Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

ACCOUNTING MISC unit-1. Questions with 100% Correct Answers | Verified | Latest Update 202, Exams of Business Accounting

1: (19) Applicable Guidance 1- According to The IIA’s International Professional Practices Framework, which of the following constitute mandatory guidance for implementing the Standards? A. Development Aids. B. Performance Standards. C. Practice Aids. D. Implementation Guides. Answer (A) is incorrect. Development Aids are not part of the IPPF. Answer (B) is correct. The mandatory guidance portion of the IPPF consists of the Core Principles, Definition of Internal Auditing, the Code of Ethics, Attribute Standards, Performance Standards, and Implementation Standards. Answer (C) is incorrect. Practice Aids are not part of the IPPF Answer (D) is incorrect. Implementation Guides are strongly recommended guidance. 2- The Standards consist of three types of Standards. Which Standards apply to the characteristics of providers of internal auditing services? A. Implementation Standards. B. Performance Standards. C. Independence Standards. D. Attribute Standards. Answer (A) is incorrect. Implemen

Typology: Exams

2023/2024

Available from 01/26/2024

Greatsolutions
Greatsolutions 🇬🇧

171 documents

1 / 71

Toggle sidebar

Related documents


Partial preview of the text

Download ACCOUNTING MISC unit-1. Questions with 100% Correct Answers | Verified | Latest Update 202 and more Exams Business Accounting in PDF only on Docsity! 1: (19) Applicable Guidance 1- According to The IIA’s International Professional Practices Framework, which of the following constitute mandatory guidance for implementing the Standards? A. Development Aids. B. Performance Standards. C. Practice Aids. D. Implementation Guides. Answer (A) is incorrect. Development Aids are not part of the IPPF. Answer (B) is correct. The mandatory guidance portion of the IPPF consists of the Core Principles, Definition of Internal Auditing, the Code of Ethics, Attribute Standards, Performance Standards, and Implementation Standards. Answer (C) is incorrect. Practice Aids are not part of the IPPF Answer (D) is incorrect. Implementation Guides are strongly recommended guidance. 2- The Standards consist of three types of Standards. Which Standards apply to the characteristics of providers of internal auditing services? A. Implementation Standards. B. Performance Standards. C. Independence Standards. D. Attribute Standards. Answer (A) is incorrect. Implementation Standards apply to specific types of engagements. Answer (B) is incorrect. Performance Standards describe the nature of internal auditing and provide quality criteria for evaluation of internal audit performance. Answer (C) is incorrect. The IPPF does not contain Independence Standards Answer (D) is correct. Attribute Standards describe the characteristics of organizations and parties providing internal auditing services. 3- The types of services provided by the internal audit activity can best be described as A. Auditing and consulting. B. Auditing and engagement. C. Assurance and consulting. D. Auditing and assurance. Answer (A) is incorrect. The IIA Glossary defines assurance and consulting, not auditing and consulting, as the types of services provided by the internal audit activity. Answer (B) is incorrect. Engagement is not a type of internal audit service. Answer (C) is correct The internal audit activity provides independent, objective assurance and consulting services designed to add value and improve an organization’s operations (Definition of Internal Auditing). Answer (D) is incorrect. The IIA Glossary defines assurance and consulting, not auditing and assurance, as the types of services provided by the internal audit activity. 4- An internal auditor often faces special problems when performing an engagement at a foreign subsidiary. Which of the following statements is false with respect to the conduct of international engagements? A. The IIA Standards do not apply outside of the United States. B. The internal auditor should determine whether managers are in compliance with local laws. C. It is preferable to have multilingual internal auditors conduct engagements at branches in foreign nations. D. There may be justification for having different organizational policies in force in foreign branches. Answer (A) is correct Pronouncements by The IIA have no geographic limits. Compliance with the concepts in the Standards is essential for the responsibilities of internal auditors to be met, regardless of the national environment. A. Encourage external auditors to make more extensive use of the work of internal auditors. B. Encourage the professionalization of internal auditing. C. Establish the basis for evaluating internal auditing performance. D. Establish the independence of the internal audit activity and emphasize the objectivity of internal auditing. Answer (A) is incorrect. The Standards do not formally encourage external auditors to make more extensive use of the work of internal auditors. Answer (B) is incorrect. The professionalization of internal auditing is important but is not a direct purpose of the Standards. Answer (C) is correct. The IIA provides the following purposes of the Standards: 1. Guide adherence with the mandatory elements of the IPPF. 2. Provide a framework for performing and promoting a broad range of value-added internal audit activities. 3. Establish the basis for evaluating internal auditing performance. 4. Foster improved organizational processes and operations. Answer (D) is incorrect. Independence and objectivity are but two aspects of the practice of internal auditing as it should be. 9- Which of the following activities would be considered an assurance service by the internal auditors? A. The director of inventory control has hired 20 temporary employees for the seasonal business. The director has requested internal audit to provide training on the importance of inventory control procedures. B. The board is in the due diligence phase of a new company acquisition. The CFO has asked for the internal auditor’s opinion of the new company’s debt structure. C. Internal auditing has agreed to work with the warehouse manager in examining organizational performance for the purpose of promoting change. D. The employee turnover in the tax department has been exceptionally high this year. The tax director has requested internal audit’s assistance in preparing property tax returns. Answer (A) is incorrect. Training would be considered a consulting service. The purpose of the internal audit activity is to provide “independent, objective assurance and consulting services.” Consulting services include providing counsel, advice, facilitation, and training. Answer (B) is correct. Assurance services involve the internal auditor’s objective assessment of evidence to provide opinions or conclusions regarding an entity, operation, function, process, system, or other subject matter. Generally, three parties are participants in assurance services: (1) the process owner (the new company), (2) the internal auditor, and (3) the user or group using the assessment (the board). Answer (C) is incorrect. According to The IIA, facilitation services are consulting engagements in which the “auditor guides management in identifying organizational strengths and opportunities for improvement.” Working with the warehouse manager to examine organizational performance for the purpose of promoting change would be considered a facilitation service. Answer (D) is incorrect. Bookkeeping, accounting, and tax services would not be considered assurance services. Assurance services provide an objective examination of evidence for the purpose of providing an independent assessment. 10- Support from which persons or combination of persons listed below is most important to the success of the internal audit activity? A. The chief executive officer and chief financial officer. B. Management and the board. C. The audit committee. D. The chief executive officer. Answer (A) is incorrect. The support of management and the board is crucial when inevitable conflicts arise between the internal audit activity and the department or function under review. Answer (B) is correct. The support of management and the board is crucial when inevitable conflicts arise between the internal audit activity and the department or function under review. Answer (C) is incorrect. The support of management and the board is crucial when inevitable conflicts arise between the internal audit activity and the department or function under review. Answer (D) is incorrect. The support of management and the board is crucial when inevitable conflicts arise between the internal audit activity and the department or function under review. 11- The purpose of the internal audit activity can be best described as A. Expressing an opinion on the adequate design and functioning of the system of internal control. B. Providing additional assurance regarding fair presentation of financial statements. C. Assuring the absence of any fraud that would materially affect the financial statements. D. Adding value to the organization. Answer (A) is incorrect. Assessing internal control is one of many tasks of the internal audit activity, but it is not its primary purpose. Answer (B) is incorrect. Assisting the external auditors in their audit of the financial statements is one of many possible tasks of the internal audit activity, but it is not its primary purpose. Answer (C) is incorrect. Detecting fraud is one of many possible tasks of the internal audit activity, but it is not its primary purpose. Answer (D) is correct. Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations (Definition of Internal Auditing). 12- Which Standards expand upon the other categories of Standards? A. All of the choices are correct. B. Attribute Standards. C. Implementation Standards. D. Performance Standards. Answer (A) is incorrect. Only Implementation Standards expand upon the standards in other categories. Answer (B) is incorrect. Attribute Standards apply to all internal audit services. Answer (C) is correct. Implementation Standards expand upon the Attribute and Performance Standards. They provide requirements applicable to assurance or consulting engagements. Answer (D) is incorrect. Performance Standards apply to all internal audit services. 13- The internal audit activity’s scope of responsibilities includes A. Evaluating risk. B. Controlling risk. are present and operating effectively. The Core Principles for the Professional Practice of Internal Auditing are: “(1) demonstrates integrity, (2) demonstrates competence and due professional care, (3) is objective and free from undue influence (independent), (4) aligns with the strategies, objectives, and risks of the organization, (5) is appropriately positioned and adequately resourced, (6) demonstrates quality and continuous improvement, (7) communicates effectively, (8) provides risk-based assurance, (9) is insightful, proactive, and future-focused, and (10) promotes organizational improvement.” Answer (B) is incorrect. “Aligns with the strategies, objectives, and risks of the organization” is one of the core principles for the professional practice of internal auditing. According to the Definition of Internal Auditing, internal auditing is designed to “help an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate the effectiveness” of the organization’s processes. Answer (C) is incorrect. “Is objective and free from undue influence (independent)” is one of the core principles for the professional practice of internal auditing. The Definition of Internal Auditing states “internal auditing is an independent, objective assurance and consulting activity.” Answer (D) is incorrect. “Demonstrates quality and continuous improvement” is one of the core principles for the professional practice of internal auditing. As defined in the Definition of Internal Auditing, internal auditing is “designed to add value and to improve an organization’s operations.” 17- When the internal audit activity performs an assurance engagement, how many parties are involved A. Three. B. One. C. Two. D. The entire organization. Answer (A) is correct. Three parties are involved in an assurance engagement. They are the process owner (the party directly involved with the process or system), the internal auditor (the assessor), and the user of the assessment. For an assurance service, the internal audit activity determines the nature and scope of the engagement and objectively assesses the evidence gathered. The evidence and its evaluation form the basis for expressing an opinion or stating a conclusion about the subject matter of the engagement. Answer (B) is incorrect. Any type of engagement performed by the internal audit activity has more than one party involved. Answer (C) is incorrect. Consulting engagements ordinarily are provided at the client’s request. The nature and scope of this advisory service are agreed upon with the client. The two parties to a consulting service are the internal auditor (the advisor) and the client (the advisee). Answer (D) is incorrect. Only a certain number of parties, not the entire organization, are involved in an internal audit assurance engagement. 18- The proper organizational role of internal auditing is to A. Perform studies to assist in the attainment of more efficient operations. B. Assist the external auditor to reduce external audit fees. C. Serve as the investigative arm of the board. D. Serve as an independent, objective assurance and consulting activity that adds value to operations. Answer (A) is incorrect. The primary role of internal auditing includes, but is not limited to, assessing the efficiency of operations. Answer (B) is incorrect. Reducing external audit fees may be a direct result of internal audit work, but it is not a reason for staffing an internal audit activity. Answer (C) is incorrect. Internal auditors serve management as well as the board. Answer (D) is correct. The Definition of Internal Auditing states, in part, “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.” 19- The purposes of the Standards include all of the following except A. Guiding the ethical conduct of internal auditors. B. Establishing the basis for the measurement of internal audit performance. C. Guiding adherence to the mandatory elements of the IPPF. D. Fostering improved organizational processes and operations. Answer (A) is correct. Guiding the ethical conduct of internal auditors is the purpose of the Code of Ethics, not the Standards. Answer (B) is incorrect. Establishing the basis for the evaluation of internal audit performance is a stated purpose of the Standards. Answer (C) is incorrect. Guiding adherence to the mandatory elements of the IPPF is a stated purpose of the Standards. Answer (D) is incorrect. Fostering improved organizational processes and operations is a stated purpose of the Standards. 2: (10) Codes of Ethical Conduct for Professionals 1- The degree of voluntary compliance with an organization’s adopted code of ethics is a measure of the A. Organization’s ethical culture. B. Cohesion and professionalism of an organization. C. Standards of competence of all members. D. Integrity of the organization’s professionals. Answer (A) is incorrect. The primary purpose of a code of ethical conduct for a professional organization is to promote an ethical culture among professionals who serve others. The purpose of the code is not to measure of the degree of voluntary compliance. Answer (B) is correct. The mere existence of a code of ethical conduct does not ensure that ethical principles are followed or that those outside the organization will believe it is trustworthy. A measure of the cohesion and professionalism of an organization is the degree of voluntary compliance with its adopted code of ethics. Answer (C) is incorrect. A code of ethics or ethical conduct can help establish minimum standards of competence; however, it is not a measurement of voluntary compliance with an organization’s adopted code. Answer (D) is incorrect. Integrity is a core principle of The IIA’s Code of Ethics. Integrity establishes trust and provides the basis for reliance on an internal auditor’s judgment. Integrity does not measure the degree of an organization’s voluntary compliance with the adopted code. 2- The best reason for establishing a code of conduct within an organization is that such codes A. Express standards of individual behavior for members of the organization. B. Have tremendous public relations potential. C. Provide a quantifiable basis for personnel evaluations. D. Are typically required by governments. 1. A exhibits a higher standard of ethical behavior than does B. 2. A has established objective criteria by which an individual’s actions can be evaluated. 3. The absence of a formal code of ethics in B would prevent a successful review of ethical behavior in that organization. A. 2 only. B. 1 and 2. C. 2 and 3. D. 3 only. Answer (A) is correct. A formal code of ethics effectively (1) communicates acceptable values to all members, (2) provides a method of policing and disciplining members for violations, (3) establishes objective standards against which individuals can measure their own performance, and (4) communicates the organization’s value system to outsiders. Answer (B) is incorrect. The mere existence of A’s code of ethics does not ensure that its principles are followed. Answer (C) is incorrect. The existence of a code of ethics does establish objective criteria by which individual actions can be evaluated. However, the absence of a formal code of ethics does not preclude a successful review of ethical behavior in an organization. Policies and procedures may provide the criteria for such an engagement. Answer (D) is incorrect. The absence of a formal code of ethics does not preclude a successful review of ethical behavior in an organization. Policies and procedures may provide the criteria for such an engagement. 7- A primary purpose of establishing a code of conduct within a professional organization is to A. Promote an ethical culture among professionals who serve others. B. Reduce the likelihood that members of the profession will be sued for substandard work. C. Ensure that all members of the profession perform at approximately the same level of competence. D. Require members of the profession to exhibit loyalty in all matters pertaining to the affairs of their organization. Answer (A) is correct. The purpose of The IIA’s Code of Ethics is “to promote an ethical culture in the profession of internal auditing” (Introduction). Answer (B) is incorrect. Although this result may follow from establishing a code of conduct, it is not the primary purpose. To consider it so would be self-serving. Answer (C) is incorrect. A code of conduct can help to establish minimum standards of competence, but it is impossible to ensure equality of competence by all members of a profession. Answer (D) is incorrect. In some situations, responsibility to the public at large may conflict with and be more important than loyalty to one’s organization. 8- A review of an organization’s code of conduct revealed that it contained comprehensive guidelines designed to inspire high levels of ethical behavior. The review also revealed that employees were knowledgeable of its provisions. However, some employees still did not comply with the code. What element should a code of conduct contain to enhance its effectiveness? A. Employee involvement in its development. B. Provisions for disciplinary action in the event of violations. C. Periodic review and acknowledgment by all employees. D. Public knowledge of its contents and purpose. Answer (A) is incorrect. Employee involvement in development would encourage employee acceptance, which is not at issue. Answer (B) is correct. Penalties for violations of a code of conduct should enhance its effectiveness. Some individuals will be deterred from misconduct if they expect it to be detected and punished. Answer (C) is incorrect. Periodic review and acknowledgment would ensure employee knowledge and acceptance of the code, which are not at issue. Answer (D) is incorrect. Public knowledge might affect the behavior of some individuals, but not to the same extent as the perceived likelihood of sanctions for wrongdoing. 9- A formal code of ethics should do all of the following except A. Reflect only legal standards of conduct for individuals and the organization. B. Effectively communicate acceptable values to all members. C. Communicate the organization’s value system to outsiders. D. Provide a method of policing and disciplining members of the organization for violations. Answer (A) is correct. An ethical organization aspires to a higher standard of behavior than mere legality. Answer (B) is incorrect. A code of ethics should effectively communicate acceptable values to all organization members. Answer (C) is incorrect. A code of ethics should communicate the organization’s value system to those outside the organization. Answer (D) is incorrect. A code of ethics should indeed provide a method of policing and disciplining members for violations. 10- Objectivity is an ethical requirement for all persons engaged in the professional practice of internal auditing. One aspect of objectivity requires A. Performance of professional duties in accordance with relevant laws. B. Maintenance of an appropriate level of professional expertise. C. Avoidance of conflict of interest. D. Refraining from using confidential information for unethical or illegal advantage. Answer (A) is incorrect. Observing the law is a component of integrity. Answer (B) is incorrect. Maintenance of an appropriate level of professional expertise is an aspect of competency Answer (C) is correct. Commitment to independence from conflicts of economic or professional interest is an aspect of objectivity. Answer (D) is incorrect. Not using confidential information for unethical or illegal advantage is an aspect of confidentiality. 3: (10) Internal Audit Ethics -- Introduction and Principles 1- The IIA’s Code of Ethics extends beyond the Definition of Internal Auditing to include two essential components. Which item below is one of these components? A. Principles that are relevant to the profession and practice of internal auditing. B. Activities that provide the organization with assurance and consulting services. C. Provision of quality criteria for evaluating the internal audit function’s performance. D. Government of the responsibilities, attitudes, and actions of the organization’s internal audit activity. Answer (A) is correct. The IIA’s Code of Ethics includes two essential components: (1) Principles that are relevant to the profession and practice of internal auditing and (2) Rules of Conduct that describe behavior norms expected of internal auditors. A code of ethics is necessary and appropriate for the profession of internal auditing. 5- An internal auditor who encounters an ethical dilemma not explicitly addressed by The IIA’s Code of Ethics should always A. Act consistently with the employing organization’s code of ethics even if such action would not be consistent with The IIA’s Code of Ethics. B. Seek counsel from an independent attorney to determine the personal consequences of potential actions. C. Take action consistent with the principles embodied in The IIA’s Code of Ethics. D. Seek the counsel of the audit committee before deciding on an action. Answer (A) is incorrect. If the organization’s standards are not consistent with, or as high as, the profession’s standards, the internal auditor should abide by the latter. Answer (B) is incorrect. The auditor must act consistently with the spirit of The IIA’s Code of Ethics. It is not practical to seek the advice of legal counsel for all ethical decisions. Moreover, unethical behavior may not be illegal. Answer (C) is correct. The IIA’s Code of Ethics is based on principles relevant to the profession and practice of internal auditing that internal auditors are expected to apply and uphold: integrity, objectivity, confidentiality, and competency. Furthermore, the Code states that particular conduct may be unacceptable or discreditable even if it is not mentioned in the Rules of Conduct. Answer (D) is incorrect. It is not feasible to seek the audit committee’s advice for all potential dilemmas. Furthermore, the advice might not be consistent with the profession’s standards. 6- Today’s internal auditor will often encounter a wide range of potential ethical dilemmas, not all of which are explicitly addressed by The IIA’s Code of Ethics. If the internal auditor encounters such a dilemma, the internal auditor should always A. Apply and uphold the principles embodied in The IIA’s Code of Ethics. B. Seek the counsel of the board before deciding on an action. C. Seek counsel from an independent attorney to determine the personal consequences of potential actions. D. Act consistently with the code of ethics adopted by the organization even if such action is not consistent with The IIA’s Code of Ethics. Answer (A) is correct. The Code includes Principles (integrity, objectivity, confidentiality, and competency) relevant to the profession and practice of internal auditing and Rules of Conduct that describe behavioral norms for internal auditors and that interpret the Principles. Internal auditors are expected to apply and uphold the Principles. Furthermore, that a particular conduct is not mentioned in the Rules does not prevent it from being unacceptable or discreditable. Answer (B) is incorrect. Seeking the advice of the board on all ethical decisions is impracticable. Furthermore, the advice might not be consistent with the profession’s standards. Answer (C) is incorrect. Seeking the advice of legal counsel on all ethical decisions is impracticable. Answer (D) is incorrect. If the organization’s standards are not consistent with, or as high as, the profession’s standards, the internal auditor is held to the standards of the profession. 7- The Rules of Conduct in The IIA’s Code of Ethics are A. Intended to guide the ethical conduct of internal auditors. B. Used to approve decisions regarding the appointment and removal of the chief audit executive (CAE). C. Organized based on the principles of integrity, authority, capability, and objectivity. D. Used to measure compliance with The IIA’s Core Principles. Answer (A) is correct. The Rules of Conduct are an essential component of The IIA’s Code of Ethics. There are Rules of Conduct for each of the core principles of integrity, objectivity, confidentiality, and competency. The rules describe behavior expected of internal auditors. “These rules are an aid to interpreting the Principles into practical applications and are intended to guide the ethical conduct of internal auditors.” Answer (B) is incorrect. The board of directors approves decisions regarding the appointment and removal of the CAE. The CAE is responsible for effectively managing the internal audit activity in accordance with the internal audit charter and the mandatory elements of the International Professional Practices Framework. Answer (C) is incorrect. The Rules of Conduct are organized based on the core principles of integrity, objectivity, confidentiality, and competency. Authority and capability are not elements of the core principles of The IIA’s Code of Ethics. Answer (D) is incorrect. The Rules of Conduct are an essential component of The IIA’s Code of Ethics, but they are not used to measure compliance with The IIA’s Core Principles. 8- An internal auditor was reviewing filed payroll tax reports with payroll records. Two months later, the auditor shared salaries of certain employees with the organization’s Logistics Manager. Which core principle of The IIA’s Code of Ethics was violated? A. Competency. B. Objectivity. C. Confidentiality. D. Authority. Answer (A) is incorrect. The principle of competency requires internal auditors to apply the knowledge, skills, and experience needed in the performance of internal audit services. Confidential information is not included under the principle of competency. Answer (B) is incorrect. The principle of objectivity states that internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. It does not address disclosure of confidential information. Answer (C) is correct. According to the confidentiality principle of The IIA’s Code of Ethics, “Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.” Rule of Conduct 3.1 further states, “Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties.” The auditor violated the principle of confidentiality by disclosing employees’ salaries to a co-worker. Answer (D) is incorrect. Authority is defined as the right to govern or rule. Authority is not one of the core principles of The IIA’s Code of Ethics. 9- According to The IIA’s Code of Ethics, which of the following principles is relevant to the establishment of trust? A. Confidentiality. B. Objectivity. C. Competency. D. Integrity. Answer (A) is incorrect. The principle of confidentiality states that internal auditors do not disclose information without appropriate authority. It does not include the establishment of trust. Answer (B) is incorrect. The principle of objectivity states that internal auditors are not unduly influenced by their own interests or by others in forming judgments. It does not include the establishment of trust. Answer (C) is incorrect. The principle of competency states that internal auditors apply the knowledge, skills, and experience needed in the performance of internal audit services. It does not include the establishment of trust. A. A first-year internal auditor was having difficulty completing assignments on time. The employee’s supervisor arranged for the employee to have more training. Additionally, the supervisor developed a more structured work schedule with intermediary deadlines for the employee. B. The director of internal auditing is quick to take responsibility for the department when his team fails to perform. The director also is quick to recognize and praise his team when the job is done well. C. The internal audit manager is required to file work performance reports every morning. The manager continually comes in late and leaves work early. One of the manager’s direct reports stays late every night to complete the performance reports on behalf of the manager. D. An employee, hired to work full-time, has had to reduce work hours to help care for her elderly mother. The employee has kept her supervisor and human resources informed, is productive when in the office, and always punches out when not at work. Answer (A) is incorrect. The supervisor, recognizing the employee’s shortcomings, adapted their management style and is setting the employee up for success. Neither the supervisor nor the employee has violated the principle of integrity. Answer (B) is incorrect. The director understands the importance of teamwork and has not violated the principle of integrity. Answer (C) is correct. The IIA’s Rule of Conduct integrity principle states, “Internal auditors (1.1) shall perform their work with honesty, diligence, and responsibility, and (1.4) shall respect and contribute to the legitimate and ethical objectives of the organization.” The internal audit manager is not taking responsibility for the position or respecting the employee who is having to carry the workload. The manager has violated the principle of integrity. Answer (D) is incorrect. The employee has exhibited professionalism and has not violated the principle of integrity. 4- An auditor who shall observe the law and make disclosures expected by the law is following the IIA’s Code of Ethics Core Principle of A. Integrity. B. Responsibility. C. Competency. D. Objectivity. Answer (A) is correct. The integrity of internal auditors establishes trust and thus provides the basis for reliance on their judgment. Rule of Conduct 1.2 under the integrity principle states, “Internal auditors shall observe the law and make disclosures expected by the law and the profession.” Additionally, Rule of Conduct 1.3 states, “Internal auditors shall not knowingly be a party to any illegal activity or engage in acts that are discreditable to the profession of internal auditing or to the organization.” Answer (B) is incorrect. Responsibility is not a core principle of the IIA’s Code of Ethics. Answer (C) is incorrect. Competency is a core principle of The IIA’s Code of Ethics. Competency refers to the knowledge, skills, and experience needed by the internal auditor in the performance of internal audit services. Answer (D) is incorrect. Objectivity is a core principle of The IIA’s Code of Ethics; however, objectivity relates to the internal auditor’s commitment to make a balanced assessment of all the relevant circumstances and not be unduly influenced by self-interest or others in forming judgment. Objectivity does not include observation of laws and required disclosures expected by the law. 5- According to The IIA Code of Ethics, the principle of integrity requires internal auditors to do which of the following? A. Respect and contribute to the legitimate and ethical objectives of the organization. B. Be prudent in the use and protection of the information acquired in the course of their duties. C. Continually improve their proficiency, effectiveness, and quality of services. D. Not accept anything that may impair or be presumed to impair their professional judgment. Answer (A) is correct. Rule of Conduct 1.4 under the integrity principle states, “Internal auditors shall respect and contribute to the legitimate and ethical objectives of the organization.” Answer (B) is incorrect. Rule of Conduct 3.1 under the confidentiality principle states, “Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties.” Answer (C) is incorrect. Rule of Conduct 4.3 under the competency principle states, “Internal auditors shall continually improve their proficiency and the effectiveness and quality of their services.” Answer (D) is incorrect. Rule of Conduct 2.2 under the objectivity principle states, “Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment.” 6- Which of the following is permissible under The IIA’s Code of Ethics? A. An auditor did not report significant observations about illegal activity to the board because management indicated that it would resolve the issue. B. An auditor used audit-related information in a decision to buy stock issued by the employer corporation. C. In response to a subpoena, an auditor appeared in a court of law and disclosed confidential, audit-related information that could potentially damage the auditor’s organization. D. After praising an employee in a recent audit engagement communication, an auditor accepted a gift from the employee. Answer (A) is incorrect. Rule of Conduct 1.3 prohibits auditors from knowingly being a party to any illegal or improper activity. Significant observations of illegal activity should be reported to the board. Answer (B) is incorrect. Rule of Conduct 3.2 prohibits auditors from using audit information for personal gain. Answer (C) is correct. Rule of Conduct 1.2 under the integrity principle states, “Internal auditors shall observe the law and make disclosures expected by the law and the profession.” Thus, auditors must comply with subpoenas. Answer (D) is incorrect. Rule of Conduct 2.2 prohibits an auditor from accepting anything that might be presumed to impair the auditor’s professional judgment. 7- The IIA’s Code of Ethics requires internal auditors to perform their work with A. Punctuality, objectivity, and responsibility. B. Knowledge, skills, and competencies. C. Honesty, diligence, and responsibility. D. Timeliness, sobriety, and clarity. Answer (A) is incorrect. Punctuality is not mentioned in the Code. Answer (B) is incorrect. Knowledge, skills, and competencies are mentioned in the Standards. Answer (C) is correct. Rule of Conduct 1.1 under the integrity principle states, “Internal auditors shall perform their work with honesty, diligence, and responsibility.” Answer (D) is incorrect. Timeliness, sobriety, and clarity are not mentioned in the Code. 8- The Rule of Conduct requirement for internal auditors to “perform their work with honesty, diligence, and responsibility” falls under which core principle of The IIA’s Code of Ethics? A. Confidentiality. B. Integrity. Answer (A) is incorrect. Engaging in a public service separate from the interests and activities of the organization is unlikely to impair professional judgment. Answer (B) is incorrect. Teaching an evening tax seminar is unlikely to impair the internal auditor’s professional judgment. Answer (C) is incorrect. Writing a tax guide for sale to the general public is unlikely to impair the internal auditor’s professional judgment. Answer (D) is correct. Rule of Conduct 2.2 under the objectivity principle states, “Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment.” Preparing a personal tax return for a division manager for a fee falls under this prohibition. 3- During an engagement performed at a manufacturing division of a defense contractor, the internal auditor discovered that the organization apparently was inappropriately adding costs to a cost- plus governmental contract. The internal auditor discussed the matter with senior management, who suggested that the internal auditor seek an opinion from legal counsel. Upon review, legal counsel indicated that the practice was questionable but was not technically in violation of the government contract. Based on legal counsel’s decision, the internal auditor decided to omit any discussion of the practice in the final engagement communication sent to senior management and the board. However, the internal auditor did informally communicate legal counsel’s decision to senior management. Did the internal auditor violate The IIA’s Code of Ethics? A. Yes. Internal legal counsel’s opinion is not sufficient. The internal auditor should have sought advice from outside legal counsel. B. Yes. It is a violation because all important information, even if resolved, should be reported to the board. C. No. If a fraud is suspected, it should be resolved at the divisional level where it is taking place. D. No. The internal auditor followed up the matter with appropriate personnel within the organization and reached a conclusion that no fraud was involved. Answer (A) is incorrect. The internal auditor has gathered sufficient information. Internal legal counsel’s opinion appears to be sufficient. Answer (B) is incorrect. The internal auditor did not deliberately withhold important information. Answer (C) is incorrect. Material fraud, if suspected, should be brought to the attention of management. However, in this case, the internal auditor gathered sufficient information to dispel the suspicion of fraud. Answer (D) is correct. Although an argument can be made that the internal auditor should report the matter to the board and senior management, there is no indication that the internal auditor is deliberately withholding material facts that, if not disclosed, may distort reports of activities under review (Rule of Conduct 2.3). Hence, no violation of the Code occurred. 4- A CIA is working in a non-internal-auditing position as the director of purchasing. The CIA signed a contract to procure a large order from the supplier with the best price, quality, and performance. Shortly after signing the contract, the supplier presented the CIA with a gift of significant monetary value. Which of the following statements regarding the acceptance of the gift is true? A. Acceptance of the gift violates The IIA’s Code of Ethics and is prohibited for a CIA. B. Because the contract was signed before the gift was offered, acceptance of the gift does not violate either The IIA’s Code of Ethics or the organization’s code of conduct. C. Acceptance of the gift is prohibited only if it is not customary. D. Because the CIA is no longer acting as an internal auditor, acceptance of the gift is governed only by the organization’s code of conduct. Answer (A) is correct. Members of The Institute of Internal Auditors and recipients of, or candidates for, IIA professional certifications are subject to disciplinary action for breaches of The IIA’s Code of Ethics. Rule of Conduct 2.2 under the objectivity principle states, “Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment.” Answer (B) is incorrect. The timing of signing the contract is irrelevant. Answer (C) is incorrect. Acceptance of the gift could easily be presumed to have impaired the CIA’s professional judgment. Answer (D) is incorrect. The CIA is still governed by The IIA’s code of conduct. 5- During the course of an engagement, an internal auditor discovered that a research and development employee has been patenting new developments that are unrelated to the basic business of the organization. The organization does not have a specific policy addressing patents on developments that are not related to its basic business, but it has a general policy that all important new discoveries by employees are the property of the organization. The employee is considered one of the most prestigious in the field. The employee’s actions have been condoned by local management as an extra incentive to keep the employee at the lab. A decision not to report the employee’s action is A. Both a violation of The IIA’s Code of Ethics AND a violation of the reporting requirements in the Standards. B. A violation of the reporting requirements in the Standards. C. A violation of The IIA’s Code of Ethics. D. Justified because divisional management is aware of the practice, and it is not in violation of organizational policies. Answer (A) is correct. Under the Standards, internal auditors should communicate engagement results. Rule of Conduct 4.2 states, “Internal auditors shall perform internal auditing services in accordance with the International Standards for the Professional Practice of Internal Auditing.” Rule of Conduct 2.3 under the objectivity principle states, “Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.” Hence, the failure to report violates The IIA’s Code of Ethics and the Standards. Answer (B) is incorrect. Failing to report the violation of organizational policy is contrary to the Standards. Answer (C) is incorrect. Failing to report the violation of organizational policy is contrary to The IIA’s Code of Ethics. Answer (D) is incorrect. The employee’s patenting of new developments violates the general policy that all important new discoveries are the property of the organization. Furthermore, if the practice is an alternative way to provide benefits to an employee, it may violate employee compensation rules. It may also need to be reported to various taxing authorities. 6- Which of the following actions could be construed as a violation of The IIA’s Code of Ethics? A. Including an internal control problem in a final engagement communication when it has been corrected prior to completion of the engagement. B. Turning a case over to the security department when an internal auditor suspects fraud but has no proof. C. Expressing an opinion on internal financial statements. D. Failing to report to management information that would be material to management’s judgment. Answer (A) is incorrect. Such reporting is routine. Answer (B) is incorrect. Turning a case over to the security department is acceptable if the internal auditor is careful not to state any final conclusions that are not supported by factual information. Answer (C) is incorrect. Expressing an opinion on internal financial statements is acceptable since it is for internal use only. Answer (D) is correct. Rule of Conduct 2.3 under the objectivity principle states, “Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.” 7- In their reporting, internal auditors are required by The IIA’s Code of Ethics to A. Disclose all material information obtained by the auditor as of the date of the final engagement communication. B. Disclose material facts known to the internal auditor that could distort the final engagement communication if not revealed. C. Obtain factual information within the established time and budget parameters. D. Present sufficient factual information without revealing confidential matters that could be detrimental to the organization. Answer (A) is incorrect. The Code does not address disclosure this specifically. Answer (B) is correct. Rule of Conduct 2.3 under the objectivity principle states, “Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.” Answer (C) is incorrect. Serving on the board of the local bank may also be in conflict with the best interests of the auditor’s employer. Answer (D) is incorrect. Serving on the board of the local bank creates a conflict of interest and may prejudice the internal auditor’s ability to perform his or her duties. 11- Which core principle of The IIA’s Code of Ethics do the following actions violate?  The internal auditor assumes operational duties on a temporary basis.  The internal auditor performs an audit in a department managed by the auditor’s father.  The internal auditor managed the department being audited 6 months prior to the audit.  The internal auditor receives a bonus based on the number of observations generated during an audit. A. Objectivity. B. Integrity. C. Competency. D. Independence. Answer (A) is correct. According to The IIA’s Code of Ethics, “Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interest or by others in forming judgments.” The auditor should not participate in any activity or relationship that may impair or appear to impair an unbiased assessment. Assuming management responsibilities and auditing an area in which the auditor had such responsibilities within 1 year violate the objectivity principle. Performing an audit in a department managed by a family member also violates this principle because of an actual or implied conflict of interest. Accepting a bonus based on work accomplished during an audit also may impair or be presumed to impair the auditor’s objectivity. Answer (B) is incorrect. Integrity relates to the auditor’s adherence to applicable laws and the organization’s ethical values. It is the basis for reliance on the auditor’s judgments. Answer (C) is incorrect. Competency pertains to the auditor’s knowledge, skills, and experience in performing internal audit work. Answer (D) is incorrect. Independence is not one of the core principles of The IIA Code of Ethics. 12- During an engagement, an employee with whom you have developed a good working relationship informs you that she has some information about senior management that is damaging to the organization and may concern illegal activities. The employee does not want her name associated with the release of the information. Which of the following actions is considered to be unethical? A. Assure the employee that you can maintain her anonymity and listen to the information. B. Inform the employee that you will attempt to keep the source of the information confidential and will look into the matter further. C. Inform the employee of other methods of communicating this type of information. D. Suggest that the employee consider talking to legal counsel. Answer (A) is correct. An internal auditor cannot assure anonymity. Information communicated to an internal auditor is not deemed to be privileged. Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review (Rule of Conduct 2.3). Answer (B) is incorrect. Promising merely to attempt to keep the source of the information confidential is allowable. This promise is not a guarantee of confidentiality. Answer (C) is incorrect. The employee could be directed to other methods of communicating the information in order to maintain her anonymity. Answer (D) is incorrect. Suggesting that the person seek expert legal advice from a qualified individual is appropriate. 13- An internal auditor, nearly finished with an engagement, discovers that the director of marketing has a gambling habit. The gambling issue is not directly related to the existing engagement, and the internal auditor is under pressure to complete it quickly. The internal auditor notes the problem and passes the information on to the chief audit executive but does no further follow-up. The internal auditor’s actions A. Are not in violation of either The IIA’s Code of Ethics or the Standards. B. Are in violation of The IIA’s Code of Ethics for withholding meaningful information and are in violation of the Standards because the internal auditor did not properly follow up on a red flag that might indicate the existence of fraud. C. Are in violation of The IIA’s Code of Ethics for withholding meaningful information. D. Are in violation of the Standards because the internal auditor did not properly follow up on a red flag that might indicate the existence of fraud. Answer (A) is correct. The IIA’s Code of Ethics and the Standards were not violated. The internal auditor did not withhold information and properly followed up upon learning of the information. Answer (B) is incorrect. The internal auditor did not withhold information but properly followed up upon learning of the information. Answer (C) is incorrect. The internal auditor did not withhold information but properly followed up upon learning of the information. Answer (D) is incorrect. The internal auditor did not withhold information but properly followed up upon learning of the information. 14- An internal auditor has been assigned to an engagement to evaluate a possible acquisition. Coincidentally, a significant portion of this internal auditor’s personal investment portfolio is composed of the target organization’s stock. What is the internal auditor’s preferable course of action in this situation based on The IIA’s Code of Ethics? A. Proceed with the audit because the investment is insignificant relative to the whole of the target company’s stock. B. Proceed with the audit because the personal investments are not an issue. C. Acquaint the chief audit executive with the situation and offer assurance that it will have no impact on objectivity. D. Acquaint the chief audit executive with the situation and ask to be assigned to another audit. Answer (A) is incorrect. The investment is significant to the internal auditor. Answer (B) is incorrect. The internal auditor might be deemed to have a personal stake in the results of the engagement. Answer (C) is incorrect. The appearance as well as the reality of loss of independence must be considered. Answer (D) is correct. Rule of Conduct 2.1 under the objectivity principle states, “Internal auditors shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization.” In these circumstances, the internal auditor lacks the appearance of objectivity because the outcome of the engagement could directly affect the acquisition decision and the price of the stock. The use of the information also would be a violation of the Code and possibly of insider trading rules as well. Rule of Conduct 3.2 under the confidentiality principle states, “Internal auditors shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.” 15- Which of the following situations is a violation of The IIA’s Code of Ethics A. An internal auditor shared techniques with internal auditors from another organization. B. Knowing that management was aware of the situation, an internal auditor purposely left a description of an unlawful practice out of the final engagement communication. C. Based upon knowledge of the probable success of the employer’s business, an internal auditor invested in a mutual fund that specialized in the same industry. D. An internal auditor, with the knowledge and consent of management, accepted a token gift from a customer of the organization that was not presumed to impair and did not impair judgment. Answer (A) is incorrect. Rule of Conduct 4.3 under the competency principle states, “Internal auditors shall continually improve their proficiency and the effectiveness and quality of their services.” A. Ask the comptroller whether accepting the invitation is a violation of the organization’s code of ethics. B. Accept as long as it is not charged to employer time. C. Accept, assuming both their schedules allow it. D. Refuse on the grounds of conflict of interest. Answer (A) is incorrect. The auditor should know that accepting the invitation raises conflict of interest issues. Answer (B) is incorrect. Not charging the time to the company is not sufficient to eliminate conflict-of-interest concerns. Answer (C) is incorrect. The auditor should not accept. Answer (D) is correct. Rule of Conduct 2.1 under the objectivity principle states, “Internal auditors shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organization.” Furthermore, under Rule of Conduct 2.2, “Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment.” 20- An internal auditor has uncovered facts that could be interpreted as indicating unlawful activity on the part of an engagement client. The internal auditor decides not to inform senior management and the board of these facts because of lack of proof. The internal auditor, however, decides that, if questions are raised regarding the omitted facts, they will be answered fully and truthfully. In taking this action, the internal auditor A. Has violated The IIA’s Code of Ethics because unlawful acts should have been reported to the appropriate regulatory agency to avoid potential “aiding and abetting” by the internal auditor. B. Has not violated The IIA’s Code of Ethics or the Standards because the internal auditor is committed to answering all questions fully and truthfully. C. Has violated the Standards because the internal auditor should inform the appropriate authorities in the organization if fraud may be indicated. D. Has not violated The IIA’s Code of Ethics or the Standards because confidentiality takes precedence over all other standards. Answer (A) is incorrect. The possibility of unlawful activities should be reported to the appropriate personnel within the organization. Answer (B) is incorrect. The internal auditor has an affirmative duty to report the results of his or her work. Answer (C) is correct. The internal auditor should inform the appropriate authorities in the organization if the indicators of the commission of a fraud are sufficient to recommend an investigation. Thus, the internal auditor has a duty to act even though the available facts do not prove that an irregularity has occurred. Moreover, Rule of Conduct 2.3 states, “Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.” Answer (D) is incorrect. Reporting a possible irregularity to the appropriate organizational authorities is not a breach of the duty of confidentiality owed to the organization. 21- In a review of travel and entertainment expenses, a certified internal auditor questioned the business purposes of an officer’s reimbursed travel expenses. The officer promised to compensate for the questioned amounts by not claiming legitimate expenses in the future. If the officer makes good on the promise, the internal auditor A. Should recommend that the officer forfeit any frequent flyer miles received as part of the questionable travel. B. Can ignore the original charging of the nonbusiness expenses. C. Should still include the finding in the final engagement communication. D. Should inform the tax authorities in any event. Answer (A) is incorrect. Management should determine what constitutes just compensation. Answer (B) is incorrect. The possibly fraudulent behavior of the officer is a material fact that should be reported regardless of whether the questioned expenses are reimbursed. Answer (C) is correct. Rule of Conduct 2.3 under the objectivity principle states, “Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.” Answer (D) is incorrect. Communication of results to parties outside the organization is not required in the absence of a legal mandate. 22- Through an engagement performed at the credit department, the chief audit executive (CAE) became aware of a material misstatement of the year-end accounts receivable balance. The external auditors have completed their engagement without detecting the misstatement. What should the CAE do in this situation? A. Perform additional engagement procedures on accounts receivable balances to benefit the external auditors. B. Exclude the misstatement from the final engagement communication because the external auditors are responsible for expressing an opinion on the financial statements. C. Inform the external auditors of the misstatement. D. Report the misstatement to management when the external auditors present a report. Answer (A) is incorrect. When performing an audit, the external auditors should determine what work should be performed by the internal auditor. Answer (B) is incorrect. Although the internal audit activity’s main focus may be on risk management, control, and governance processes, a material misstatement must be communicated. Answer (C) is correct. Rule of Conduct 2.3 under the objectivity principle states, “Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.” Additionally, the CAE should share information and coordinate activities with the external auditors (Perf. Std. 2050). Answer (D) is incorrect. The CAE should share information and coordinate activities with the external auditors. 23- An internal auditor may receive which of the following without violating The IIA’s Code of Ethics? A. A bottle of whiskey from the organization’s CFO. B. A pen received from the sales manager of a subsidiary with the imprinted name of the organization’s product and a phone number. C. A dinner and baseball tickets from the manager of a department that has never been reviewed and for which there are no plans for a future engagement. The tickets are usually made available to employees of that department. D. A dinner and baseball tickets from the manager of a department being reviewed. The tickets are usually made available to employees of that department. Answer (A) is incorrect. A gift from an employee whose department may be reviewed most likely violates Rule of Conduct 2.2. Answer (B) is correct. Rule of Conduct 2.2 under the objectivity principle states, “Internal auditors shall not accept anything that may impair or be presumed to impair their professional judgment.” A small promotional item, such as a pen of minimal value, is unlikely to affect an auditor’s judgment. Answer (C) is incorrect. A gift from an employee whose department may be reviewed most likely violates Rule of Conduct 2.2. Answer (D) is incorrect. A gift from an employee whose department may be reviewed most likely violates Rule of Conduct 2.2. 24- Which of the following activities of an internal auditor is most likely to be acceptable under The IIA’s Code of Ethics? A. Late arrivals and early departures from work because this practice is common in the organization. B. Frequent luncheons and other socializing with major suppliers of the organization without the consent of senior management. C. Acceptance of a material gift from a supplier. D. Conducting an unrelated business outside of office hours. Answer (A) is incorrect. Internal auditors should exercise diligence in performing their duties. Answer (B) is incorrect. Omitting negative observations is also a violation. Answer (C) is incorrect. The CAE dramatically changed internal audit’s scope of work without consulting with the board. Moreover, highlighting potential cost savings is appropriate for an engagement communication. Answer (D) is correct. The CAE dramatically changed internal audit’s scope of work without consulting with the board. A second violation is the omission of negative observations. Under The IIA’s Code of Ethics, the auditors must disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review (Rule of Conduct 2.3). 27- Which of the following statements is not appropriate to include in a manufacturer’s conflict of interest policy? An employee shall not A. Use organizational information for private purposes. B. Borrow from or lend money to vendors. C. Accept money, gifts, or services from a customer. D. Participate (directly or indirectly) in the management of a public agency. Answer (A) is incorrect. A conflict of interest policy should prohibit the use of organization information for private gain. Answer (B) is incorrect. A conflict of interest policy should prohibit financial dealings between an employee and those with whom the organization deals. Answer (C) is incorrect. A conflict of interest policy should prohibit the transfer of benefits between an employee and those with whom the organization deals. Answer (D) is correct. A prohibition on public service is ordinarily inappropriate. Public service is a right, if not a duty, of all citizens. 28- An engagement at a foreign subsidiary disclosed payments by the sales department to local government officials in return for orders. What action does The IIA’s Code of Ethics suggest for an internal auditor in such a case? A. Inform appropriate organizational officials. B. Refrain from any action that might be detrimental to the organization. C. Report the incident to appropriate regulatory authorities. D. Report the practice to the board of The Institute of Internal Auditors. Answer (A) is correct. Such payments may be illegal. Rule of Conduct 2.3 under the objectivity principle states, “Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.” Answer (B) is incorrect. Informing organizational officials is not detrimental to the organization. Answer (C) is incorrect. The Code does not require that the incident be reported to regulatory authorities. Answer (D) is incorrect. The Code of Ethics does not require reporting for these types of activities to The IIA. 29- Internal auditors should be prudent in their relationships with persons and organizations external to their employers. Which of the following activities will most likely not adversely affect internal auditors’ ethical behavior? A. Serving as consultants to competitor organizations. B. Discussing engagement plans or results with external parties. C. Serving as consultants to suppliers. D. Accepting compensation from professional organizations for consulting work. Answer (A) is incorrect. Serving as a consultant to competitors might create a conflict of interest. Answer (B) is incorrect. Internal auditors should “be prudent in the use and protection of information acquired in the course of their duties” (Rule of Conduct 3.1). Furthermore, such discussion might be “detrimental to the legitimate and ethical objectives of the organization” (Rule of Conduct 3.2). Answer (C) is incorrect. Serving as a consultant to suppliers might create a conflict of interest. Answer (D) is correct. Professional organizations are unlikely to be employees, clients, customers, suppliers, or business associates of the organization. Thus, the consulting fees are not likely to impair or be presumed to impair the internal auditors’ professional judgment (Rule of Conduct 2.2). Moreover, relationships with professional organizations are not likely to create a conflict of interest or impair or be presumed to impair internal auditors’ unbiased judgment (Rule of Conduct 2.1). Also, the consulting engagement should not result in the improper use of information (Rule of Conduct 3.2). 30- During an engagement, an internal auditor learned that certain individuals in the organization were involved in industrial espionage for the benefit of the organization. According to The IIA’s Code of Ethics, what is the internal auditor’s proper course of action? A. Note the condition in the working papers but refrain from reporting it because it benefits the organization. B. Report the condition to the appropriate governmental regulatory agency. C. Report the facts to the appropriate individuals within the organization. D. No action is required because this condition is not detrimental to the organization. Answer (A) is incorrect. Internal auditors may not knowingly be a party to an illegal activity. Answer (B) is incorrect. Internal auditors ordinarily are not required to disclose voluntarily any illegal or improper acts to outside individuals or organizations. They should try to work within their organizations. However, under Rule of Conduct 1.2, they should make any disclosures expected by the law or by the profession. Answer (C) is correct. Rule of Conduct 2.3 under the objectivity principle states, “Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.” Moreover, Rule of Conduct 1.3 under the integrity principle states, “Internal auditors shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organization.” Answer (D) is incorrect. Internal auditors must report material facts that, if not disclosed, could distort the reporting of activities. They also may not knowingly be a party to an illegal activity. 31- Which of the following items is a violation by an internal auditor of The IIA’s Code of Ethics? A. To keep the engagement effort within the budgeted time, the internal auditor was directed to and did curtail testing in an area that looked suspicious and later was proved to contain massive irregularities. B. Certain facts recorded in the internal auditor’s working papers that helped to support the basic allegations made by the internal auditor regarding a case of fraud were not included in the final engagement communication. C. Information in the internal auditor’s working papers that proved a criminal act was included in the internal auditor’s draft communication. The comments were later removed by internal audit management. D. A control system that had been recommended by the internal audit staff during the previous engagement was found to be defective. The internal auditor reported the defective function as an engagement client failure. Answer (A) is incorrect. The ethical transgression, if any, was not made by the internal auditor but by internal audit management. Answer (B) is incorrect. Immaterial facts need not be included. Answer (C) is incorrect. The ethical transgression, if any, was not made by the internal auditor but by internal audit management. Answer (D) is correct. Reporting the defective function as an engagement client failure is a violation of the internal auditor’s ethical obligation to disclose all material facts known to him or her that, if not disclosed, may distort the reporting of activities under review (Rule of Conduct 2.3). 32- Which of the following actions by an internal auditor is most likely a violation of The IIA’s Code of Ethics? A. Allowing use of the Certified Internal Auditor designation in a context not involving his or her employment. benefit from the transaction, the relative used the information to make a significant profit. The most appropriate way for the CAE to deal with this problem is to A. Verbally reprimand the internal auditor. B. Take no action because the internal auditor did not benefit from the transaction. C. Summarily discharge the internal auditor and notify The IIA. D. Inform The IIA’s Board of Directors and take the personnel action required by organizational policy. Answer (A) is incorrect. The internal auditor has violated Rule of Conduct 3.2 regarding use of information. The IIA should be notified. Answer (B) is incorrect. The auditor improperly used information and violated The IIA’s Code of Ethics. Some action is warranted. Answer (C) is incorrect. Summary discharge may not be in accordance with company personnel policies. Answer (D) is correct. The staff internal auditor has violated Rule of Conduct 3.2 regarding use of information. A violation of The IIA’s Code of Ethics is the basis for a complaint to the International Ethics Committee, which is responsible for receiving, interpreting, and investigating all complaints against members or CIAs on behalf of the Board of Directors of The IIA and making recommendations to the Board on actions to be taken (Administrative Directive 5). In addition, organizational policy must be followed. 3- Which of the following actions taken by a chief audit executive (CAE) could be considered professionally ethical under The IIA’s Code of Ethics? A. To save organizational resources, the CAE limits procedures at foreign branches to confirmations from branch managers that no major personnel changes have occurred. B. The CAE decides to delay an engagement at a branch so that his nephew, the branch manager, will have time to “clean things up.” C. To save organizational resources, the CAE cancels all staff training for the next 2 years on the basis that all staff are too new to benefit from training. D. The CAE refuses to provide information about organizational operations to his father, who is a part owner. Answer (A) is incorrect. According to Rule of Conduct 4.2, “Internal auditors shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing (Standards).” The Standards require supporting information to be sufficient, reliable, relevant, and useful. Answer (B) is incorrect. According to Rule of Conduct 1.1, “Internal auditors shall perform their work with honesty, diligence, and responsibility.” Answer (C) is incorrect. According to Rule of Conduct 4.3, “Internal auditors shall continually improve their proficiency and the effectiveness and quality of their services.” Answer (D) is correct. Rule of Conduct 3.1 under the confidentiality principle states, “Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties.” Additionally, Rule of Conduct 3.2 states, “Internal auditors shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.” Thus, such use of information by the CAE might be illegal under insider trading rules. 4- An internal auditor is performing services in a division in which the chief financial officer is a close personal friend, and the internal auditor learns that the friend is to be replaced after a series of critical labor negotiations. The internal auditor relays this information to the friend. Has a violation of The IIA’s Code of Ethics occurred? A. Yes. The internal auditor had a conflict of interest with the organization. B. No. The internal auditor was just being honest with his or her friend. C. No. The use of the confidential information resulted in no personal gain to the internal auditor. D. Yes. The internal auditor was not prudent in the use of information acquired in the course of his or her duties. Answer (A) is incorrect. The facts do not suggest that a conflict of interest existed. However, such a conflict would be present, for example, if the internal auditor used confidential information to seize a business opportunity that rightfully belonged to the organization. Answer (B) is incorrect. The Rules of Conduct specifically prohibit using information in a manner that would be detrimental to the legitimate and ethical objectives of the organization. Answer (C) is incorrect. The Rules of Conduct specifically prohibit using information in a manner that would be detrimental to the legitimate and ethical objectives of the organization. Answer (D) is correct. Rule of Conduct 3.1 under the confidentiality principle states, “Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties.” Rule of Conduct 3.2 states, “Internal auditors shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.” In this case, the decision whether to notify the financial officer of his or her replacement was properly the organization’s. Accordingly, the internal auditor was bound not to tell his or her friend. 5- “Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties” is a Rule of Conduct under which core principle of The IIA’s Code of Ethics? A. Confidentiality. B. Risk-based assurance. C. Competency. D. Disclosure. Answer (A) is correct. The Rules of Conduct in The IIA’s Code of Ethics are organized based on the principles of integrity, objectivity, confidentiality, and competency. Rule of Conduct 3.1 under the confidentiality principle states, “Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties.” Answer (B) is incorrect. Risk-based assurance is a core principle for the Professional Practice of Internal Auditing, not a core principle of The IIA’s Code of Ethics. The core principles in the Code of Ethics are integrity, objectivity, confidentiality, and competency. Answer (C) is incorrect. Competency is a core principle of The IIA’s Code of Ethics, but it is not the principle that contains the stated rule. Competency is a commitment to acquiring and maintaining an appropriate level of knowledge and skill. Answer (D) is incorrect. Disclosure is not a core principle of The IIA’s Code of Ethics. 6- Which of the following most likely constitutes a violation of The IIA’s Code of Ethics by an internal auditor? A. Investigating executive expense reports based completely on rumors of padding. B. Purchasing stock in a target entity after overhearing an executive’s discussion of a possible acquisition. C. Discussing at a trade convention the organization’s controls over its computer networks. D. Deleting sensitive information from a final engagement communication at the request of senior management. Answer (A) is incorrect. An investigation of expense accounts is within the internal auditor’s normal responsibilities, but further investigation of fraud should ordinarily be made by investigative specialists. Answer (B) is correct. Rule of Conduct 3.2 under the confidentiality principle states, “Internal auditors shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization.” Answer (C) is incorrect. Disclosure of information technology controls is not detrimental to the objectives of the organization. They are not likely to be trade secrets. Answer (D) is incorrect. If senior management permits the omission, the internal auditor is not guilty of failing to disclose material facts. 7- Which situation most likely violates The IIA’s Code of Ethics and the Standards? A. The engagement manager has removed the most significant observations and recommendations from the final engagement communication. The in-charge internal auditor opposed the removal, explaining that (s)he knows the reported conditions exist. The in-charge internal auditor agrees that, technically, information is not B. Using engagement-related information in a decision to buy an ownership interest in the employer organization. C. Not reporting significant observations and recommendations about illegal activity to the board because management has indicated it will address the issue. D. Accepting an unexpected gift from an employee whom the internal auditor has praised in a recent engagement communication. Answer (A) is correct. The principle of confidentiality permits the disclosure of confidential information if there is a legal or professional obligation to do so. Answer (B) is incorrect. Rule of Conduct 3.2 prohibits internal auditors from using information for personal gain. Answer (C) is incorrect. Rule of Conduct 2.3 under the objectivity principle requires internal auditors to disclose all material facts known to them that, if not disclosed, might distort the reporting of activities under review. Answer (D) is incorrect. Rule of Conduct 2.2 prohibits internal auditors from accepting anything that may impair, or be presumed to impair, their professional judgment. 7: (10) Internal Audit Ethics – Competency 1- Which of the following statements is part of The IIA Rules of Conduct for competency? A. Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review. B. Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties. C. Internal auditors shall respect and contribute to the legitimate and ethical objectives of the organization. D. Internal auditors shall engage only in those services for which they have the necessary knowledge, skills, and experience. Answer (A) is incorrect. Rule of Conduct for objectivity 2.3 states, “Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.” Answer (B) is incorrect. Rule of Conduct for confidentiality 3.1 states, “Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties.” Answer (C) is incorrect. Rule of Conduct for integrity 1.4 states, “Internal auditors shall respect and contribute to the legitimate and ethical objectives of the organization.” Answer (D) is correct. Rule of Conduct for competency 4.1 states, “Internal auditors shall engage only in those services for which they have the necessary knowledge, skills, and experience.” 2- Which of the following would violate The IIA’s Code of Ethics core principle of competency? A. Carrie was recently promoted to supervise the audit of food and beverage accounting for the organization’s banquet facilities. Carrie has audited several areas of the organization, including 6 months of shadowing audit supervisors in the hospitality area. B. The audit committee hired a new CAE to perform financial due diligence on a chain of hotels that the company is considering purchasing. The new CAE has extensive knowledge and years of experience in the hotel industry. C. Bob recently completed continuing education courses in restaurant accounting and has been assigned to audit one of the organization’s steakhouses next month. D. The organization has downsized and has a very lean staff. The board has recently approved the deferral of all continuing education for the next 12 months due to the staff’s workload. Answer (A) is incorrect. Carrie has the knowledge, skills, and experience to supervise the food and beverage audit. This satisfies the Rule of Conduct for competency. Answer (B) is incorrect. The audit committee has hired a CAE for his or her knowledge and experience in the industry in which the company desires to invest. This satisfies the Rule of Conduct for competency. Answer (C) is incorrect. Bob acquired the required knowledge and skills prior to the start of the upcoming audit. Additionally, by completing continuing education, he continued to improve his proficiency and other competencies. This satisfies the rule of conduct for competency. Answer (D) is correct. The IIA’s Rules of Conduct for competency state, “Internal auditors shall engage only in those services for which they have the necessary knowledge, skills, and experience, shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing and shall continually improve their proficiency and the effectiveness and quality of their services.” The deferral of completing continued education, even though approved by the board, violates The IIA’s Code of Ethics Rule of Conduct for competency. 3- During the course of an engagement, an internal auditor discovers that a clerk is embezzling funds from the organization. Although this is the first embezzlement ever encountered and the organization has a security department, the internal auditor decides to interrogate the suspect. If the internal auditor is violating The IIA’s Code of Ethics, the rule violated is most likely A. Failing to comply with the law. B. Failing to exercise due diligence. C. Lack of competence in this area. D. Lack of loyalty to the organization. Answer (A) is incorrect. The internal auditor may violate the suspect’s civil rights as a result of inexperience Answer (B) is incorrect. The requirement to perform work with diligence does not override the competency Rules of Conduct or the need to use good judgment. Answer (C) is correct. Rule of Conduct 4.1 under the competency principle states, “Internal auditors shall engage only in those services for which they have the necessary knowledge, skills, and experience.” Internal auditors may not have, and are not expected to have, knowledge equivalent to that of a person whose primary responsibility is to detect and investigate fraud (Impl. Std. 1210.A2). Answer (D) is incorrect. Loyalty is better exhibited by consulting with professionals and knowing the limits of competence. 4- Which of the following violates The IIA’s Code of Ethics core principle of competency? A. The internal auditor directed his brother to sell company stock during the company’s blackout period. B. The internal auditor accepted gifts of material value from the engagement client. C. The manager failed to disclose all revenues and sales taxes collected to the state’s taxation department. D. The internal auditor failed to complete the required continuing education needed to obtain the skills necessary for the engagement. Answer (A) is incorrect. A company’s blackout period is the period of time before its earnings release to the public. During this time, employees (insiders) cannot buy or sell the company’s stock. An internal auditor shall not use information for any personal gain. This is a violation of the Code of Ethics core principle of confidentiality. It would also be considered insider training, which is illegal. Answer (B) is incorrect. Acceptance of gifts of material value may impair the internal auditor’s professional judgment. This is a violation of the Code of Ethics core principle of objectivity. Answer (C) is incorrect. Failing to make disclosures required by law is a violation of the Code of Ethics core principle of integrity. Answer (D) is correct. Rule of Conduct 4.1 under the competency principles states, “Internal auditors shall engage only in those services for which they have the necessary knowledge, skills, and experience.” Failure to have the knowledge and skills necessary for the engagement violates the Code of Ethics core principle of competency. 5- Company A recently acquired Company B. Company B is in a very different industry from Company A. Ten internal auditors have been assigned to review key areas of Company B’s operations. The CAE has arranged for the auditors to receive industry training prior to the commencement of work. How should the CAE explain to the board why the industry training is needed? A. Internal auditors will be unable to contribute to the legitimate and ethical objectives of the organization. B. Internal auditors do not have the necessary knowledge, skills, or experience to complete the work. C. Internal auditors may distort the reporting of activities if all material facts are not known to them. D. Internal auditors will not know how to be prudent in the use and protection of the information acquired in the course of their duties. Answer (A) is incorrect. The Code of Ethics principle of integrity states, “Internal auditors shall respect and contribute to effectiveness during the last 3 years. However, Auditor C feels performance of quality work is the same as before. Answer (A) is incorrect. The information was disclosed as part of the normal process of cooperation between the internal and external auditor. Because the books were adjusted, the external auditor was expected to inquire as to the nature of the adjustment. Answer (B) is incorrect. No professional conflict of interest exists per se, especially given that the internal auditor was previously in public accounting. However, the internal auditor should be aware of potential conflicts. Answer (C) is incorrect. An internal auditor must possess the necessary knowledge, skills, and competencies at the time an engagement is conducted, not the time it is accepted. Answer (D) is correct. Rule of Conduct 4.3 under the competency principle states, “Internal auditors shall continually improve their proficiency and the effectiveness and quality of their services.” 9- A manufacturing organization often hires recent college graduates to fill entry level internal auditor positions. Which of the following would not support the organization’s commitment to the Rule of Conduct for competency? A. The organization requires a training program for entry level auditors. B. The organization pays for and requires all professional employees to take continuing education classes. C. Annually, the organization holds a seminar and provides the professional employees with updates on changes to IIA standards and guidance. D. The organization routinely brings in motivational speakers to inspire the employees. Answer (A) is incorrect. Rule of Conduct 4.1 under the competency principle states, “Internal auditors shall engage only in those services for which they have the necessary knowledge, skills, and experience.” A required training program for entry level auditors would help the auditors acquire the necessary knowledge to perform their work. Answer (B) is incorrect. Rule of Conduct 4.3 under the competency principles states, “Internal auditors shall continually improve their proficiency.” Paying for and requiring all professional employees to take continuing education classes would support the organization’s commitment to the Rule of Conduct for competency, Answer (C) is incorrect. Providing seminars on changes to IIA standards and guidance would contribute to an internal auditor’s skill and knowledge. Rule of Conduct 4.3 under the competency principles states, “Internal auditors shall continually improve their proficiency.” Holding a seminar and providing the professional employees with updates on changes to IIA standards and guidance demonstrates the organization’s commitment to the Rule of Conduct for competency. Answer (D) is correct. Competency is the commitment to acquiring and maintaining an appropriate level of knowledge and skill. Rule of Conduct 4.3 under the competency principle states, “Internal auditors shall continually improve their proficiency and the effectiveness and quality of their services.” While hearing motivational speakers may be uplifting and inspiring, it would not contribute to the auditors’ knowledge and skill levels. 10- Under The IIA’s Code of Ethics, an entity that provides internal auditing services is specifically required to A. Maintain certain predetermined staffing requirements for engagements. B. Comply with the International Standards for the Professional Practice of Internal Auditing. C. Participate in a formal continuing education program. D. Comply with organizational policy. Answer (A) is incorrect. Staffing requirements must be determined based on the circumstances of each engagement. Answer (B) is correct. The IIA’s Code of Ethics applies not only to individuals but also to entities that provide internal auditing services. Rule of Conduct 4.2 under the competency principle states, “Internal auditors shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing.” Answer (C) is incorrect. The Code requires compliance with the Standards, and the Standards require internal auditors to enhance their knowledge, skills, and other competencies through continuing professional development, but neither the Code nor the Standards require formal continuing education. Answer (D) is incorrect. The Code requires internal auditors to respect and contribute to the legitimate and ethical objectives of the organization and not engage in acts discreditable to the organization. However, the Code does not specifically mention compliance with organizational policy. 8: (20) Internal Audit Charter 1- The authority of the internal audit activity is limited to that granted by A. The board and the controller. B. Management and the board. C. The board and the chief financial officer. D. Senior management and the Standards. Answer (A) is incorrect. The controller is not the only member of management. Answer (B) is correct. The purpose, authority, and responsibility of the internal audit activity must be formally defined in a charter. The CAE must periodically review and present the charter to senior management and the board for approval (Attr. Std. 1000). Answer (C) is incorrect. Management and the board, not a particular manager, give the internal audit activity its authority. Answer (D) is incorrect. The Standards cannot provide actual authority to an internal audit activity. 2- The board of an organization has charged the chief audit executive (CAE) with upgrading the internal audit activity. The CAE’s first task is to develop a charter. What item should be included in the statement of objectives? A. Notify governmental regulatory agencies of unethical business practices by organization management. B. Evaluate the adequacy and effectiveness of the organization’s controls. C. Submit budget variance reports to management every month. D. Report all engagement results to the board every quarter. Answer (A) is incorrect. Internal auditors ordinarily are not required to report deficiencies in regulatory compliance to the appropriate agencies. However, they must observe the law and make disclosures expected by the law and profession (Rule of Conduct 1.2). Answer (B) is correct. The charter establishes the internal audit activity’s position within the organization, including the nature of the chief audit executive’s functional reporting relationship with the board; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities (Inter. Std. 1000). Internal auditing brings a systematic, disciplined approach to evaluating and improving risk management, control, and governance processes (Definition of Internal Auditing). Answer (C) is incorrect. Submission of budgetary variance reports is not a primary objective of internal auditing. It is a budgetary control that management may require on a periodic basis. Answer (D) is incorrect. Only significant engagement results are discussed with the board. 3- The chief audit executive meets with the members of the internal audit activity at scheduled staff meetings. Which of the following is the most appropriate function of such a staff meeting? A. Revising travel, promotion, and compensation policies. B. Explaining administrative policies and obtaining suggestions from the staff. C. Developing long-range training programs that will meet the staff’s needs. D. Developing the engagement work schedule. Answer (A) is incorrect. Management of the internal audit activity should revise travel, promotion, and compensation policies. Answer (B) is correct. One reason for staff meetings is to explain routine administrative matters, to teach new techniques, and even to let off steam. For example, staff members should be able to raise questions about ineffective procedures, promotions, salaries, or other problems. Answer (C) is incorrect. Developing long-range training programs that will meet the staff’s needs should be done by management of the internal audit activity. Answer (D) is incorrect. Management of the internal audit activity should develop engagement work schedules. 4- During an engagement to evaluate the organization’s accounts payable function, an internal auditor plans to confirm balances with suppliers. What is the source of authority for such contacts with units outside the organization? A. The internal audit activity’s charter. A. Inspector general. B. Person responsible for overseeing the contract with the outside provider of internal audit services. C. Outside provider of internal audit services. D. Person responsible for the internal audit function. Answer (A) is incorrect. The specific job title of the chief audit executive may vary across organizations (The IIA Glossary). Answer (B) is incorrect. The term “chief audit executive” is defined broadly because (1) the internal audit activity may be insourced or outsourced and (2) many different titles are used in practice. Answer (C) is incorrect. The internal audit activity may be insourced. Answer (D) is correct. The CAE is a person in a senior position responsible for effectively managing the internal audit activity in accordance with the internal audit charter and the mandatory elements of the IPPF (The IIA Glossary). 9- Which of the following is not appropriate for inclusion in the internal audit charter? A. The nature of the chief audit executive’s functional reporting relationship with the board. B. Authorization of internal audit access to records, personnel, and physical properties. C. Authorization of the board to approve the charter. D. Definition of the scope of internal audit activities. Answer (A) is incorrect. The nature of the chief audit executive’s functional reporting relationship with the board is one of the elements to be included in the internal audit charter. Answer (B) is incorrect. Authorization of internal audit access to records, personnel, and physical properties is one of the elements to be included in the internal audit charter. Answer (C) is correct. Final approval of the internal audit charter resides with the board. The board has this power inherently. Answer (D) is incorrect. Definition of the scope of internal audit activities is one of the elements to be included in the internal audit charter. 10- The organizational position of the internal audit activity should be free from the effects of irresponsible policy changes by management. The most effective way to ensure that freedom is to A. Develop written policies and procedures to serve as standards of performance for the internal audit activity. B. Establish an audit committee within the board. C. Adopt policies for the functioning of the internal audit activity. D. Have the internal audit charter approved by the board. Answer (A) is incorrect. Written policies and procedures serve to guide the internal auditor but have little effect on management. Answer (B) is incorrect. The establishment of an audit committee alone does not ensure the status of the internal audit activity. Answer (C) is incorrect. Adoption of policies for the functioning of the internal audit activity does not protect its organizational position. Answer (D) is correct. The internal audit charter is a formal document that defines the internal audit activity’s purpose, authority, and responsibility. Final approval of the internal audit charter resides with the board (Inter. Std. 1000). 11- Which one of the following must be included in the internal audit charter? A. Number of full-time internal audit employees deemed to be the necessary minimum. B. Internal audit responsibility. C. Internal audit objectivity. D. Chief audit executive’s compensation plan. Answer (A) is incorrect. The staffing of the internal audit activity is determined by the CAE and the board; it is not an appropriate matter to include in the internal audit charter. Answer (B) is correct. The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter. Answer (C) is incorrect. Objectivity is an attribute of individual auditors and is not included in the internal audit charter. Answer (D) is incorrect. The CAE’s compensation plan is not an appropriate matter to include in the internal audit charter. 12- The chief audit executive has assigned an internal auditor to perform a year-end engagement to evaluate payroll records. The internal auditor has contacted the director of compensation and has been refused access to necessary documents. To avoid this problem, A. Internal auditing should be required to report to the CEO of the organization. B. Access to records relevant to performance of engagements should be specified in the internal audit activity’s charter. C. Board approval should be required for all scope limitations. D. By following the long-range planning process, access to all relevant records should be guaranteed. Answer (A) is incorrect. The internal audit activity need not report to a specific individual in the organization, although reporting administratively to the CEO is desirable. Answer (B) is correct. Specific guidelines are written in the internal audit activity’s charter authorizing access to records, personnel, and physical properties relevant to the performance of engagements (Inter. Std. 1000). Such provisions reduce the likelihood of scope limitations. Answer (C) is incorrect. The internal audit activity must inform the board of any scope limitations, but the board’s approval is not required. Answer (D) is incorrect. Following the long-range planning process provides no guarantee of access. 13- Internal auditing has planned an engagement to evaluate the effectiveness of the quality assurance function as it affects the receipt of goods, the transfer of the goods into production, and the scrap costs related to defective items. The engagement client argues that such an engagement is not within the scope of the internal audit activity and should come under the purview of the quality assurance department only. What is the most appropriate response? A. Because quality assurance is a new function, seek the approval of management as a mediator to set the scope of the engagement. B. Terminate the engagement because it will not be productive without the client’s cooperation. C. Indicate that the engagement will evaluate the function only in accordance with the standards set by, and approved by, the quality assurance function before beginning the engagement. D. Refer to the internal audit activity’s charter and the approved engagement plan that includes the area designated for evaluation in the current time period. Answer (A) is incorrect. The engagement client does not determine the scope of this type of assurance engagement. A scope limitation imposed by the client might prevent the internal audit activity from achieving its objectives. Answer (B) is incorrect. The internal auditors must conduct the engagement and communicate any scope limitations to management and the board. Answer (C) is incorrect. Other objectives may be established by management and the internal auditors. The engagement is not limited to the specific standards set by the quality assurance department. It considers such standards in the development of the engagement program. Answer (D) is correct. The written charter, approved by the board, defines the scope of internal audit activities (Inter. Std. 1000). 14- Which of the following is an element of authority that should be included in the internal audit activity’s charter? A. Access to records, personnel, and physical properties relevant to the performance of engagements. Answer (A) is incorrect. The level of authority required for each engagement within the internal audit activity is mutually agreed upon by the CAE, senior management, and the board, and is defined in the internal audit charter. Answer (B) is incorrect. Engagement clients do not authorize the internal auditor’s activity but must be informed of the internal auditor’s authority. The internal audit charter authorizes access to records, personnel, and physical properties relevant to the performance of engagements. Final approval of the internal audit charter resides with the board. Answer (C) is correct. Engagement clients must be informed of the internal audit activity’s purpose, authority, and responsibility to prevent misunderstandings about access to records and personnel. The CAE, senior management, and the board mutually agree upon the internal audit charter. The charter defines (1) the internal audit objectives and responsibilities and (2) the expectations for the internal audit activity. Answer (D) is incorrect. The internal audit charter, not the engagement client, establishes the internal audit activity’s position within the organization. 19- The transportation department of a publicly held company has asked the internal audit activity to review the design specifications for a proposed new warehouse and repair facility. The best reason for the internal audit activity to decline the request is A. The CEO and the head of the transportation department are neighbors and belong to the same social clubs. B. The transportation department’s budget is immaterial to the organization’s total budget. C. Such a review does not fall within the authority granted in the internal audit charter. D. The internal audit activity performed a thorough review of the transportation department the previous year. Answer (A) is incorrect. An attitude of independence is required for internal auditors, not for auditees and management. Answer (B) is incorrect. Internal audit engagements are scheduled based on a risk assessment, only one of the elements of which is monetary materiality. Answer (C) is correct. The internal audit activity’s purpose, authority, and responsibility are specifically granted in the form of a written charter approved by the board. Answer (D) is incorrect. Internal audit engagements are scheduled based on a risk assessment, not simply time elapsed since the last engagement. 20- An element of authority that must be included in the charter of the internal audit activity is A. Identification of the organizational units where engagements are to be performed. B. Access to records, personnel, and physical properties relevant to the performance of engagements. C. Identification of the types of disclosures that should be made to the board. D. Access to the external auditor’s engagement records. Answer (A) is incorrect. The audit schedule is based on a risk assessment; it is thus inappropriate to designate specific engagement areas in the internal audit charter. Answer (B) is correct. The charter establishes the internal audit activity’s position within the organization, including the nature of the chief audit executive’s functional reporting relationship with the board; authorizes access to records, personnel, and physical properties relevant to the performance of engagements; and defines the scope of internal audit activities (Inter. Attr. Std. 1000). Answer (C) is incorrect. Disclosure to the board is an obligation, not an element of authority. Answer (D) is incorrect. Access to the external auditor’s engagement records cannot be guaranteed.