Week 1-3

Let’s Check

1. Internal Auditing It is an independent, objective assurance and consulting activity designed to add
value and improve an organization’s operations. It helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk
management, control and governance processes.

2. Operational Audit It is a future-oriented, systematic, and independent evaluation of organizational

activities. Financial data may be used, but the primary sources of evidence are the operational policies
and achievements related to organizational objectives. Internal controls and efficiencies may be
evaluated during this type of review.

3. Assurance It is the auditors’ ability to give confidence and make statements regarding the condition of
matters within the organization.

4. Independence Internal auditing works under the principle of objectivity. Activities must be carried out
in an unbiased manner and free from the influences of management.

5. _Assurance and Consulting Activity Is an additional consultancy arm of the company, which provides
advice and assistance to management on how to manage risks, control and governance issues?

6. __Designed to add value__. Audit activities are client-based and are responsive to the needs of the
organization. Benefits are aligned to the company’s overall goals.

7. __Improve and Organizations operations__. The end goal of internal auditing is to bring continuous
improvement to the organization and offer alternative solutions to better the conduct of business thus
achieve operational success.

8. __Systematic Disciplined Approach__. It has a clear set of professional standards and guidance on
policies and procedures in order to deliver quality service.

9. __Evaluate and Improve__. What is found during the audit should be presented and evaluated against
company policies and standards. Evaluation tools and techniques must be applied in a professional and
impartial manner to give reliable results.

10. ___Effectiveness___. The principal motive of audit is to ensure the link between controls and
objectives. Audit works to achieve effectiveness in its operation systems and strategies.

11. _Risk management control and governance process_. The internal audit activity must evaluate the
effectiveness and contribute to the improvement of risk management processes.

12. _Reliability and Integrity of Financial and operational information_. This refers to the internal
auditor’s review of the reliability and integrity of financial and operating information and the means
used to identify, measure, classify and report such information.

13. __Effectiveness and efficiency of operations__. This refers to the internal auditor’s appraisal of the
economy and efficiency with which resources are employed.

14. __ Safeguarding of assets__. This pertains to the internal auditor’s review of the means of
safeguarding and, as appropriate, verifying the existence of assets.
15. __ Compliance with laws, regulations and contracts__. This pertains to the auditor’s review of the
systems established to ensure compliance with policies, plans, procedures, laws, regulations and
important contracts which could have a significant impact on operations and reports; and whether the
organization is in compliance.

Let’s Check

IA Performed by company employees

EA Performed by an outside firm
IA Hired by the company
EA Appointed by a shareholder vote
IA Do not have to be performed by CPAs
EA A CPA must direct the activities
IA Auditors are responsible to the management
EA Auditors are responsible to the shareholders
IA Issues finding in any type of report format
EA There is a specific format for audit opinions and management letters
IA Reports are used by management.
EA Reports are used by stockholders, such as investors, creditors and lenders.
IA Can be used to provide advice and other consulting assistance to employees.
EA Constrained from support a client too closely.
IA Auditor examines issues related the company business practices and risks
EA Examine financial records and issue an opinion regarding the financial statements of the company
IA Conducted throughout the year
EA Conducted once a year or as needed
OA Determines if policies contribute to effective and efficient operations

Let’s Check
Activity 1.
1. The internal audit function is generally considered independent when it can carry out its work freely
and ________.
a. Effectively
b. Objectively
c. Efficiently
d. All of the above

2. Internal audit works and is guided by a set of standards to ensure credibility, reliability and quality of
internal audit practitioners and their audit work. This professional discipline called as
a. Code of Ethics
b. Code of Standards
c. Corporate Governance
d. Audit Professionalism
3. Internal audit definition, audit objectives must be carried out in unbiased manner and free from
influence of management.
a. Assurance and consulting activity
b. Independence
c. Designed to add value
d. Systematic approach

4. Internal auditors perform their work honesty, diligence and responsibility.

a. Objectivity
b. Competence
c. Integrity
d. Confidentiality

5. Internal auditor shall engage only in those services for which they have necessary knowledge, skills
and experience.
a. Competence
b. Objectivity
c. Integrity
d. Confidentiality

6. Code of Ethics: Shall perform their work with honesty, diligence, and responsibility
a. Integrity
b. Objectivity
c. Confidentiality
d. Competence

7. Code of Ethics: Shall engage only in those services for which they have the necessary knowledge, skills,
and experience
a. Integrity
b. Objectivity
c. Confidentiality
d. Competence

8. Code of Ethics: Shall perform internal audit services in accordance with the International Standards for
the Professional Practice of Internal Auditing
a. Integrity
b. Objectivity
c. Confidentiality
d. Competence

9. Code of Ethics: Shall not knowingly be a party to any illegal activity, or engage in acts that are
discreditable to the profession of internal auditing or to the organization
a. Integrity
b. Objectivity
c. Confidentiality
d. Competence

10. Code of Ethics: Shall not participate in any activity or relationship that may impair or be presumed to
impair their unbiased assessment. This participation includes those activities or relationships that may
be in conflict with the interests of the organization
a. Integrity
b. Objectivity
c. Confidentiality
d. Competence

11. Code of Ethics: Shall not accept anything that may impair or be presumed to impair their professional
judgement
a. Integrity
b. Objectivity
c. Confidentiality
d. Competence

12. Code of Ethics: Shall observe the law and make disclosures expected by the law and the profession
a. Integrity
b. Objectivity
c. Confidentiality
d. Competence

13. Code of Ethics: Shall respect and contribute to the legitimate and ethical objectives of the
organization
a. Integrity
b. Objectivity
c. Confidentiality
d. Competence

14. Code of Ethics: Shall be prudent in the use and protection of information acquired in the course of
their duties
a. Integrity
b. Objectivity
c. Confidentiality
d. Competence

15. Code of Ethics: Shall not use information for any personal gain or in any manner that would be
contrary to law or detrimental to legitimate and ethical objectives of the organization
a. Integrity
b. Objectivity
c. Confidentiality
d. Competence
16. Code of Ethics: Shall continually improve their proficiency and the effectiveness and quality of their
services
a. Integrity
b. Objectivity
c. Confidentiality
d. Competence

17. Code of Ethics: Shall disclose all material facts known to them that, if not disclosed, may distort the
reporting of activities under review
a. Integrity
b. Objectivity
c. Confidentiality
d. Competence

18. Internal auditors should appraise the economy and efficiency with which the resources are employed
a. Compliance with rules, regulations and contracts
b. Safeguarding of assets
c. Effectiveness and efficiency of operations
d. Reliability and integrity of financial and operational information

19. Financial statements are fairly stated in accord to applicable financial framework
a. Internal audit
b. External audit
c. Social audit
d. Compliance audit

20. Which of the following reporting responsibilities is most likely to threaten the internal audit activity’s
independence? Reporting to the
a. Executive vice president
b. Audit committee
c. Treasurer
d. President
Let’s Check

1. The nature of assurance services provided to the organization must be defined in the internal audit
charter T
2. The internal audit activity must be independent, and internal auditors must be objective in performing
their work. T
3. The chief audit executive must report to a level within the organization that allows the internal audit
activity to fulfill its responsibilities. T
4. The internal audit activity must be free from interference in determining the scope of internal
auditing, performing work, and communicating results. T
5. The chief audit executive must communicate and interact directly with the board. T
6. Internal auditors must have an impartial, unbiased attitude and avoid any conflict of interest. T
7. If independence or objectivity is impaired in fact or appearance, the details of the impairment must be
disclosed to appropriate parties. T
8. Engagements must be performed with proficiency and due professional care. T
9. Internal auditors must possess the knowledge, skills, and other competencies needed to perform their
individual responsibilities. T
10. Internal auditors must apply the care and skill expected of a reasonably prudent and competent
internal auditor. T
11. Internal auditors must enhance their knowledge, skills, and other competencies through continuing
professional development. T
12. The chief audit executive must develop and maintain a quality assurance and improvement program
that covers all aspects of the internal audit activity. T
13. The quality assurance and improvement program must include both internal and external
assessments. T
14. External assessments must be conducted at least once every five years by a qualified, independent
reviewer or review team from outside the organization. T
15. The chief audit executive must communicate the results of the quality assurance and improvement
program to senior management and the board. T
16. When nonconformance with the Definition of Internal Auditing, the Code of Ethics, or the Standards
impacts the overall scope or operation of the internal audit activity, the chief audit executive must
disclose the nonconformance and the impact to senior management and the board. T
17. The chief audit executive must effectively manage the internal audit activity to ensure it adds value
to the organization. T
18. The chief audit executive must establish risk-based plans to determine the priorities of the internal
audit activity, consistent with the organization’s goals T
19. The chief audit executive must communicate the internal audit activity’s plans and resource
requirements, including significant interim changes, to senior management and the board for review and
approval. T
20. The chief audit executive must ensure that internal audit resources are appropriate, sufficient, and
effectively deployed to achieve the approved plan. T
21. The chief audit executive must establish policies and procedures to guide the internal audit activity. T
22. The chief audit executive should share information and coordinate activities with other internal and
external providers of assurance and consulting services to ensure proper coverage and minimize
duplication of efforts. T
23. The chief audit executive must report periodically to senior management and the board on the
internal audit activity’s purpose, authority, responsibility, and performance relative to its plan. T
24. When an external service provider serves as the internal audit activity, the provider must make the
organization aware that the organization has the responsibility for maintaining an effective internal audit
activity. T
25. The internal audit activity must evaluate and contribute to the improvement of governance, risk
management, and control processes using a systematic and disciplined approach. T
26. The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk
management processes. T
27. Internal auditors must develop and document a plan for each engagement, including the
engagement’s objectives, scope, timing, and resource allocations. T
28. Internal auditors must determine appropriate and sufficient resources to achieve engagement
objectives based on an evaluation of the nature and complexity of each engagement, time constraints,
and available resources. T
29. Internal auditors must develop and document work programs that achieve the engagement
objectives. T
30. Internal auditors must identify, analyze, evaluate, and document sufficient information to achieve the
engagement’s objectives. T
31. Internal auditors must identify sufficient, reliable, relevant, and useful information to achieve the
engagement’s objectives. T
32. Engagements must be properly supervised to ensure objectives are achieved, quality is assured, and
staff is developed. T
33. Communications must be accurate, objective, clear, concise, constructive, complete, and timely. T
34. When an overall opinion is issued, it must take into account the expectations of senior management,
the board, and other stakeholders and must be supported by sufficient, reliable, relevant, and useful
information. T
35. The chief audit executive must establish and maintain a system to monitor the disposition of results
communicated to management. T
Let’s Check
Activity 1.
Multiple Choice. Choose the correct answer from the given choices.

1. Which of the following means actions and decisions of the board may be assessed and be given due
measure?
a. Responsibility
b. Accountability
c. Discipline
d. Transparency

2.
Statement 1: Whistleblowing should be made in good faith and only after all relevant internal
processes have been utilized
Statement 2: By incorporating social and environmental data in the annual report, companies add
value to their report and communicate to a wider-range of stakeholders
a. True; True
b. True; False
c. False; True
d. False; False

3. Corporate governance codes and policies have come to be relied on to re-establish the
performance/conformance balance to ensure
a. Integrity, openness and responsibility
b. Integrity, fair play and accountability
c. Integrity, honestly and accountability
d. Integrity, openness and accountability

4. All business activity feeds into the accounting system and the directors report the results back to
their
a. Shareholders
b. Government
c. Public
d. Stakeholders

5. For central government organizations, the responsible person in terms of corporate governance
reporting is
a. Shareholders
b. Government
c. Public Officers
d. Stakeholders

6. Which is the most appropriate statement?

a. The external auditor is expected to display a degree of astonishment when they discover indicators of
fraud and abuse that impact the reliability of the financial accounts
b. The external auditor is expected to display a degree of anxiety and react when they discover indicators
of fraud and abuse that impact the reliability of the financial accounts
c. The external auditor is expected to display cynicism and react when they discover indicators of fraud
and abuse that impact the reliability of the financial accounts
d. The external auditor is expected to display a degree of professional scepticism and react when they
discover indicators of fraud and abuse that impact the reliability of the financial accounts

7. Which of the statements best describes the responsibility of directors?

a. The directors formulate a corporate strategy to achieve set objectives and meet customers’
expectations, and in turn, employ managers and staff to implement this strategy
b. The directors formulate a corporate strategy to achieve set objectives and meet market expectations,
and in turn, employ board of directors to implement this strategy
c. The shareholders formulate a corporate strategy to achieve set objectives and meet market
expectations, and in turn, employ managers and staff to implement this strategy
d. The directors formulate a corporate strategy to achieve set objectives and meet market expectations,
and in turn, employ managers and staff to implement this strategy

8. A principle that suggests that the sum of the whole is greater than the sum of each individual
component
a. Systems thinking
b. Synergy
c. Collaboration
d. Convergence

9. Statement 1: Good staff discipline procedures and clearness of authority are fraud key controls
Statement 2: Lay solid foundations for management and oversight is one of the corporate governance
principles
a. True, True
b. True, False
c. False, True
d. False, False

10. All of the following are performance criteria or measure except

a. Statutory disclosures
b. Objectives
c. Policies
d. Strategies

11. Statement 1: Stakeholders include those who have direct influence on the organization’s future
activities Statement 2: An organization’s main task is to achieve the level of performance that it was
established for and to adhere to all relevant standards, rules, laws, regulations, policies and
expectations
a. True, True
b. True, False
c. False, True
d. False, False

12. Which of the following is not a characteristic of corporate governance?

a. Discipline
b. Transparency
c. Independence
d. Professionalism

13. The Sarbanes Oxley Act of 2002 (SOX) is a legislation passed in the United States of America in
response to increased occurrence of corporate fraud. The following are objectives of this reform
except
a. To restore public confidence in public accounting
b. To reinstate public trust in publicly traded securities
c. To assure ethical practices through heightened levels of executive awareness and accountability
d. To encourage professional service firms to provide appraisal or valuation services to audit client

14. Which of the following is true about the Code of Corporate Governance?
a. It is approved for the purpose of actively promoting corporate governance reforms aimed to raise
public confidence
b. It is applicable to all corporations whose securities are either registered or listed
c. One important provision of the Code is for the Board to ensure that the corporation complies with all
relevant laws, regulations and codes of best practices
d. The Code is approved by the Securities and Exchange Commission in its Resolution No. 135, Series of
2004

15. The Code of Corporate Governance provides that the Board shall constitute Committees in aid of
good governance. The constituted committees include the following except
a. Audit and Compliance Committee
b. Nomination Committee
c. Governance Committee
d. Compensation or Remuneration Committee
Let’s Check

1. ___OPPORTUNITY____. Weak internal controls such as poor separation of duties, lack of supervision,
and poor documentation processes.
2. ____ OPPORTUNITY __. A poor tone at the top
3. ____ OPPORTUNITY ___. Poor (inadequate) accounting policies.
4. ____INCENTIVE___. Bonuses that are based on a financial metric creates pressure for employees to
meet targets
5. ____ INCENTIVE ____. The need to meet or exceed investor and analyst expectation.
6. ____ INCENTIVE _____. Personal incentives such as wanting to earn more money, the need to pay
personal bills, a gambling addiction, etc.
7. ___RATIONALIZATION___. An individual may be spiteful towards their manager or employer and
believe that committing fraud is a way of getting payback.
8. ___ RATIONALIZATION __. A poor tone at the top caused an individual to follow in the footsteps of
those higher in the corporate hierarchy.
9. __ RATIONALIZATION __. An individual may believe that they might lose everything (for example,
losing a job) unless he or she commits fraud.
10. __ RATIONALIZATION __. An individual stole money from the cash vault claiming that the
management has received bigger salaries compared to those employees who have really worked hard
for the company.

1. Statement 1: One of the roles of management to fraud is to have a fraud mitigation strategy to detect
and deter would be fraudsters
Statement 2: One of the roles of internal audit to fraud is to review fraud detection and correction
processes put in place by management
a. True, True
b. True, False
c. False, True
d. False, False

2. All are indicators of fraud except

a. Missing documents
b. Tipp-Ex (erasing fluid)
c. Lavished lifestyle
d. Tip from customer

3. The following are ways to detect fraud except

a. Tip from employees
b. Internal audit
c. Anonymous tip
d. Self-confession
4. In a fraud investigation audit report format, action required in terms of police involvement and
discipline as well as the list of disciplinary charges as well as control requirements or improvements shall
be part of
a. Introduction
b. Investigation
c. Detailed findings
d. Conclusion and recommendations

5. Which does not belong to the group?

a. Unreconciled records
b. Notification from law enforcement
c. Lavished lifestyle
d. Complaints from clients/suppliers

6. Statement 1: Forgery involves unlawful agreement by two or more persons to carry out an unlawful
common purpose or lawful common purpose by unlawful means
Statement 2: Internal audit department reviews fraud prevention and detection processes implemented
by the Board
a. True, True
b. True, False
c. False, True
d. False, False

7. Statement 1: Theft means obtaining property by deception and false accounting

Statement 2: Conspiracy involves unlawful agreement of persons or group of persons to carry out
unlawful common purpose or lawful common purpose by unlawful means
a. True, True
b. True, False
c. False, True
d. False, False

8. Refers to any money, gift or consideration paid or received as an inducement or reward for favour or
request from an authority
a. Bribery
b. Forgery
c. Conspiracy
d. Theft

9. Which of the following is a control procedure that most likely could help prevent employee payroll
fraud?
a. The personnel department promptly sends employee termination notices to the payroll supervisor
b. Total hours used for determination of gross pay are calculated by the payroll Forgery
c. Conspiracy
d. Theft
10. The first line of defense in fraud control is
a. Management and internal control
b. Internal audit
c. Financial controls
d. Compliance

Let’s Check

1. The uncertainty of outcome within a range of exposures arising from a combination of the impact and
probability of potential events is termed
a. contingency
b. risk
c. probability
d. threat

2. Which of the following is not a component of risk management?

a. risk strategy
b. risk management functions
c. governance
d. evaluation technology

3. All of the following are principles to risk management except

a. risk management should be based on the best available information
b. risk management should take into account organizational culture, human factors and behavior
c. risk management should be transparent and inclusive
d. risk management should implicitly address uncertainty

4. Statement 1: Risk management should be part of decision making

Statement 2: Risk management should be outdated and irresponsive to change
a. True; True
b. True; False
c. False; True
d. False; False
5. All of the following is a classification of risk according to Ernst and Young except
a. financial risk
b. strategic risk
c. operational risk
d. information risk

6. Which of the following is not a financial risk?

a. Market
b. Liquidity
c. Tax
d. Mergers, acquisitions and divestitures

7. Which of the following is not a strategic risk?

a. Planning and resource allocation
b. Competitive market dynamics
c. Macro-market dynamics
d. Sales and market

8. Which of the following is not an operational risk?

a. Information Technology
b. Physical assets
c. People
d. Governance

9. Which of the following is not one of the benefits of risk management?

a. More realistic business and project planning
b. Improved loss control
c. Actions implemented in time to be effective.
d. Financial viability

10. Risk management should not be:

a. Reviewed regularly.
b. Dynamic, interactive and responsive to change
c. Exclusive to the needs of one department
d. Part of decision making