
Answer (D) is incorrect because even a single
Answer (D) is correct. One person should not be manager may be able to override controls.
responsible for all phases of a transaction, i.e., for
authorization, execution, recording, and custodianship
of the related assets. These duties should be [78] Source: CIA 1188 I-16
performed by separate individuals to reduce the
opportunities for any person to be in a position of Answer (A) is correct. According to SIAS 1, "A
both perpetrating and concealing errors or fraud in control is any action taken by management to
the normal course of his/her duties. For instance, an enhance the likelihood that established objectives and
employee who receives and lists cash receipts should goals will be achieved." The objective of directive
not be responsible for comparing the recorded controls is to cause or encourage desirable events to
accountability for cash with existing amounts. occur, e.g., providing management with assurance of
the realization of specified minimum gross margins on
sales.
[75] Source: CMA 0678 5-10
Answer (B) is incorrect because preventive controls
Answer (A) is incorrect because a program flowchart deter undesirable events from occurring.
represents the sequence of logical operations
performed during the execution of a computer Answer (C) is incorrect because detective controls
program. detect and correct undesirable events.
Answer (B) is incorrect because a decision table Answer (D) is incorrect because output controls
consists of the possible combinations of alternative relate to the accuracy and reasonableness of
logic conditions and corresponding courses of action information processed by a system, not to operating
for each condition in a computer program. controls.
46
enhance the likelihood that established objectives and
goals will be achieved. Management plans, organizes, Answer (C) is incorrect because hiring armed guards
and directs the performance of sufficient actions to
provide reasonable assurance that objectives and to escort the scrap trailers is unlikely to be necessary
goals will be achieved. Thus, control is the result of unless the scrap is extremely valuable. Logging
proper planning, organizing, and directing by departures and arrivals will be sufficient in most
management." cases.
Answer (B) is incorrect because objectives are the Answer (D) is incorrect because using an
broadest statements of what the organization chooses independent hauler would provide no additional
to accomplish. assurance of prevention or detection of wrongdoing.
Answer (B) is correct. Systems flowcharts are overall Answer (C) is incorrect because the question does
graphic analyses of the flow of data and the not indicate that the treasurer has access to the
processing steps in an information system. accounting records and thus has the ability to make
Accordingly, they can be used to show segregation of unauthorized adjustments to the cash account.
duties and the transfer of data between different
segments in the organization. Answer (D) is incorrect because effective control
measures would provide the two opportunities to two
Answer (C) is incorrect because the flowcharts are different persons in positions of responsibility, the
usually not kept up to date for changes. Thus, the treasurer and the controller.
auditor will have to interview key personnel to
determine changes in processing since the flowchart
was developed. [84] Source: CIA 0592 II-15
Answer (D) is incorrect because a systems flowchart Answer (A) is incorrect because insurance provides
should show both manual and computer processing. for indemnification if loss or theft occurs. It reduces
financial exposure but does not prevent the actual
loss or theft.
[81] Source: CIA 0590 I-9
Answer (B) is incorrect because an internal control
Answer (A) is incorrect because the treasurer should designed to ensure control over repair work
perform the asset custody function regarding payroll. performed has no bearing on the risk of loss.
Answer (B) is incorrect because authorizing overtime Answer (C) is incorrect because taking an inventory
is a responsibility of operating management. is a detective, not a preventive, control.
Answer (C) is correct. The payroll department is Answer (D) is correct. Physical control of assets is a
responsible for assembling payroll information preventive control that reduces the likelihood of theft
(record keeping). The personnel department is or other loss. Keeping the vehicles at a secure
responsible for authorizing employee transactions location and restricting access establishes
such as hiring, firing, and changes in pay rates and accountability by the custodian and allows for proper
deductions. Segregating the recording and authorization of their use.
authorization functions helps prevent fraud.
Answer (D) is incorrect because unclaimed checks [85] Source: CIA 0592 II-22
should be in the custody of the treasurer until they can
be deposited in a special bank account. Answer (A) is correct. SIAS 1 states, "Effective
control is present when management directs systems
in such a manner as to provide reasonable assurance
[82] Source: CIA 0591 I-25 that the organization's objectives and goals will be
achieved." Directing includes "authorizing and
Answer (A) is incorrect because performing a monitoring performance, periodically comparing
complete physical inventory of the scrap at both actual with planned performance, and documenting
locations would not be economically feasible. these activities to provide additional assurance that
systems operate as planned." Monitoring
Answer (B) is correct. Having the security guards "encompasses supervising, observing, and testing
record the times of departure and arrival is a cost activities and appropriately reporting to responsible
effective control because it entails no additional individuals. Monitoring provides an ongoing
expenditures. Comparing the time elapsed with the verification of progress toward achievement of
standard time allowed and investigating material objectives and goals."
variances may detect a diversion of part of the scrap.
47
Answer (B) is incorrect because the manual advises
but does not control. Answer (D) is incorrect because confirming with the
custodian the amount of inventory on hand does not
Answer (C) is incorrect because a quality control verify that the inventory is actually at the warehouse.
department is a form of internal review. The manager
of quality control should be independent of the
operations reviewed. [89] Source: CIA 1195 I-16
Answer (D) is incorrect because internal reviews Answer (A) is incorrect because the manager's
(such as internal auditing) should be independent of activity is an example of a reconciliation control
the operations reviewed and are not a managerial applied at the store level. Monitoring is an overall
function. control that determines whether other controls are
operating effectively.
[86] Source: CIA 1192 II-16 Answer (B) is incorrect because the division of duties
is an operational control.
Answer (A) is correct. The risk of favoritism is
increased when buyers have long-term relationships Answer (C) is correct. Monitoring is a process that
with specific vendors. Periodic rotation of buyer assesses the quality of the internal control structure's
assignments will limit the opportunity to show performance over time. It involves assessment by
favoritism. This risk is also reduced if buyers are appropriate personnel of the design and operation of
required to take vacations. controls and the taking of corrective action.
Monitoring can be done through ongoing activities or
Answer (B) is incorrect because confirmation does separate evaluations. Ongoing monitoring procedures
not enable internal auditors to detect inappropriate are built into the normal recurring activities of an
benefits received by purchasing agents or deter entity and include regular management and
long-term relationships. supervisory activities. Thus, analysis of gross margin
data and investigation of significant deviations is a
Answer (C) is incorrect because value per unit of monitoring process.
cost reviews could be helpful in assuring value
received for price paid but do not directly focus on Answer (D) is incorrect because daily transmission of
receipt of inappropriate benefits by purchasing cash is an operational control.
agents.
Answer (D) is incorrect because review of records [90] Source: CIA 1189 II-7
every 6 months does not enable the organization to
detect receipt of inappropriate amounts by an agent Answer (A) is correct. A prelisting of cash receipts in
or deter relationships that could lead to such activity. the form of checks is a preventive control. It is
intended to deter undesirable events from occurring.
Because fraud involving cash is most likely to occur
[87] Source: CIA 1193 II-8 before receipts are recorded, either remittance
advices or a prelisting of checks should be prepared
Answer (A) is correct. According to SIAS 1, in the mail room so as to establish recorded
"Management plans, organizes, and directs in such a accountability for cash as soon as possible. A cash
fashion as to provide reasonable assurance that register tape is a form of prelisting for cash received
established goals and objectives will be achieved." over the counter. One copy of a prelisting will go to
Also, "Management establishes and maintains an accounting for posting to the cash receipts journal,
environment that fosters control." and another is sent to the cashier for reconciliation
with checks and currency received.
Answer (B) is incorrect because internal auditing is
responsible for reviewing the reliability and integrity of Answer (B) is incorrect because a corrective control
financial information and the means used to collect rectifies an error or fraud.
and report such information.
Answer (C) is incorrect because a detective control
Answer (C) is incorrect because management cannot uncovers an error or fraud that has already occurred.
delegate its responsibilities for control to auditors.
Answer (D) is incorrect because a directive control
Answer (D) is incorrect because the board has causes or encourages a desirable event.
oversight responsibilities but ordinarily does not
become involved in the details of operations.
[91] Source: CIA 1190 I-18
[88] Source: CIA 1194 I-26 Answer (A) is correct. Independent reconciliation of
bank accounts is necessary for effective internal
Answer (A) is incorrect because examination of control. Persons involved in making disbursements or
documents is a less effective procedure than actual receiving payments should not reconcile the bank
observation of the inventory. statement with the accounting records. Segregating
these functions reduces the opportunity for
Answer (B) is incorrect because increasing insurance perpetrating and concealing fraud.
coverage helps protect the business against losses but
does not strengthen internal control over the custody Answer (B) is incorrect because it is not an important
of inventory. internal control consideration.
Answer (C) is correct. The most effective control Answer (C) is incorrect because foreign currency
over off-site inventory is the periodic comparison of translation rates are verified, not computed. Having
the recorded accountability with the actual physical two employees in the same department perform the
inventory. same task will not significantly enhance internal
48
control. making payment.
Answer (D) is incorrect because it is not an important Answer (D) is incorrect because the receiving
internal control consideration. department should transfer goods directly to the
storeroom to maintain security. A copy of the
receiving report should be sent to the storeroom so
[92] Source: CIA 1189 I-10 that the amount stored can be compared with the
amount in the report.
Answer (A) is incorrect because the bank
reconciliation is a detective, not a preventive, control.
[95] Source: CIA 1190 II-8
Answer (B) is correct. Sequentially numbered
receipts should be issued to determine accountability Answer (A) is incorrect because failing to approve
for cash collected. Such accountability should be the time cards would not result in duplicate
established as soon as possible because cash has a paychecks.
high inherent risk. Daily cash receipts should be
deposited intact so that receipts and bank deposits Answer (B) is incorrect because this error may result
can be reconciled. The reconciliation should be if the hourly rates used to calculate pay are not
performed by someone independent of the cash matched with personnel records.
custody function.
Answer (C) is correct. First-line supervisors are in a
Answer (C) is incorrect because it states a control position to determine whether employees have
over the completeness of posting routines, not cash actually worked the hours indicated on their time
receipts. cards. Accordingly, the supervisor's approval is a
necessary control to prevent unearned payments.
Answer (D) is incorrect because a cash remittance
list should be prepared before a separate employee Answer (D) is incorrect because this mistake could
prepares the bank deposit. The list and deposit be prevented by positively identifying paycheck
represent separate records based on independent recipients.
counts made by different employees.
Answer (C) is correct. A common form of payroll Answer (C) is incorrect because this control only
fraud involves failure to remove terminated helps ensure that raw materials are used in the proper
employees from the payroll and the diversion of the quantities.
payments intended to be made to them. Reconciling
time cards, job time tickets, and the payroll may Answer (D) is incorrect because determination of
detect this fraud. However, the perpetrator, who may spoilage occurs after raw materials have been used in
be a supervisor, may be able to falsify the production.
time-keeping records. In that case, a surprise
observation of the distribution of payroll may be
necessary to detect the fraud. [97] Source: CIA 1191 I-13
Answer (D) is incorrect because fraudulent payments Answer (A) is correct. Under a cost-plus contract,
may be made within the limits on payroll rates. the contractor receives a sum equal to cost plus a
fixed amount or a percentage of cost. This
arrangement has the benefit to the contractor of
[94] Source: CIA 0589 II-10 allowing for the effects of events that cannot be
specifically anticipated. The disadvantages are that
Answer (A) is incorrect because the managers should the contractor's incentive for controlling costs is
submit purchase requisitions to the purchasing reduced and the opportunity to overstate costs is
department. The purchasing function should be created. Consequently, internal auditors should be
separate from operations. involved in monitoring economy and efficiency not
only during the earliest phases of construction but
Answer (B) is incorrect because, to encourage a fair also from the outset of the planning process. The right
count, the receiving department should receive a to perform such an audit should be received in the
copy of the purchase order from which the quantity contract.
has been omitted.
Answer (B) is incorrect because income tax
Answer (C) is correct. Accounting for payables is a provisions related to depreciation charges are not a
recording function. The matching of the supplier's risk; only those charges incurred under the terms of
invoice, the purchase order, and the receiving report the contract constitute a risk.
(and usually the purchase requisition) should be the
responsibility of the accounting department. These Answer (C) is incorrect because budgets
are the primary supporting documents for the inappropriately prepared do not affect contract costs
payment voucher prepared by the accounts payable and therefore do not constitute a risk.
section that will be relied upon by the treasurer in
49
Answer (D) is incorrect because the omission of unauthorized prices to outside accomplices or, at
taxes does not involve a risk of contract overcharges least, makes errors more likely.
or inadequacies in construction. Possible delays in
payment or underpayments from the omission are of
less concern. [101] Source: CIA 0595 I-12
50
management's greater visibility and availability. certain management decision processes that ordinarily
are not relevant to a financial statement audit.
Answer (B) is incorrect because complex
transactions requirements may necessitate the more Answer (B) is correct. The controls most likely to be
formal arrangements found in larger entities. relevant to a financial statement audit pertain to the
entity's objective of preparing external financial
Answer (C) is incorrect because legal or regulatory statements that are fairly presented in conformity with
requirements may necessitate the more formal GAAP or another comprehensive basis of
arrangements found in larger entities. accounting. Maintenance of control over unused
checks is relevant because the objective is to
Answer (D) is incorrect because all entities should safeguard cash. The auditor must understand the
establish financial reporting objectives. However, controls relevant to the assertions about cash in the
they may be recognized implicitly rather than explicitly financial statements. (S)he must then assess control
in smaller entities. Management can assess the risks risk for those assertions; that is, (s)he must evaluate
related to these objectives through direct personal the effectiveness of the controls in preventing or
involvement rather than a formal assessment process. detecting material misstatements.
Answer (C) is incorrect because mail room clerks Answer (A) is correct. Internal control has five
typically compile a prelisting of cash. The list is sent components: the control environment, risk
to the accountant as a control for actual cash sent to assessment, control activities, information and
the cashier. communication, and monitoring. Control activities
include segregation of duties to reduce the risk that
Answer (D) is incorrect because use of sales any person may be able to perpetrate and conceal
errors or fraud in the normal course of his/her duties.
department vehicles should be limited to sales Different persons should authorize transactions,
personnel unless proper authorization is obtained. record transactions, and maintain custody of assets.
The treasurer's department should have custody of
assets but should not authorize or record
[105] Source: Publisher transactions. Because the assistant treasurer reports
to the treasurer, the treasurer is merely delegating an
Answer (A) is incorrect because the overall allowable assigned duty related to asset custody. The use of the
audit risk is the most important element in planning check-signing machine does not conflict with any
appropriate audit tests. other duty of the assistant treasurer and does not
involve authorization or recording of transactions.
Answer (B) is correct. The auditor first establishes
the overall allowable audit risk (AR) with respect to a Answer (B) is incorrect because authorization to
particular balance or class of transactions. After dispose of damaged goods could be used to cover
considering internal control, (s)he can assess control thefts of inventory for which the warehouse clerk has
risk (CR) as well as inherent risk (IR). After applying custodial responsibility. Transaction authorization is
analytical procedures and considering the results of inconsistent with asset custody.
other substantive tests, (s)he can then assess the risk
(AP) that those procedures and tests did not detect Answer (C) is incorrect because the sales manager
misstatements in an assertion equal to tolerable could approve credit to a controlled company and
misstatement. The auditor can then calculate the then write off the account as a bad debt. The sales
allowable risk of incorrect acceptance (TD) for a manager's authorization of credit is inconsistent with
particular substantive test. Determination of this level his/her indirect access to assets.
of risk is necessary for planning the nature, timing,
and extent of the substantive test. Answer (D) is incorrect because the time clerk could
conceal the termination of an employee and retain
Answer (C) is incorrect because the auditor's that employee's paycheck. Record keeping is
professional judgment and experience is used to inconsistent with asset custody.
determine overall allowable audit risk.
Answer (D) is incorrect because overall audit risk [108] Source: CMA 0695 4-25
should be established and some analytical procedures
should be performed at an early stage. Also, the Answer (A) is incorrect because the audit committee
assessment of control risk should ordinarily be made should consist only of outside directors.
before the planning of most tests of details.
Answer (B) is incorrect because the extent to which
the external auditor makes use of the work of the
[106] Source: CMA 1288 3-21 internal auditor is entirely at the discretion of the
external auditor; however, internal and external audit
Answer (A) is incorrect because quality control efforts should be coordinated.
analysis concerns the effectiveness and efficiency of
51
Answer (C) is correct. The Treadway Commission
issued its report in 1987 in response to allegations of Answer (B) is incorrect because a square is an
widespread financial reporting fraud by public auxiliary operation performed by a machine other
companies. It recommended that (1) management than a computer.
perform an ongoing fraud-risk assessment, maintain
effective internal control, establish written codes of Answer (C) is correct. The printing of paychecks by
conduct, and design appropriate accounting functions the computer is an operation depicted by the general
that meet reporting obligations; (2) an effective processing symbol, which is a rectangle.
internal audit function exist in which auditors have
unrestricted and direct access to the audit committee Answer (D) is incorrect because this symbol indicates
and the CEO and coordinate their work with that of manual input, e.g., entry of a proper code through a
the public accountants; (3) every public company computer console.
have an audit committee composed of outside
directors; and (4) the sponsoring organizations set up
an interdisciplinary body to develop an integrated [112] Source: CMA 1281 5-16
internal control framework.
Answer (A) is incorrect because a parallelogram is
Answer (D) is incorrect because the Treadway the general symbol for input or output.
Report concerned public companies.
Answer (B) is incorrect because a trapezoid indicates
a manual operation.
[109] Source: CMA 0695 4-26
Answer (C) is incorrect because this symbol indicates
Answer (A) is incorrect because the scope of work manual input.
of internal auditors extends to nonfinancial as well as
financial audits. Answer (D) is correct. Employee checks printed by
the computer are depicted by the document symbol,
Answer (B) is correct. The 1987 Treadway which resembles the top of a grand piano.
Commission Report examined the roles of the internal
as well as external auditors in preventing and
detecting fraudulent financial reporting. Thus, it [113] Source: CMA 1281 5-17
emphasized that the internal audit function should
have unrestricted and direct access to the CEO and Answer (A) is correct. Collecting employees' time
the audit committee and should coordinate its work cards is a manual operation represented by a
with that of the external auditors. The report also trapezoid with equal nonparallel sides.
indicated that nonfinancial internal audits perform an
educational role. Internal auditors are better able to Answer (B) is incorrect because this symbol
detect fraudulent financial reporting if they have a represents manual input.
better knowledge of company operations.
Answer (C) is incorrect because a rectangle is the
Answer (C) is incorrect because external auditors general symbol for processing.
should obtain an understanding of the internal audit
function, determine whether the internal auditors Answer (D) is incorrect because a parallelogram is
work is relevant to the audit and whether considering the general symbol for input or output.
that work further is efficient, and, if the work is
relevant and considering it further is efficient, assess
the competence and objectivity of the internal [114] Source: CMA 1281 5-18
auditors in the light of the effect of their work on the
audit. Thus, external auditors do not consider the Answer (A) is incorrect because a triangle with a
work of the internal auditors that is irrelevant to the mid-line parallel to its base depicts offline storage.
audit.
Answer (B) is incorrect because this symbol
Answer (D) is incorrect because the external auditor represents online storage.
is engaged to report on a financial statement audit.
Answer (C) is incorrect because this symbol
represents punched paper tape.
[110] Source: CMA 1281 5-14
Answer (D) is correct. The magnetic tape symbol (a
Answer (A) is incorrect because a rectangle is the circle with a tangent at its base) indicates storage on
general symbol for a process or operation. magnetic tape.
Answer (D) is incorrect because a square represents Answer (B) is incorrect because a triangle with a
an auxiliary operation performed by a machine other mid-line parallel to its base depicts offline storage.
than a computer.
Answer (C) is incorrect because a rectangle is the
general symbol for a process.
[111] Source: CMA 1281 5-15
Answer (D) is correct. The weekly payroll register on
Answer (A) is incorrect because a trapezoid depicts a computer printout is represented by a document
a manual operation. symbol, which resembles the top of a grand piano.
52
Answer (D) is incorrect because batch processing
[116] Source: CMA 1281 5-20 describes the entire system.
Answer (B) is correct. Hard-copy, Answer (A) is incorrect because the documents
computer-generated payroll reports are kept in offline should be kept for reference and audit.
storage, which is symbolized by a triangle with a
mid-line parallel to its base. Answer (B) is correct. All activity with respect to the
paper documents most likely ceases at symbol C.
Answer (C) is incorrect because this symbol Therefore, the batched documents must be filed.
represents online storage.
Answer (C) is incorrect because internal auditors
Answer (D) is incorrect because a parallelogram is cannot feasibly review all documents regarding
the general symbol for input or output. transactions even in an audit.
[118] Source: CMA 1287 5-7 Answer (D) is incorrect because symbol D indicates
a comparison, not output in the form of a report.
Answer (A) is incorrect because record keepers
perform functions that should be separate from
custody of assets. [122] Source: CMA 1287 5-11
Answer (B) is incorrect because the mail clerk should Answer (A) is correct. The flowcharting figure at
prepare a list of checks received before they are symbol E indicates magnetic disk storage. Since it is
forwarded to the treasurer for deposit. an input and output for the daily computer processing
of accounts receivable, it must be the accounts
Answer (C) is correct. Symbol A is a connector receivable master file.
between a point on this flowchart and another part of
the flowchart not shown. The checks and the adding Answer (B) is incorrect because bad debts are not a
machine control tape should flow through symbol A part of processing daily receipts.
to the treasurer's office. The treasurer is the custodian
of funds and is responsible for deposit of daily Answer (C) is incorrect because the remittance
receipts. advice master file was not used for the daily accounts
receivable run.
Answer (D) is incorrect because daily receipts should
be deposited intact daily and then reconciled with the Answer (D) is incorrect because the cash projection
bank deposit records. Prompt deposit also file was not used for the daily accounts receivable
safeguards assets and avoids loss of interest income. run.
Answer (A) is correct. Since the figure below symbol Answer (A) is incorrect because a perfectly
B signifies magnetic tape, the operation represented competitive market was envisioned by classical
by symbol B must be keying the information onto the economics.
tape. Verifying the keyed data would also occur at
this step. Answer (B) is incorrect because the concept
embraces the public or societal interest.
Answer (B) is incorrect because error correction
would occur subsequently except for keying errors. Answer (C) is correct. The concept of corporate
social responsibility involves more than serving the
Answer (C) is incorrect because collation has already interests of the organization and its shareholders.
occurred. Rather, it is an extension of responsibility to embrace
53
service to the public interest in such matters as Answer (A) is incorrect because the IMA Code of
environmental protection, employee safety, civil Ethics states that "except where legally prescribed,
rights, and community involvement. communication of such [ethical conflict] problems to
authorities or individuals not employed or engaged by
Answer (D) is incorrect because the concept the organization is not considered appropriate."
embraces the public or societal interest.
Answer (B) is correct. According to the IMA Code
of Ethics, financial managers/management
[124] Source: Publisher accountants are responsible for observing the
standard of confidentiality. Thus, the financial
Answer (A) is incorrect because such behavior may manager/management accountant should "refrain from
prevent governmental action. disclosing confidential information acquired in the
course of his/her work except when authorized,
Answer (B) is incorrect because each is an argument unless legally obligated to do so."
for such behavior.
Answer (C) is incorrect because the financial
Answer (C) is incorrect because each is an argument manager/management accountant should "inform
for such behavior. subordinates as appropriate regarding the
confidentiality of information acquired in the course of
Answer (D) is correct. Socially responsible behavior their work and monitor their activities to assure the
clearly has immediate costs to the entity, for example, maintenance of that confidentiality."
the expenses incurred in affirmative action programs,
pollution control, and improvements in worker safety. Answer (D) is incorrect because the financial
When one firm incurs such costs and its competitor manager/management accountant is required to
does not, the other may be able to sell its products or "refrain from using or appearing to use confidential
services more cheaply and increase its market share information acquired in the course of his/her work for
at the expense of the socially responsible firm. The unethical or illegal advantage either personally or
rebuttal argument is that in the long run the socially through third parties."
responsible company may maximize profits by
creating goodwill and avoiding or anticipating
governmental regulation. [128] Source: CMA 1
Answer (C) is incorrect because it states an aspect of Answer (C) is correct. One of the responsibilities of
the confidentiality requirement. the financial manager/management accountant under
the integrity standard is to "recognize and
Answer (D) is incorrect because it states an aspect of communicate professional limitations or other
the competence requirement. constraints that would preclude responsible judgment
or successful performance of an activity."
54
Answer (D) is incorrect because objectivity is the and control risk.
fourth part of the IMA Code of Ethics. It requires
that information be communicated "fairly and AR 3%
objectively," and that all information that could DR = ------- or DR = --------- = DR = 30%
reasonably influence users be fully disclosed. IR x CR 25% x 40%
Answer (B) is incorrect because 4.5% is the result of Answer (C) is incorrect because 7.29% is the result
not including the detection risk in the calculation for of multiplying the inherent risk by the control risk by
the risk of a material misstatement of an assertion. the AP.
Answer (C) is incorrect because 7.5% is the result of Answer (D) is incorrect because 40.5% is the result
not including the inherent risk in the calculation for the of multiplying the inherent risk by the control risk by
risk of a material misstatement of an assertion. the TD.
55
[139] Source: CIA 1190 II-47
Answer (C) is incorrect because only reasonable, not
absolute, assurance can be given. Answer (A) is correct. Standard of Conduct II
requires the auditor to be loyal to his employer.
Answer (D) is incorrect because examinations and Moreover, Standard of Conduct IX requires auditors
verifications should be conducted to a reasonable to report material facts known to them that, if not
extent. revealed, could distort reports or conceal illegalities.
Answer (A) is incorrect because sampling is Answer (C) is incorrect because this action is at
permissible. Detailed audits of all transactions are variance with the auditor's duties under the Code.
often not required or feasible.
Answer (D) is incorrect because this action is at
Answer (B) is incorrect because, in exercising due variance with the auditor's duties under the Code.
care, internal auditors should be alert to inefficiency.
Answer (C) is correct. Internal auditors do not [140] Source: CIA 1184 I-31
guarantee the absence of fraud. They are responsible
for exercising due professional care, which includes Answer (A) is incorrect because 5 years is a
evaluating the control systems that prevent or detect reasonable lapse of time to safeguard the employee
fraud and being alert to the possibility of intentional from a charge of conflict of interest.
wrongdoing, errors and omissions, waste, and
conflicts of interest (Standard 280). However, Answer (B) is correct. Under Standard of Conduct
internal auditors cannot give absolute assurance that IV, a CIA must avoid activities in conflict with the
irregularities do not exist. interest of the organization or prejudicial to the ability
to carry out duties objectively. Standard 120 states:
Answer (D) is incorrect because Standard 280 does "Internal auditors should report to the director any
not require the auditor to report suspected situations in which a conflict of interest or bias is
wrongdoing to authorities outside the organization. present or may reasonably be inferred. The director
should then reassign such auditors." An auditor
reviewing a company function with which a close
[137] Source: CIA 1184 II-21 relative is involved has an apparent conflict of
interest.
Answer (A) is correct. The preamble to The IIA
Code of Ethics states: "The Standards of Conduct set Answer (C) is incorrect because, although rotation of
forth in this Code of Ethics provide basic principles in assignments is preferable, no conflict of interest is
the practice of internal auditing. Members or CIAs involved in auditing the same activity repeatedly.
should realize that their individual judgment is
required in the application of these principles." Answer (D) is incorrect because no conflict is present
if the auditor's responsibility was limited to
Answer (B) is incorrect because a CIA "shall not recommending standards of control for systems or
knowingly be a party to any illegal or improper reviewing procedures before implementation.
activity."
Answer (C) is incorrect because CIAs must [141] Source: CIA 0592 I-47
"undertake only those services that they can
reasonably expect to complete with technical Answer (A) is incorrect because loyalty would be
competence." better exhibited by consulting professionals and
knowing the limits of competence.
Answer (D) is incorrect because CIAs should use the
designation "with discretion and in a dignified manner, Answer (B) is correct. The Code requires members
fully aware of what the designation denotes. The and CIAs to refrain from undertaking services that
designation shall also be used in a manner consistent cannot be reasonably completed with professional
with all statutory requirements." competence (Standard of Conduct VI). Internal
auditors may not have and are not expected "to have
knowledge equivalent to that of a person whose
[138] Source: CIA 1187 I-48 primary responsibility is to detect and investigate
fraud" (SIAS 7).
Answer (A) is incorrect because it is reflected in The
IIA Code of Ethics. Answer (C) is incorrect because the auditor may
violate the suspect's civil rights as a result of
Answer (B) is incorrect because it is reflected in The inexperience.
IIA Code of Ethics.
Answer (D) is incorrect because the facts do not
Answer (C) is correct. The responsibility of the suggest that the auditor made inappropriate use of
profession to the public is not specifically explained in information acquired while performing professional
duties.
The IIA Code of Ethics. Also, the SRIA does not
specifically mention internal auditor's responsibility to
the public. [142] Source: CIA 1192 I-49
Answer (D) is incorrect because it is reflected in The Answer (A) is incorrect because summary discharge
IIA Code of Ethics. may not be in accordance with company personnel
policies.
56
Answer (B) is incorrect because the auditor
improperly used confidential information and violated Answer (C) is correct. The first step in planning the
the Code of Ethics. Some action is warranted. audit is to establish the audit objectives and the scope
of work. After obtaining background information,
Answer (C) is correct. The staff auditor has violated determining what resources are necessary,
Standard of Conduct VIII regarding use of communicating with those who need to know about
confidential information. A violation of The IIA Code the audit, and performing a preliminary survey, the
of Ethics is the basis for a complaint to the IASB, auditors prepare the audit program, which is a list of
which is responsible for receiving, interpreting, and the detailed procedures necessary to gather evidence
investigating all complaints against members and/or to achieve the audit objectives. These procedures are
CIAs on behalf of the Board of Directors of The IIA, specific audit steps developed in light of the
and making recommendations to the Board on objectives of the audit.
actions to be taken (Administrative Directive 5). In
addition, company policy must be followed. Answer (D) is incorrect because procedures are the
means of gathering evidence to achieve specified
Answer (D) is incorrect because the facts do not audit objectives.
indicate that a crime has been committed.
Answer (D) is incorrect because, to maintain [147] Source: CIA 0590 I-2
confidentiality, the employee can be informed about
other options. Answer (A) is incorrect because this is a function of a
financial audit.
[144] Source: CIA 0589 II-43 Answer (B) is incorrect because this is a function of a
financial audit.
Answer (A) is incorrect because reports should omit
unnecessary detail. Thus, all material evidence need Answer (C) is incorrect because testing inventory
not be presented. turnover addresses economy and efficiency issues,
not compliance.
Answer (B) is incorrect because circumstances may
dictate the necessity of exceeding the established Answer (D) is correct. Inventory turnover equals cost
limitations. of sales divided by average inventory. It is an activity
ratio measuring the subsidiary's use of assets to
Answer (C) is correct. Standard of Conduct IX generate revenue and income. A high turnover
states, "Members and CIAs, when reporting on the relative to the industry standard is desirable because
results of their work, shall reveal such material facts it signifies that the firm does not hold excess and
known to them that, if not revealed, could either therefore unproductive inventory. Efficient
distort reports of operations under review or conceal management should minimize the sum of investment in
unlawful practices." inventory, carrying costs, ordering costs, and
stockout costs. Operational auditing addresses these
Answer (D) is incorrect because the Code and the efficiency and economy issues as well as
SPPIA do not mention the expression of an opinion. accomplishment of objectives and goals and
compliance with policies, plans, procedures, laws,
and regulations.
[145] Source: CIA 1184 II-25
Answer (A) is incorrect because objectives are [148] Source: CIA 0590 II-1
specific goals, and procedures specify the detailed
work. Answer (A) is incorrect because this is significant but
secondary to mission achievement.
Answer (B) is incorrect because both objectives and
procedures must be defined specifically for each Answer (B) is incorrect because this is significant but
assignment. secondary to mission achievement.
57
Answer (C) is correct. Not-for-profit organizations audit results is considered in the planning phase.
are funded to accomplish a specific goal or mission.
Accordingly, Standard 350 has particular
applicability to the internal auditor's scope of work in [151] Source: CIA 1192 I-13
audits of not-for-profit entities: "Internal auditors
should review operations or programs to ascertain Answer (A) is incorrect because the program should
whether results are consistent with established normally be arranged in an order that would most
objectives and goals and whether the operations and efficiently complete the audit steps.
programs are being carried out as planned."
Answer (B) is incorrect because audit objectives
Answer (D) is incorrect because this is significant but should be stated, but they do not need to be agreed
secondary to mission achievement. to by the auditee.
[150] Source: CIA 0592 I-11 [153] Source: CIA 1185 I-4
Answer (A) is incorrect because establishing audit Answer (A) is incorrect because making sure that the
objectives and scope of work is a part of the planning audit reports are objective, clear, and timely is only
process. one of the five items included under Standard 230 as
responsibilities of supervision.
Answer (B) is incorrect because obtaining
background information and determining the
resources necessary to perform the audit are required Answer (B) is incorrect because supervision is a
by Standard 410. continuing process beginning with planning and ending
with the conclusion of the audit assignment.
Answer (C) is correct. According to Standard 410,
"Internal auditors should plan each audit. Planning Answer (C) is correct. Standard 230 states that all
should be documented and should include internal audit assignments, whether performed by or
establishing audit objectives and scope of work; for the internal audit department, remain the
obtaining background information about the activities responsibility of the internal audit director.
to be audited; determining the resources necessary to
perform the audit; communicating with all who need Answer (D) is incorrect because the director of
to know about the audit; performing, as appropriate, internal auditing is responsible for all work performed
an on-site survey to become familiar with the by and for the internal audit department.
activities and controls to be audited, to identify areas
for audit emphasis, and to invite auditee comments
and suggestions; writing the audit program; [154] Source: CIA 0592 I-16
determining how, when, and to whom audit results
will be communicated; and obtaining approval of the Answer (A) is incorrect because the director of
audit work plan." However, collection of evidence is internal auditing, not a staff internal auditor, has the
accomplished during field work, not the planning responsibility to determine that audit objectives have
phase. been met.
Answer (D) is incorrect because communication of Answer (B) is incorrect because the director of
58
internal auditing, not the audit committee, has the
responsibility to determine that audit objectives have Answer (C) is incorrect because the audit program is
been met. prepared and performed after the preliminary survey.
Answer (C) is incorrect because the director of Answer (D) is incorrect because audit reports are
internal auditing, not an internal auditing supervisor, issued after the completion of the audit.
has the responsibility to determine that audit
objectives have been met.
[158] Source: CIA 0592 I-18
Answer (D) is correct. According to Standard 230,
"The internal audit department should provide Answer (A) is correct. Flowcharts are graphical
assurance that internal audits are properly supervised. representations of the step-by-step progression of
The director of internal auditing is responsible for transactions, including document (information)
providing appropriate audit supervision. Supervision preparation, authorization, flow, storage, etc.
is a continuing process, beginning with planning and Flowcharting allows the internal auditor to analyze a
ending with the conclusion of the audit assignment." system and to identify the strengths and weaknesses
of the purported internal controls and the appropriate
areas of audit emphasis.
[155] Source: CIA 0591 II-15
Answer (B) is incorrect because a questionnaire
Answer (A) is incorrect because the director of approach provides only an agenda for evaluation.
internal auditing has the responsibility for supervision.
Answer (C) is incorrect because a matrix (decision
Answer (B) is incorrect because supervision should table) approach does not provide the visual grasp of
be a continuing process. the system that a flowchart does.
Answer (C) is incorrect because supervision should Answer (D) is incorrect because a detailed narrative
be a continuing process. does not provide the means of evaluating complex
Answer (D) is correct. According to Standard 230, operations that a flowchart does.
"The internal audit department should provide
assurance that internal audits are properly supervised.
The director of internal auditing is responsible for [159] Source: CIA 0588 II-15
providing appropriate audit supervision. Supervision
is a continuing process, beginning with planning and Answer (A) is correct. An exit interview (post-audit
ending with the conclusion of the audit assignment." meeting) is an opportunity for discussion of findings,
conclusions, and recommendations. The effectiveness
of an audit project is enhanced by the exit interview
[156] Source: CIA 0588 II-12 because it provides the auditee a chance to correct
errors or otherwise clarify matters before they are
Answer (A) is incorrect because the audit objectives included in the final report.
should regulate the selection of audit staff members,
not vice versa. Answer (B) is incorrect because it contributes to
efficiency, not effectiveness.
Answer (B) is correct. Internal audit objectives are
necessarily limited. Internal auditors develop their Answer (C) is incorrect because it contributes to
audit programs to evaluate only material objectives efficiency, not effectiveness.
and risks within budget constraints. Audit objectives
are the desired audit accomplishments and audit Answer (D) is incorrect because it contributes to
procedures provide the means used to achieve these efficiency, not effectiveness.
objectives. In developing audit objectives, the
auditee's operating objectives and control structure
must be considered. [160] Source: CIA 0590 II-2
Answer (C) is incorrect because auditors must set Answer (A) is incorrect because the auditor must
their own objectives. Auditee input is more useful for determine whether changes in the audit program are
defining the operating objectives to which the audit needed.
objectives must relate.
Answer (B) is incorrect because changes in the audit
Answer (D) is incorrect because the needs of budgets should be authorized by appropriate
recipients addressed by the audit report, such as the persons.
audit committee, are determined by the auditee's
objectives. Answer (C) is incorrect because audit of the
unforeseen area may be necessary to achieve current
audit objectives.
[157] Source: CIA 0589 II-14
Answer (D) is correct. Audit programs are
Answer (A) is correct. According to Standard 410, necessarily tentative because the auditors are likely to
"Planning should include performing, as appropriate, encounter unexpected situations while carrying out
an on-site survey to become familiar with the the detailed audit work. If they learn that an audit
activities and controls to be audited, to identify areas area is not covered, the auditors must determine
for audit emphasis, and to invite auditee comments whether they can achieve the audit objectives and
and suggestions." satisfy their professional responsibilities without
modification of the audit program. Modification will
Answer (B) is incorrect because staff selection is the necessitate consultation with superiors to obtain
process of deciding which auditors will work on the authorization to adjust time and financial budgets for
engagement. the audit.
59
to consider the error to be material.
[161] Source: CIA 1190 II-12 Answer (B) is incorrect because additional
transactions suggest that audit risk may be high, and
Answer (A) is correct. Standard 410 states that the auditor will be likely to consider the error to be
planning includes "performing, as appropriate, an material.
on-site survey to become familiar with the activities
and controls to be audited, to identify areas for audit Answer (C) is correct. The transaction increases
emphasis, and to invite auditee comments and audit risk because a related party is involved, even
suggestions." Writing the audit program is the next though the error is small in dollar amount. Related
step. party transactions have a higher inherent risk than
ordinary transactions. Given the inverse relationship
Answer (B) is incorrect because staff assignments are between audit risk and materiality, the error may be
made prior to the preliminary survey. considered material because of qualitative rather than
quantitative considerations.
Answer (C) is incorrect because time budgets for
specific tasks are determined as part of the Answer (D) is incorrect because even a small error in
preparation of the audit program. a related party transaction may indicate significant
risk. The auditor is likely to consider the error to be
Answer (D) is incorrect because determination of the material even if audit risk is low.
resources necessary to perform the audit precedes
the preliminary survey.
[165] Source: CIA 1191 I-18
[162] Source: CIA 0594 II-20 Answer (A) is correct. Sales commission is based on
the application of a ratio to the amount of the sale.
Answer (A) is incorrect because the employer has The best evidence of the accuracy of sales
the right to ask each individual to prepare a written commission expense for specific individuals is to
statement irrespective of whether (s)he confesses. recompute the amounts derived from a sample of
transactions. These tests should be done at the same
Answer (B) is incorrect because the best approach is time as procedures testing accrued liabilities.
that of the objective, disinterested truth seeker.
Answer (B) is incorrect because calculating
Answer (C) is incorrect because listening effectively commission ratios uses gross sales data and does not
is vital for determining the facts. provide evidence about specific charges.
Answer (D) is correct. Explicitly seeking a confession Answer (C) is incorrect because use of analytical
may hinder the investigation by alerting the individual procedures is a test of overall reasonableness, not
that (s)he is under suspicion. Instead, the interviewer specific transactions.
should assume the role of one who simply wishes to
ascertain the truth. An effective interviewer should Answer (D) is incorrect because tests of overall
prepare questions in advance, be ready for both reasonableness cannot determine whether a specific
affirmative and negative replies, and be tactful in salesperson's commissions are overstated.
handling inconsistencies. Interviewing also requires
good listening skills.
[166] Source: CIA 1191 II-25
[163] Source: CIA 0591 I-17 Answer (A) is incorrect because confirmation
establishes existence, not collectibility.
Answer (A) is correct. The personnel department is
responsible for authorization and execution of payroll Answer (B) is incorrect because inspection helps
transactions, e.g., hiring of new employees and verify the validity (not collectibility) of the notes.
determining their pay rates. Hence, this department's
verification of the payroll changes listing used in data Answer (C) is incorrect because reconciliation merely
processing is an important control over payroll tests bookkeeping procedures.
processing.
Answer (D) is correct. The best evidence of the
Answer (B) is incorrect because inaccurate Social collectibility (valuation) of notes receivable lies in
Security deductions could be caused by errors in actual cash collections. Nonpayment or late payment
payroll rates. may bear unfavorably on the possibility of collection.
An auditor also normally sends positive confirmations
Answer (C) is incorrect because labor hours should to the makers and holders and inspects the notes to
come from the time reporting system (time card or verify maturity dates and other terms.
time sheet), not the list of payroll changes.
Answer (D) is incorrect because inspection of the [167] Source: CIA 0592 I-23
listing of payroll changes would indicate whether
contributions by eligible employees have begun to be Answer (A) is incorrect because the tracing
deducted, not whether employees have been asked procedure originated with a sample of billed sales;
about contributing to the pension plan. thus, all the items in the sample were billed. However,
this does not determine whether shipped items were
billed.
[164] Source: CIA 0591 I-26
Answer (B) is correct. If the invoices in the sample
Answer (A) is incorrect because audit risk and can be correctly matched with shipping documents,
materiality are two separate but overlapping some assurance is given that items billed are also
concepts. If audit risk is low, the auditor is less likely shipped.
60
the board has assumed the risk of inaction.
Answer (C) is incorrect because receivables are not
examined in this procedure.
[171] Source: CIA 1192 I-3
Answer (D) is incorrect because receivables are not
examined. Answer (A) is incorrect because the risk that an
auditor might not select documents that are in error as
part of the examination is an aspect of sampling risk.
[168] Source: CIA 1193 II-42
Answer (B) is incorrect because the risk that an
Answer (A) is incorrect because regulatory auditor may not be able to properly evaluate an
authorities do not need to be notified. Management activity because of its poor internal accounting
has agreed to accept responsibility and no regulatory controls is an aspect of control risk.
violations were mentioned.
Answer (C) is correct. SAS 47 (AU 312), Audit
Answer (B) is incorrect because no further audit Risk and Materiality in Conducting an Audit, defines
action is required. audit risk as the risk that the external auditor may
unknowingly fail to modify his/her opinion on financial
Answer (C) is incorrect because no further audit statements that are materially misstated. Its elements
action is required. are control risk, inherent risk, and detection risk. For
internal auditing, the overall audit risk extends not
Answer (D) is correct. Standard 440 states, "Internal only to financial statements but also to unwitting
auditors should follow up to ascertain that failure to uncover material errors or weaknesses in
appropriate action is taken on reported audit findings. the operations audited. There may be several
Internal auditors should determine that corrective different reasons for the failure, and these may be in
action was taken and is achieving the desired results, risk categories such as sampling risk, detection risk,
or that management or the board has assumed the or control risk.
risk of not taking corrective action on reported
findings." Answer (D) is incorrect because lack of competency
relates to control risk. It is the failure of a control
(internal auditing).
[169] Source: CIA 0592 I-40
Answer (A) is incorrect because receiving reports [172] Source: CIA 1191 I-45
indicate the date and quantity received but not
whether discounts were offered or taken. Answer (A) is incorrect because a deficiency finding
places the firm at risk until the situation changes or the
deficiency is corrected.
Answer (B) is incorrect because purchase orders
show only the quantity and expected price of a Answer (B) is incorrect because deficiency findings
purchase. that have not been corrected are not unique and do
not require ad hoc solutions.
Answer (C) is incorrect because canceled checks
show only the total paid, not whether a discount was Answer (C) is correct. Standard 440 states, "Internal
offered or taken. auditors should follow up to ascertain that
appropriate action is taken on reported audit findings.
Answer (D) is correct. A vendor invoice shows both Internal auditors should determine that corrective
the amount and terms of payment for purchase. action was taken and is achieving the desired results,
Failure to pay within the discount period is normally or that management or the board has assumed the
not advantageous. Hence, lost discounts may signify risk of not taking corrective action on reported
inefficiency in the purchases-payables-cash findings." Also, Standard 430 requires discussion of
disbursements cycle or a shortage of cash. conclusions and recommendations at appropriate
levels of management before issuing final reports.
Auditee management is at "an appropriate" level.
[170] Source: CIA 1192 I-47 Obtaining auditee cooperation (or at least
understanding) is a vital part of the solution of any
Answer (A) is incorrect because reporting the matter problem.
is unnecessary if management or the board has
assumed the risk of inaction. Answer (D) is incorrect because the internal auditor
has no line authority over the auditee. To exercise
Answer (B) is correct. Standard 430 states that such authority impairs the internal auditor's
reports may make recommendations for potential objectivity.
improvements. Also, Standard 440 states, "Internal
auditors should follow up to ascertain that
appropriate action is taken on reported audit findings. [173] Source: CIA 1192 II-23
Internal auditors should determine that corrective
action was taken and is achieving the desired results, Answer (A) is incorrect because observation is an
or that management or the board has assumed the audit procedure.
risk of not taking corrective action on reported
findings." Answer (B) is incorrect because analysis is an audit
procedure.
Answer (C) is incorrect because the internal auditor
should not assume the operating responsibility of Answer (C) is correct. Objectives are specific audit
undertaking corrective action. goals, and procedures are the detailed audit steps to
achieve them. Evaluating whether cash receipts are
Answer (D) is incorrect because a future audit of the adequately safeguarded is an audit objective because
specific area may not be needed if management or it states what the audit is to accomplish.
61
Answer (D) is incorrect because recomputation is an
audit procedure. [177] Source: CIA 0593 I-19
Answer (B) is incorrect because testing the sales Answer (B) is incorrect because multiplying the trips
register will not detect unrecorded sales. noted on the bills received by the rate specified on
the bill will not identify the improper billing related to
Answer (C) is incorrect because testing sales invoices trips not carried out.
will not detect unrecorded sales.
Answer (C) is incorrect because scanning of ledger
Answer (D) is incorrect because testing purchase accounts and bills received is not likely to uncover
orders may detect unbilled items. However, the items billings for trips not carried out unless particular bills
may be unbilled because they have not been shipped. on ledger entries seriously deviate from expectations.
Thus, the preferable procedure is to test bills of
lading. Answer (D) is incorrect because the internal auditor
is unlikely to be able to observe usage of the
messenger service for a long enough period. This
[175] Source: CIA 0593 I-17 procedure is not cost efficient.
Answer (B) is incorrect because those persons [179] Source: CIA 0592 II-21
responsible for collecting and storing the scrap can
describe only the safeguards in place to handle scrap Answer (A) is incorrect because documentation and
before its sale. cross-referencing are desirable but have no specific
relationship to any of the characteristics of evidence
Answer (C) is correct. If the sale of scrap is well (sufficiency, competence, relevance, and usefulness).
controlled, a large amount will not be on hand. Most
scrap will be sold when produced. Hence, if the Answer (B) is incorrect because competent evidence
quantities sold are approximately the same as those is reliable and the best available through the use of
expected, an auditor can assume that the controls appropriate audit techniques.
over the sale of scrap are effective.
Answer (C) is incorrect because relevant evidence
Answer (D) is incorrect because the organization's supports audit findings.
experience may not be typical of the industry.
Engineering estimates of expected scrap are more Answer (D) is correct. According to Standard 420,
likely to be useful. "Sufficient information is factual, adequate, and
62
convincing so that a prudent, informed person would Answer (D) is incorrect because observation is the
reach the same conclusions as the auditor." best technique to determine if the staff is fully used.
[180] Source: CIA 1192 I-4 [183] Source: CIA 0590 I-33
Answer (A) is correct. The objectives of the audit of Answer (A) is correct. According to SIAS 2,
trading securities are to determine whether (1) Communicating Results, "audit reports should present
internal control over the securities and revenue the purpose, scope, and results of the audit; and, if
therefrom is adequate, (2) the securities exist and are appropriate, reports should contain an expression of
owned by the auditee, (3) their balance sheet the auditor's opinion. Purpose statements should
classification is appropriate, and (4) they are properly describe the audit objectives and may, if necessary,
valued. If market quotations are based on sufficient inform the reader why the audit was conducted and
market activity, they usually provide sufficient what it was expected to achieve."
competent evidence regarding valuation.
Answer (B) is incorrect because scope statements
Answer (B) is incorrect because, although it meets "should identify the audited activities and include, if
the objective of ascertaining whether the securities appropriate, supportive information such as time
exist and are owned by the auditee, it does not period audited. Related activities not audited should
determine the valuation of the securities. be identified if necessary to delineate the boundaries
of the audit. The nature and extent of auditing
Answer (C) is incorrect because short-term performed also should be described."
investments of excess cash do not qualify for the
equity method. Answer (C) is incorrect because criteria are the
"standards, measures or expectations used in making
Answer (D) is incorrect because discount or premium an evaluation and/or verification (what should exist)."
on fixed maturity short-term securities is not
amortized. Answer (D) is incorrect because a condition is the
"factual evidence that the internal auditor found in the
[181] Source: CIA 1192 I-16 course of the examination (what does exist)."
63
include, when appropriate, supportive information
Answer (A) is incorrect because internal auditors are such as the time period audited. Related activities not
charged with the responsibility of evaluating what they audited should be identified if necessary to delineate
examine and of making recommendations, if the boundaries of the audit. The nature and extent of
appropriate. auditing performed also should be described." The
scope section should thus include any limitations on
Answer (B) is incorrect because management is the audit.
charged with the responsibility of making any
corrections necessary within its department. Answer (C) is incorrect because this subject is
inappropriate for the scope section.
Answer (C) is correct. Standard 430 and SIAS 2
state that reports may include recommendations for Answer (D) is incorrect because this subject is
potential improvements based on the auditor's inappropriate for the scope section.
findings and conclusions. These recommendations
may be general or specific. Accordingly, the auditor's
reporting responsibility in these circumstances is to [190] Source: CIA 1188 I-43
recommend adoption of a code of ethics. Sawyer
(Sawyer's Internal Auditing) has observed that any Answer (A) is incorrect because it describes a
discipline or organization aspiring to professionalism constructive report.
or unity of direction needs an organizational code of
ethical conduct. Answer (B) is incorrect because a clear report is
logical and easily understood.
Answer (D) is incorrect because internal auditors
should make recommendations whenever practicable. Answer (C) is incorrect because a concise report is
to the point and free of unnecessary detail.
[187] Source: CIA 0593 I-37 Answer (D) is correct. According to SIAS 2,
Communicating Results, "Objective reports are
Answer (A) is correct. Operational auditing concerns factual, unbiased, and free from distortion. Findings,
compliance with policies, plans, etc.; economical and conclusions, and recommendations should be
included without prejudice."
efficient use of resources; and accomplishment of
established goals and objectives. Thus, an operational
audit report should inform management about the [191] Source: CIA 0588 II-43
efficiency and effectiveness of the given operations
and should discuss findings requiring corrective Answer (A) is correct. According to SIAS 2,
action. Communicating Results, audit reports should present
the purpose, scope, and results of the audit; and, if
Answer (B) is incorrect because an operational audit appropriate, reports should contain an expression of
report should address the efficiency and effectiveness the auditor's opinion. Purpose statements should
of the function being audited, not reporting in the describe the audit objectives and may, if necessary,
financial statements. inform the reader why the audit was conducted and
what it was expected to achieve. Scope statements
Answer (C) is incorrect because agreement between should identify the audited activities and include,
the records and the items being audited is a primary where appropriate, supportive information such as
concern in a financial audit. time period audited. Related activities not audited
should be identified if necessary to delineate the
Answer (D) is incorrect because valuation is an issue boundaries of the audit. The nature and extent of
in a financial audit. auditing performed also should be described. Results
may include findings, conclusions (opinions), and
recommendations.
[188] Source: CIA 1187 I-41
Answer (B) is incorrect because it is an optional item
Answer (A) is incorrect because any audit report in the audit report.
provides an opportunity for auditee responses.
Answer (C) is incorrect because it is an optional item
Answer (B) is incorrect because the internal auditor in the audit report.
has no line authority and should not direct corrective
action. Answer (D) is incorrect because it is an optional item
in the audit report.
Answer (C) is incorrect because providing a basis for
the external auditor's review is only a secondary
purpose of formal reports. [192] Source: CIA 1192 I-44
Answer (D) is correct. Audit reports document the Answer (A) is incorrect because factual evidence
conclusions and final work product of the internal represents the condition attribute.
auditor. Accordingly, they record findings and
recommend courses of action. Answer (B) is correct. SIAS 2 states that findings
should be based on four attributes. Criteria are "the
standards, measures, or expectations used in making
[189] Source: CIA 0587 II-44 an evaluation and/or verification (what should exist)."
Condition is defined as "the factual evidence that the
Answer (A) is incorrect because this subject is internal auditor found in the course of the examination
inappropriate for the scope section. (what does exist)." If actual and expected conditions
differ, the cause is "the reason for the difference
Answer (B) is correct. SIAS 2 states, "Scope between the expected and actual conditions (why the
statements should identify the audited activities and difference exists)." The effect is "the risk or exposure
64
that auditee organization and/or others encounter based on a comparison of what should exist with
because the condition is not the same as the criteria what does exist. If there is a difference, findings
(the impact of the difference)." Thus, cause provides should state the reasons and the resulting effects.
the answer to the question "Why?" and should be the
basis for corrective action. Answer (C) is incorrect because audit findings must
be statements of fact rather than statements
Answer (C) is incorrect because risk or exposure is representing an auditor's opinion. Opinions represent
the effect attribute. the auditor's evaluations of the effects of audit findings
on the activities reviewed.
Answer (D) is incorrect because resultant evaluations
are the auditor's conclusions. Answer (D) is incorrect because audit findings
concern current, not future, factual conditions or
events.
[193] Source: CIA 0589 I-38
Answer (A) is correct. According to SIAS 2, [195] Source: CIA 0590 II-34
"Findings are pertinent statements of fact. Those
findings which are necessary to support or prevent Answer (A) is correct. SIAS 2 states that findings
misunderstanding of the internal auditor's conclusions should be based on four attributes. Criteria are "the
and recommendations should be included in the final standards, measures, or expectations used in making
audit report. Less significant information or findings an evaluation and/or verification (what should exist)."
may be communicated orally or through informal The written procedures represent the standard
correspondence. Audit findings emerge by a process (criteria) against which audit findings concerning
of comparing 'what should be' with 'what is'. Whether segregation of responsibility would be measured.
or not there is a difference, the internal auditor has a
foundation on which to build the report. When Answer (B) is incorrect because condition is defined
conditions meet the criteria, acknowledgment in the as "the factual evidence that the internal auditor found
audit report of satisfactory performance may be in the course of the examination (what does exist)."
appropriate. Findings should be based on the
following attributes: Answer (C) is incorrect because the effect is "the risk
or exposure that auditee organization and/or others
Criteria: The standards, measures, or expectations encounter because the condition is not the same as
used in making an evaluation and/or verification (what the criteria (the impact of the difference)."
should exist).
Answer (D) is incorrect because an opinion is not an
Condition: The factual evidence which the internal attribute of a finding.
auditor found in the course of the examination (what
does exist).
[196] Source: CIA 0588 II-45
If there is a difference between the expected and
actual conditions, then: Answer (A) is incorrect because a summary
condenses the information in the full report.
Cause: The reason for the difference between the
expected and actual conditions (why the conditions Answer (B) is correct. According to SIAS 2,
exist). Communicating Results, summary reports highlighting
audit results may be appropriate for levels of
Effect: The risk or exposure the auditee organization management above the head of the audited unit. They
and/or others encounter because the condition is not may be issued separately from or in conjunction with
the same as the criteria (the impact of the difference). the final report.
The report findings may also include Answer (C) is incorrect because a summary is not
recommendations, auditee accomplishments, and limited to a particular audit objective.
supporting information if not included elsewhere."
Answer (D) is incorrect because a summary need not
Answer (B) is incorrect because findings concern auditor-auditee conflicts.
communicate the effect of the difference between
what is and what should be.
[197] Source: CIA 1187 I-42
Answer (C) is incorrect because findings result from
many other activities as well. Answer (A) is incorrect because this situation does
not indicate a need for immediate auditee action.
Answer (D) is incorrect because the results of the
audit may include findings, conclusions (opinions), Answer (B) is incorrect because this situation does
and recommendations. Conclusions are evaluations of not indicate a need for immediate auditee action.
findings.
Answer (C) is incorrect because when fraud is
suspected, care should be taken not to warn possible
[194] Source: CIA 0593 II-37 wrongdoers of its detection.
Answer (A) is incorrect because audit findings must Answer (D) is correct. Written interim reports
be statements of fact rather than statements provide a prompt means of documenting a condition
representing an auditor's opinion. Opinions represent requiring immediate action. Failure of an auditee to
the auditor's evaluations of the effects of audit findings comply with the law is a situation that should not wait
on the activities reviewed. for issuance of the final report.
65
Answer (D) is correct. The board of directors
Answer (A) is incorrect because the purpose of the ordinarily receives summary reports only.
audit is formally defined in the final report and is
discussed with the auditee's management prior to
beginning the audit. [201] Source: CIA 0589 II-41
Answer (B) is incorrect because the issuance of Answer (A) is correct. According to SIAS 2, "Audit
interim reports does not diminish or eliminate the reports should be distributed to those members of the
need for a final report. organization who are able to ensure that audit results
are given due consideration. This means that the
Answer (C) is correct. According to SIAS 2, report should go to those who are in a position to
"Interim reports may be used to communicate take corrective action or to ensure that corrective
information that requires immediate attention, to action is taken." As the head of the audited unit, the
communicate a change in audit scope for the activity marketing director is in a position to take corrective
under review, or to keep management informed of action.
audit progress when audits extend over a long
Answer (B) is incorrect because this person cannot
period." take corrective action.
Answer (D) is incorrect because the scope of the Answer (C) is incorrect because this person cannot
audit cannot be formally defined until the final report. take corrective action.
Interim findings may alter the scope during the audit.
Answer (D) is incorrect because this person cannot
take corrective action.
[199] Source: CIA 0587 I-44
Answer (A) is incorrect because it gives an [202] Source: CIA 1190 I-42
advantage.
Answer (A) is incorrect because summary written
Answer (B) is incorrect because it gives an reports contain insufficient detail for these managers.
advantage.
Answer (B) is incorrect because no document
Answer (C) is incorrect because it gives an classified as an audit report is restricted to auditors
advantage. only.
Answer (D) is correct. Providing draft reports to Answer (C) is correct. According to SIAS 2, "Audit
auditees for review and comment is not only a reports should be distributed to those members of the
courtesy that promotes good auditor-auditee relations organization who are able to ensure that audit results
but also a way to detect inaccuracies before the final are given due consideration. This means that the
report is issued. However, the auditor should be report should go to those who are in a position to
prepared for conflicts and questions and possibly take corrective action or to ensure that corrective
time-consuming disagreement over semantic matters. action is taken. The final audit report should be
While showing flexibility on matters not affecting the distributed to the head of each audited unit.
report's substance, the auditor's response to these Higher-level members in the organization may receive
conflicts should never be to negotiate the audit only a summary report. Reports may also be
opinion. distributed to other interested or affected parties such
as external auditors and audit committees." Thus,
summary written reports are usually intended for audit
[200] Source: CIA 1187 I-44 committees of boards of directors and/or higher-level
management.
Answer (A) is incorrect because reports should be
distributed to all those directly interested in the audit, Answer (D) is incorrect because no document
including the executive to whom the internal auditing classified as an audit report is restricted to auditors
function reports, the person to whom replies will be only.
addressed, the person responsible for the activity
reviewed, and the person required to take corrective
action. External auditors would likewise have an [203] Source: CIA 0593 I-38
interest in such reports.
Answer (A) is incorrect because, although improper
Answer (B) is incorrect because reports should be or illegal acts may be disclosed in a separate report,
distributed to all those directly interested in the audit, the internal auditor should not discuss such
including the executive to whom the internal auditing information with individuals who have committed such
function reports, the person to whom replies will be acts.
addressed, the person responsible for the activity
reviewed, and the person required to take corrective Answer (B) is incorrect because, in general, internal
action. External auditors would likewise have an auditors are responsible to their organization's
interest in such reports. management rather than outside agencies. In the case
of fraud, statutory filings with regulatory agencies may
Answer (C) is incorrect because reports should be be required.
distributed to all those directly interested in the audit,
including the executive to whom the internal auditing Answer (C) is incorrect because such information
function reports, the person to whom replies will be should be communicated to individuals to whom
addressed, the person responsible for the activity senior managers report.
reviewed, and the person required to take corrective
action. External auditors would likewise have an Answer (D) is correct. SIAS 2 states, "Certain
interest in such reports. information may not be appropriate for disclosure to
all report recipients because it is privileged,
66
proprietary, or related to improper or illegal acts. Answer (B) is incorrect because the finding is a result
Such information, however, may be disclosed in a of the audit and cannot be omitted.
separate report. If the conditions being reported
involve senior management, report distribution should Answer (C) is incorrect because management has
be to the audit committee of the board of directors or merely agreed to take action.
a similar high-level entity within the organization."
Answer (D) is incorrect because management's
disagreement may cause the auditor to reconsider the
[204] Source: CIA 0593 II-39 finding and recommendation.
Answer (A) is incorrect because resolving conflicts is [207] Source: CIA 1191 I-44
an objective of the exit conference.
Answer (A) is incorrect because removing items from
Answer (B) is incorrect because reaching an the pending list concerns a mechanical and immaterial
agreement on the facts is an objective of the exit aspect of the reporting process.
conference.
Answer (B) is correct. Reports should be timely to
Answer (C) is correct. According to Standard 430, enable prompt corrective action, and reports should
"The internal auditor should discuss conclusions and be distributed to those in a position to take corrective
recommendations at appropriate levels of action or to ensure that corrective action is taken
management before issuing final written reports." (SIAS 2). Moreover, Standard 440 requires internal
Furthermore, SIAS 2 states, "Discussion of auditors to follow up to ascertain that appropriate
conclusions and recommendations is usually action is taken on deficiency findings. The internal
accomplished during the course of the audit and/or at
postaudit meetings (exit interviews). Another auditor should determine that corrective action being
technique is the review of draft audit reports by the taken has the desired results or that management or
head of each audited unit. These discussions and the board has assumed the risk of not taking
reviews help ensure that there have been no corrective action. Consequently, it follows that the
misunderstandings or misinterpretations of fact by objectives of audits and the timely reporting of
providing the opportunity for the auditee to clarify findings would be defeated if auditees do not
specific items and to express views of the findings, promptly implement and report on corrective action.
conclusions, and recommendations." Identifying
concerns for future audits is not a primary objective Answer (C) is incorrect because the auditee may not
of the exit conference. concur with the finding. This dispute may or may not
be considered in closing the audit.
Answer (D) is incorrect because determining
management's action plan and responses is an Answer (D) is incorrect because ensuring that the
objective of the exit conference. audit schedule is kept up to date is an administrative
function of the audit organization.
67
viral infection. Ways to minimize computer virus risk
Answer (B) is incorrect because word processing in a networked system include restricted access,
software and automated workpaper packages would regularly updated passwords, periodic testing of
be more helpful. systems with virus detection software, and the use of
anti-virus software on all shareware prior to
Answer (C) is correct. Utilities software is useful for introducing it into the network.
performing certain standard tasks, such as sorting,
merging, copying, and printing file dumps. Utilities Answer (D) is incorrect because testing with antivirus
software performs specific tasks, such as sorting, software is preferable.
merging, printing, copying, and selecting records
based on specified criteria. It would be useful during
the audit in manipulating and selecting data. However, [213] Source: CMA 0695 4-25
spreadsheet, word processing, and database
software, as well as automated workpaper packages, Answer (A) is incorrect because the audit committee
provide flexible options in preparing and editing should consist only of outside directors.
working papers in a variety of formats allowing for a
combination of narratives, data matrices, graphic Answer (B) is incorrect because the extent to which
representations, etc. the external auditor makes use of the work of the
internal auditor is entirely at the discretion of the
Answer (D) is incorrect because database software external auditor; however, internal and external audit
and automated workpaper packages would be more efforts should be coordinated.
helpful.
Answer (C) is correct. The Treadway Commission
issued its report in 1987 in response to allegations of
[210] Source: CIA 0594 III-10 widespread financial reporting fraud by public
companies. It recommended that (1) management
Answer (A) is incorrect because monitoring the must perform an ongoing fraud-risk assessment,
execution of application programs is mapping. maintain an effective internal control structure,
establish written codes of conduct, and design
Answer (B) is incorrect because use of an integrated appropriate accounting functions that meet reporting
test facility entails processing test data against master obligations; (2) an effective internal audit function
files that contain real and fictitious entities. exist in which auditors have unrestricted and direct
access to the audit committee and the CEO and
Answer (C) is correct. Generalized audit software coordinate their work with that of the public
involves the use of computer software packages that accountants; (3) every public company have an audit
allow not only parallel simulation, but also a variety of committee composed of outside directors; and (4)
other processing functions, such as extracting sample the sponsoring organizations set up an
items, verifying totals, developing file statistics, and interdisciplinary body to develop an integrated
retrieving specified data fields. internal control framework.
Answer (D) is incorrect because an embedded audit Answer (D) is incorrect because the Treadway
routine involves inserting special audit routines into Report concerned public companies.
application programs.
Answer (B) is incorrect because a macro is a Answer (B) is correct. The 1987 Treadway
program written in the language of the spreadsheet. Commission Report examined the roles of the internal
as well as external auditors in preventing and
Answer (C) is correct. An electronic spreadsheet detecting fraudulent financial reporting. Thus, it
permits the creation of a template, which contains a emphasized that the internal audit function should
model of the relationships among the variables, have unrestricted and direct access to the CEO and
specifies the procedures for manipulating values, and the audit committee and should coordinate its work
defines the format of the output. with that of the external auditors. The report also
indicated that nonfinancial internal audits perform an
Answer (D) is incorrect because a screen is the educational role. Internal auditors are better able to
display area that shows the spreadsheet. detect fraudulent financial reporting if they have a
better knowledge of company operations.
[212] Source: CIA 0594 III-29 Answer (C) is incorrect because external auditors
should obtain an understanding of the internal audit
Answer (A) is incorrect because running a different function, determine whether the internal auditors
program as a test and backing up hard disk files may work is relevant to the audit and whether considering
cause the virus to spread and do additional damage. that work further is efficient, and, if the work is
relevant and considering it further is efficient, assess
Answer (B) is incorrect because rebooting the system the competence and objectivity of the internal
and backing up hard disk files may cause the virus to auditors in the light of the effect of their work on the
spread and do additional damage. audit. Thus, external auditors do not consider the
work of the internal auditors that is irrelevant to the
Answer (C) is correct. The described condition is a audit.
symptom of a virus. Many viruses will spread and
cause additional damage. Use of an appropriate Answer (D) is incorrect because the external auditor
antivirus program may identify and even eliminate a is engaged to report on a financial statement audit.
68
Answer (C) is correct. The independent auditor may
make use of internal auditors to provide direct
[215] Source: CMA 0682 3-17 assistance in performing both substantive tests and
tests of controls provided that (s)he considers their
Answer (A) is incorrect because published financial competence and objectivity, supervises and tests their
statements are only required to be fairly presented. work, and makes all judgments regarding matters that
An audit cannot assure correctness. affect the report on the financial statements.
Answer (B) is incorrect because the internal auditor's Answer (D) is incorrect because the internal auditor
responsibility is limited to determining that the system should not be independent of the external auditor
has adequate controls to prevent or deter forms of when working under his/her supervision.
fraud generally known to be possible.
Answer (C) is incorrect because the internal auditor [219] Source: CMA 0686 3-19
is not an attorney and accordingly cannot assure
compliance with legal requirements. Answer (A) is incorrect because judgments as to
control risk, sufficiency of tests performed, materiality
Answer (D) is correct. Internal auditing is an of transactions, and other matters affecting the report
independent appraisal activity within an organization on the financial statements must be those of the
for the review of operations as a service to members independent auditor (AU 322).
of the organization. It is a management control which
functions by examining and evaluating the efficiency Answer (B) is correct. Because the ultimate
and effectiveness of other controls, i.e., to see that responsibility for the rendering of an opinion rests
day-to-day operations are under reasonable control. with the external auditor, (s)he must make all
decisions that require judgment. Thus, the internal
auditor might select the sample size once the external
[216] Source: CMA 0684 3-31 auditor has chosen the confidence level. The selection
of sample size is essentially a clerical task once risk
Answer (A) is incorrect because it is a lesser levels have been ascertained by the external auditor.
responsibility of the auditor.
Answer (C) is incorrect because judgments as to
Answer (B) is incorrect because the internal auditor control risk, sufficiency of tests performed, materiality
does not attest to the fairness of financial statements. of transactions, and other matters affecting the report
on the financial statements must be those of the
Answer (C) is correct. Internal auditing acts as a independent auditor (AU 322).
managerial control that measures and evaluates the
effectiveness of internal accounting and administrative Answer (D) is incorrect because judgments as to
controls. The Statement of Responsibilities of Internal control risk, sufficiency of tests performed, materiality
Auditing indicates that the objective of internal of transactions, and other matters affecting the report
auditing is to assist all members of management in the on the financial statements must be those of the
effective discharge of their responsibilities by independent auditor (AU 322).
furnishing an analysis of internal control activities.
Answer (D) is incorrect because it is a lesser [220] Source: CMA 1285 3-13
responsibility of the auditor.
Answer (A) is incorrect because a schedule of
interbank transfers is used to uncover kiting, not
[217] Source: CIA 1192 I-23 lapping. Kiting is the recording of a deposit from an
interbank transfer in the current period while failing to
Answer (A) is incorrect because applying a particular record the related disbursement until the next period.
method of inventory valuation will not identify specific
item shortages. Answer (B) is correct. Lapping is the delayed
recording of cash receipts to cover a cash shortage,
Answer (B) is correct. A comparison of physical such as when receipts from accounts which were
inventory counts with perpetual records is required. actually paid yesterday are reported as today's
The perpetual records should provide an accurate receipts. The best protection is for the customers to
estimate of the inventory balance (what should be) send payments directly to the company's depository
and the count determines how much is on hand (what bank. This procedure precludes client personnel from
is). A discrepancy suggests theft. having the opportunity to "borrow" the money.
Lapping may be detected by comparing details of
Answer (C) is incorrect because use of the gross bank deposits with the client's record of cash
profit percentage will not identify specific shortages. receipts. Since the theft of a payment from one
customer may be covered (lapped) with a payment
Answer (D) is incorrect because analysis of inventory from another customer, a comparison of remittance
turnover rates will not identify specific shortages. advices with the subsidiary accounts receivable
ledger may be helpful. Also, if the auditor suspects
the duplicate deposit slips have been tampered with,
[218] Source: CMA 0684 3-33 (s)he should compare them with the originals held by
the bank.
Answer (A) is incorrect because the external auditor
must establish limits of materiality, not the internal Answer (C) is incorrect because a proof of cash
auditor. would not uncover lapping since it does not entail an
examination of receivables.
Answer (B) is incorrect because the external auditor
must establish limits of materiality, not the internal Answer (D) is incorrect because controlling cash
auditor. receipts will only mean that the one day's receipts will
be properly recorded; a lapper may not work every
69
day. [224] Source: CMA 0687 3-18
70
amounts.
Answer (C) is correct. According to authoritative Answer (B) is incorrect because the Standards
pronouncements of The IIA, the scope of work of provide no actual authority to internal auditors.
internal auditors extends to "the examination and
evaluation of the adequacy and effectiveness of the Answer (C) is correct. According to the SRIA,
organization's system of internal control and the internal auditing "functions under the policies
quality of performance in carrying out assigned established by senior management and the board.
responsibilities." The primary objectives of internal The director of internal auditing should seek approval
control are to ensure compliance with policies, plans, of the charter by senior management as well as
procedures, laws, and regulations; accomplishment of acceptance by the board. The charter should make
established objectives and goals; reliability and clear the purposes of the internal audit department,
integrity of information; economical and efficient use specify the unrestricted scope of its work, and
of resources; and safeguarding of assets. However, declare that auditors are to have no authority or
risk associated with statistical sampling (sampling responsibility for the activities they audit."
risk) is a lesser concern of an internal auditor because
it can be measured and controlled. Answer (D) is incorrect because management and the
board, not a committee of the board and a particular
Answer (D) is incorrect because safeguarding of manager, endow internal auditing with its authority.
assets is a primary objective of internal control.
71
Answer (B) is incorrect because witnesses should be
interviewed singly to obtain independent statements. Answer (D) is incorrect because field work can be
Answer (C) is correct. The internal auditor must not performed only after the audit program has been
compound a felony. It is unlawful to bargain for written. Thus, field work cannot immediately follow
restitution by agreeing not to press charges. the on-site survey.
Moreover, dropping charges may result in loss of
confidence in future cases by the police, prosecutors,
and courts. [237] Source: CIA 1184 I-14
Answer (D) is incorrect because allowing a suspect Answer (A) is incorrect because the reliability and
to return to work may result in loss of evidence. integrity of financial information are important in
operational auditing. Information systems provide
data for decision making, control, and compliance
[234] Source: CIA 0592 I-28 with external requirements.
Answer (A) is incorrect because a standard audit Answer (B) is correct. Financial auditing is primarily
program is appropriate for use in a minimally concerned with forming an opinion on the fairness of
changing operating environment. It may save effort the financial statements. Operational auditing
and provide continuity. evaluates compliance with policies, plans,
procedures, laws, and regulations; accomplishment of
Answer (B) is correct. A standard program is not established objectives and goals for operations or
appropriate for a complex or changing operating programs; and economical and efficient use of
environment. The audit objectives and related work resources.
steps may no longer be relevant.
Answer (C) is incorrect because using financial
Answer (C) is incorrect because a standard audit statements as a starting point describes financial
program can be used to audit multiple locations with auditing.
similar operations if the same objectives and controls
are present. Answer (D) is incorrect because analytical skills are
necessary in all types of auditing.
Answer (D) is incorrect because a standard audit
program is acceptable for conducting subsequent
inventory audits at the same location if the inventory [238] Source: CIA 1196 II-14
functions performed have not varied substantially.
Answer (A) is incorrect because informing the audit
committee and senior management is a major
[235] Source: CIA 0592 II-18 purpose of an audit report.
Answer (A) is correct. A written audit program Answer (B) is incorrect because getting results is a
prescribes the nature, timing, and extent of work to major purpose of an audit report.
be done. It sets forth in reasonable detail the specific
audit procedures the auditor believes are necessary Answer (C) is correct. According to Sawyer's
to accomplish the audit objectives. It is thus a useful Internal Auditing (p. 611), audit reports are intended
tool in scheduling and controlling the audit. However, to inform, persuade, and get results. They explain the
an audit program must be adapted to the specific auditors' findings, attempt to convince the recipients
needs of the audit after the auditor establishes the of the report of the value and validity of those
audit objectives and scope, determines the resources findings, and attempt to foster beneficial change.
required, and conducts a preliminary survey.
Answer (D) is incorrect because persuading the audit
Answer (B) is incorrect because a generalized committee and senior management that certain
program cannot take into account variations resulting conditions exist is a major purpose of an audit report.
from changing circumstances and varied conditions.
Answer (C) is incorrect because a generalized [239] Source: CIA 0594 II-14
program cannot take into account variations in
circumstances and conditions. Answer (A) is correct. According to SIAS 3,
"Investigation consists of performing extended
Answer (D) is incorrect because every aspect of an procedures necessary to determine whether fraud, as
operation need not be examined, only those aspects suggested by the indicators, has occurred. It includes
likely to conceal problems and difficulties. gathering sufficient evidential matter about the specific
details of a discovered fraud. Internal auditors,
lawyers, investigators, security personnel, and other
[236] Source: CIA 1192 I-21 specialists from inside or outside the organization are
the parties that usually conduct or participate in fraud
Answer (A) is incorrect because audit personnel are investigations." Hence, internal auditors are fact
usually assigned before the on-site survey. gatherers. However, internal auditors are not
normally trained as interrogators of suspected
Answer (B) is incorrect because initial audit perpetrators.
objectives are established at the beginning of the
planning process. They should be specified before the Answer (B) is incorrect because confining a suspect
on-site survey. is considered false imprisonment.
Answer (C) is correct. The audit program is normally Answer (C) is incorrect because obtaining
prepared after the on-site survey. The on-site survey confessions is the role of an investigator.
allows the auditor to become familiar with the auditee
and therefore provides input to the audit program. Answer (D) is incorrect because waiving punishment
72
is considered to be compounding a felony. The right objectivity (Standard 120).
to punish or forgive a criminal act is reserved to the
state.
[243] Source: CIA 1195 I-45
[240] Source: CIA 0595 I-60 Answer (A) is incorrect because lack of support by
the CEO and lack of outside directors weaken the
Answer (A) is incorrect because the charter internal auditors' position.
establishes the department's position within the
organization; authorizes access to records, personnel, Answer (B) is incorrect because lack of support by
and physical properties; and defines the scope of the CEO and lack of a charter weaken the internal
internal audit activities. auditors' position.
Answer (B) is incorrect because the charter Answer (C) is incorrect because lack of support by
establishes the department's position within the the CEO weakens the internal auditor's position.
organization; authorizes access to records, personnel,
and physical properties; and defines the scope of Answer (D) is correct. The CEO's statement
internal audit activities. suggests that the internal auditors lack the support of
management and the board. Furthermore, the lack of
Answer (C) is correct. The Standards state that the outside directors may contribute to a loss of auditor
independence of internal auditing is enhanced when independence. The failure to approve the charter may
the board concurs in the appointment or removal of have the same effect. The charter enhances the
the director but otherwise do not discuss the length of auditor's independence because it clearly specifies, in
the director's employment. advance, the authority, scope, and responsibility of
the internal auditing function.
Answer (D) is incorrect because the charter
establishes the department's position within the
organization; authorizes access to records, personnel, [244] Source: CIA 1194 I-61
and physical properties; and defines the scope of
internal audit activities. Answer (A) is correct. Since the auditor reports
directly to the board of directors, (s)he has
organizational independence. However, the auditor's
[241] Source: CIA 1195 I-40 objectivity has been impaired by his/her failure to
report the cash shortage. Under Standard 260, the
Answer (A) is correct. The charter should define the auditor is obligated to notify the appropriate
purpose, authority, and responsibility of the internal authorities within the organization of suspected or
audit department. Among other matters, it should known wrongdoing.
define the scope of internal audit activities.
Furthermore, the director should submit annually to Answer (B) is incorrect because the auditor's
management for approval and to the board for its objectivity has been impaired by his/her failure to
information a summary of the department's audit report the cash shortage. However, the auditor
work schedule, staffing plan, and financial budget reports to the board of directors and therefore has
(Standard 110). organizational independence.
Answer (B) is incorrect because the auditee does not Answer (C) is incorrect because the auditor's
determine the scope of the audit. objectivity has been impaired by his/her failure to
report the cash shortage. However, the auditor
Answer (C) is incorrect because other objectives reports to the board of directors and therefore has
may be established by management and the auditor. organizational independence.
The audit should not be limited to the specific
standards set by the quality assurance department, Answer (D) is incorrect because the auditor's
but it should consider such standards in the objectivity has been impaired by his/her failure to
development of the audit program. report the cash shortage. However, the auditor
reports to the board of directors and therefore has
Answer (D) is incorrect because the auditor should organizational independence.
conduct the audit and communicate any scope
limitations to management and the board.
[245] Source: CIA 1194 I-56
[242] Source: CIA 1195 I-47 Answer (A) is incorrect because documentation in
the by-laws does little to promote independence.
Answer (A) is incorrect because the auditor should
accept the engagement. Recommending controls is Answer (B) is incorrect because legislated internal
not considered a violation of the auditor's auditing requirements in Country X do not promote
independence or objectivity. independence.
Answer (B) is incorrect because the auditor should Answer (C) is correct. According to Standard 100,
accept the engagement. Auditors should have control independence is achieved through organizational
knowledge that is not limited to accounting controls. status and objectivity. The director should be
responsible to an individual with sufficient authority to
Answer (C) is incorrect because audit independence promote independence. The board of directors is the
is not impaired by making control recommendations. highest authority in the organization.
Answer (D) is correct. The auditor should accept the Answer (D) is incorrect because independence is
engagement, assign staff with sufficient control achieved through organizational status and objectivity.
knowledge, and make appropriate recommendations.
Recommending standards of control does not impair
73
[246] Source: CIA 1196 I-26 Answer (A) is correct. Sufficient information is
defined as factual, adequate, and convincing so that a
Answer (A) is correct. The audit committee is a prudent, informed person would reach the same
subcommittee made up of outside directors who are conclusions as the auditor. These tests are insufficient
independent of corporate management. Its purpose is because the auditor did not determine that each
to help keep external and internal auditors container had an inspection seal signed within the last
independent of management and to assure that the 90 days.
directors are exercising due care. However, if
independence is impaired by personal and Answer (B) is incorrect because the information is
professional friendships, the effectiveness of the audit competent. It is reliable and the best attainable
committee may be limited. through the use of appropriate audit techniques.
Answer (B) is incorrect because the compensation Answer (C) is incorrect because the information is
audit committee members receive is usually minimal. relevant. It supports audit findings and
They should be independent and therefore not limited recommendations and is consistent with the
to a shareholder's perspective. objectives for the audit.
Answer (C) is incorrect because, although audit Answer (D) is incorrect because the sufficiency
committees are concerned with external audits, they criterion was violated.
also devote attention to the internal audit function.
Answer (D) is incorrect because audit committee [250] Source: CIA 1194 I-16
members do not need degrees in accounting or
auditing to understand audit reports. Answer (A) is incorrect because the sufficiency
criterion has not been violated. Physical observation
by the auditor is sufficient to determine deterioration
[247] Source: CIA 1190 II-20 and need for repairs.
Answer (A) is incorrect because whether sampling is Answer (B) is incorrect because the competency
appropriate and the results are valid are issues related criterion has not been violated. On-site observation is
to the determination of sufficiency and competence an appropriate technique to determine deterioration
rather than relevance. and needed repairs.
Answer (B) is incorrect because objectivity and lack Answer (C) is incorrect because the relevance
of bias do not assure that information will support criterion has not been violated. The evidence
audit findings and recommendations and be consistent obtained by the auditor supports findings about the
with the audit objectives. physical condition of the department.
Answer (C) is incorrect because it defines evidence Answer (D) is correct. The observations made about
sufficient so that a prudent, informed person would the vehicle maintenance department contain sufficient
reach the same conclusion as the auditor. information (factual, adequate, and convincing so that
a prudent, informed person would reach the same
Answer (D) is correct. "Information should be conclusions) that is competent (reliable and the best
sufficient, competent, relevant, and useful to provide attainable through the use of appropriate audit
a sound basis for audit findings and techniques) and relevant (supports audit findings and
recommendations. Relevant information supports recommendations and is consistent with the
audit findings and recommendations and is consistent objectives for the audit).
with the objectives for the audit" (Standard 420).
Answer (A) is incorrect because sufficient evidence is Answer (A) is incorrect because the sufficiency
factual, adequate, and convincing. The information criterion has not been violated. The analytical
contained on the document may be none of those comparison, direct observation, and review of the
things. market survey provide sufficient evidence of the
effectiveness and validity of expenditures.
Answer (B) is correct. Competent evidence is
reliable and the best available through the application Answer (B) is incorrect because the competency
of appropriate audit procedures. An original criterion has not been violated. Analysis, observation,
document is the prime example of such evidence. and review by the auditor are all methods of obtaining
competent, reliable evidence.
Answer (C) is incorrect because relevancy concerns
the relationship of the evidence to some objective of Answer (C) is incorrect because the relevance
the audit. No audit objective is disclosed in the criterion has not been violated. The analytical
question. Thus, whether the information on the comparisons, direct observations, and review of the
document is relevant to the investigation cannot be marketing survey are all types of evidence relevant to
determined. the evaluation of the marketing expenditures.
Answer (D) is incorrect because usefulness is Answer (D) is correct. The audit evidence contains
achieved if the item of evidence helps the organization sufficient information (factual, adequate and
(the auditor, in this case) to accomplish convincing so that a prudent, informed person would
predetermined goals. No such goals are specified. reach the same conclusions) that is competent
(reliable and the best attainable through the use of
appropriate audit techniques) and relevant (supports
[249] Source: CIA 1194 I-15 audit findings and recommendations and is consistent
with the objectives for the audit).
74
[255] Source: CIA 0589 I-13
[252] Source: CIA 1192 II-22
Answer (A) is incorrect because a program audit
Answer (A) is correct. According to Standard 410, would entail evaluating educational benefits. A
internal auditors should plan each audit. Planning program audit evaluates the costs and effectiveness of
should be documented and should include, as a first an activity funded by the organization that is ancillary
step, establishing audit objectives and scope of work. to its main operations.
Answer (B) is incorrect because the scheduling and Answer (B) is incorrect because an organizational
time estimates are based on the audit objectives and audit applies to a single "organization" within the
the scope of the audit. entity, e.g., personnel. An organizational audit is
primarily concerned with management control, that is,
Answer (C) is incorrect because the preliminary with how well managers are applying management
survey is performed after the audit objectives are principles.
determined.
Answer (C) is correct. In a functional audit, the
Answer (D) is incorrect because the audit program is auditor follows a function from beginning to end, even
developed after the preliminary survey and is based if that function involves more than one organizational
on the audit objectives and the scope of the audit. subunit. The auditor emphasizes the operation more
than its administrative or personnel activities.
[253] Source: CIA 0594 I-27 Answer (D) is incorrect because a contract audit
involves evaluation of a project undertaken for the
Answer (A) is correct. An evaluation of the merit of organization by an outside entity, such as construction
lawsuits requires legal expertise. At most, an internal of a building.
auditor is required to have an appreciation of the
fundamentals of commercial law, that is, an ability to
recognize the existence of problems and to determine [256] Source: CIA 0590 I-50
the assistance to be obtained. Hence, the auditors'
responsibility is limited to using consultants to Answer (A) is incorrect because, by always giving
evaluate the merits of the lawsuits. the impression that additional evidence is in reserve,
the internal auditor is more apt to obtain complete
Answer (B) is incorrect because compliance with and truthful answers.
legal requirements is within the scope of internal
auditing. Answer (B) is incorrect because fraud investigations
usually occur unexpectedly and cannot be scheduled
Answer (C) is incorrect because compliance with in advance. Also, the fraud investigation must be
loan covenants is within the scope of internal auditing. conducted by individuals having the appropriate
expertise, even if another assignment must be
Answer (D) is incorrect because appraising the delayed.
economy and efficiency with which resources are
employed and reviewing the accomplishment of Answer (C) is incorrect because internal auditing
objectives and goals are within the scope of work of should coordinate its activities with the other
internal auditors. investigators mentioned.
75
required when suspicious acts are reported to the
auditor. Answer (D) is incorrect because a report to
operating management would not include such details.
Answer (C) is incorrect because irregular
transactions under investigation would not require
reporting until the investigation phase is completed. [261] Source: CIA 1196 II-16
Answer (D) is incorrect because reporting should Answer (A) is correct. The auditor neglected to
occur when the incidence of fraud of a material organize the information. Because the information
amount has been established to a reasonable being communicated is complicated, the report's
certainty. content should be organized in a logical sequence to
facilitate understanding and acceptance. For this
reason, standard formats are often used in business
[258] Source: CIA 0593 II-45 communications.
Answer (A) is incorrect because participatory Answer (B) is incorrect because the nature of an
budgeting can reduce antagonism to budgets and audience is a situational factor that is outside the
reduce the likelihood of inappropriate means of control of the auditor.
meeting the budget.
Answer (C) is incorrect because noise is a situational
Answer (B) is correct. Unrealistically high sales or factor that interferes with the effective communication
production quotas can be an incentive to falsify the of intended messages.
records or otherwise take inappropriate action to
improve performance measures so that the quotas Answer (D) is incorrect because the history of
appear to have been met. previous encounters is a situational factor that is
outside the control of the auditor.
Answer (C) is incorrect because hiring policies
should be based on factors other than adequate
training, such as the applicants' personal integrity. [262] Source: CIA 1196 II-17
Furthermore, hiring of all adequately trained
applicants is unlikely to be necessary. Answer (A) is incorrect because an audit report
should be appropriately organized, be concise, and
Answer (D) is incorrect because, under the use active voice verbs.
reasonable assurance concept, the cost of controls
should not exceed their benefits. The cost of applying Answer (B) is incorrect because an audit report
controls to all relevant transactions rather than a should be appropriately organized, be concise, and
sample may be greater than the resultant savings. use active voice verbs.
Answer (C) is incorrect because rationalization is [263] Source: CIA 1196 II-18
common to all fraud.
Answer (A) is correct. Although a portion of the
Answer (D) is incorrect because high expectations scope is discussed, the reader cannot determine the
are often given as a motivating factor by those who significance of the amount of machines selected
have committed financial statement fraud. without knowing the total amount of machines
available and the value of the machinery. Also, the
conclusion or auditor's opinion of the operation is not
[260] Source: CIA 0590 I-49 stated, and the report makes no recommendations.
Answer (A) is incorrect because a report on fraud Answer (B) is incorrect because the purpose of the
that has been detected should not include this audit was clearly stated, and the result of the audit
language. was given.
Answer (B) is correct. SIAS 3 states, "A preliminary Answer (C) is incorrect because the purpose of the
or final report may be desirable at the conclusion of audit was clearly stated, and the result of the audit
the detection phase. The report should include the was given.
internal auditor's conclusion as to whether sufficient
information exists to conduct an investigation. It Answer (D) is incorrect because the purpose of the
should also summarize findings that serve as the basis audit was clearly stated, and the result of the audit
for such a decision." was given.
76
Answer (A) is incorrect because this course of action
Answer (A) is incorrect because the board would be would be appropriate only for the chief executive
consulted initially only if the immediate superior is the officer or for his/her immediate subordinate when the
chief executive officer and that person is involved in CEO is involved in the conflict.
the ethical conflict.
Answer (B) is incorrect because the proper action
Answer (B) is correct. The Standards of Ethical would be to present the matter to the next higher
Conduct for Practitioners of Management Accounting managerial level.
and Financial Management state that the financial
manager/management accountant should first discuss Answer (C) is incorrect because such action is
an ethical problem with his/her immediate superior. If inappropriate unless legally prescribed.
the superior is involved, the problem should be taken
initially to the next higher managerial level. Answer (D) is correct. In these circumstances, the
problem should be discussed with the immediate
Answer (C) is incorrect because unless "legally superior unless (s)he is involved. In that case, initial
prescribed, communication of such problems to presentation should be to the next higher managerial
authorities or individuals not employed or engaged by level. If the problem is not satisfactorily resolved after
the organization is not considered appropriate." initial presentation, the question should be submitted
to the next higher level.
Answer (D) is incorrect because resignation is a last
resort.
[268] Source: Publisher
77
If the immediate superior is the chief executive officer, suggestions from the "Resolution of Ethical Conflict"
or equivalent, the acceptable reviewing authority may paragraph is to "clarify relevant ethical issues by
be a group such as the audit committee, executive confidential discussion with an objective advisor (e.g.,
committee, board of directors, board of trustees, or IMA Ethics Counseling Service) to obtain a better
owners." understanding of possible courses of action."
78