Internal Audit Practices and Standards, Exams of Accounting

Various aspects of internal auditing, including the role of the chief audit executive, the importance of quality assurance and improvement programs, the principles of confidentiality and objectivity, the assessment of risks and controls, the prevention and detection of fraud, and the competencies required of internal auditors. It discusses the standards and guidelines set by the international professional practices framework (ippf) and the committee of sponsoring organizations of the treadway commission (coso) that internal auditors must adhere to. The document highlights the key responsibilities of internal auditors in ensuring the effectiveness of an organization's governance, risk management, and control processes. It also addresses the challenges and considerations involved in conducting internal audit engagements, such as the use of external resources, the management of conflicts of interest, and the exercise of due professional care.

Typology: Exams

2024/2025

Available from 10/11/2024

EXAMDOC
EXAMDOC šŸ‡ŗšŸ‡ø

4.4

(9)

22K documents

1 / 28

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Certified Internal Auditor - Part 1questions with
correct answers
When an internal auditor identifies multiple factors that have been linked with
possible fraudulent conditions and suspects that fraud has taken place, the auditor
should Correct Answer-Recommend an investigation.
An internal auditor who encounters an ethical dilemma not explicitly addressed by
The IIA's Code of Ethics should always Correct Answer-Take action consistent
with the principles embodied in The IIA's Code of Ethics.
Ordinarily, those conducting internal quality program assessments report to
Correct Answer-The chief audit executive.
Internal auditors may include in their audit report that their activities conform with
The IIA Standards. They may use this statement only if Correct Answer-It is
supported by the results of the quality program.
During an engagement to evaluate the organization's accounts payable function, an
internal auditor plans to confirm balances with suppliers. What is the source of
authority for such contacts with units outside the organization? Correct Answer-
The internal audit activity's charter.
An individual became head of the internal audit activity of an organization 1 week
ago. An engagement client has come to the person complaining vigorously that one
of the internal auditors is taking up an excessive amount of client time on an
engagement that seems to be lacking a clear purpose. In handling this conflict with
a client, the person should consider Correct Answer-Whether existing procedures
within the internal audit activity provide for proper planning and quality assurance.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c

Partial preview of the text

Download Internal Audit Practices and Standards and more Exams Accounting in PDF only on Docsity!

Certified Internal Auditor - Part 1questions with

correct answers

When an internal auditor identifies multiple factors that have been linked with possible fraudulent conditions and suspects that fraud has taken place, the auditor should Correct Answer-Recommend an investigation. An internal auditor who encounters an ethical dilemma not explicitly addressed by The IIA's Code of Ethics should always Correct Answer-Take action consistent with the principles embodied in The IIA's Code of Ethics. Ordinarily, those conducting internal quality program assessments report to Correct Answer-The chief audit executive. Internal auditors may include in their audit report that their activities conform with The IIA Standards. They may use this statement only if Correct Answer-It is supported by the results of the quality program. During an engagement to evaluate the organization's accounts payable function, an internal auditor plans to confirm balances with suppliers. What is the source of authority for such contacts with units outside the organization? Correct Answer- The internal audit activity's charter. An individual became head of the internal audit activity of an organization 1 week ago. An engagement client has come to the person complaining vigorously that one of the internal auditors is taking up an excessive amount of client time on an engagement that seems to be lacking a clear purpose. In handling this conflict with a client, the person should consider Correct Answer-Whether existing procedures within the internal audit activity provide for proper planning and quality assurance.

Prior to implementation, management has requested the internal audit activity to perform an engagement to recommend procedures and policies for improving management control over the telephone marketing operations of a major division. The chief audit executive should Correct Answer-Accept the engagement because objectivity will not be impaired. A quality assurance and improvement program of an internal audit activity provides reasonable assurance that internal auditing work is performed in accordance with its charter. Which of the following are designed to provide feedback on the effectiveness of an internal audit activity?

  1. Proper supervision
  2. Proper training
  3. Internal reviews
  4. External reviews Correct Answer-1. Proper supervision
  5. Internal reviews
  6. External reviews If the internal audit activity of a nonpublic company does not have the skills to perform a particular task, an external service provider (ESP) could be brought in from
  7. The organization's external audit firm
  8. An external consulting firm
  9. The engagement client
  10. A college or university Correct Answer-1. The organization's external audit firm
  11. An external consulting firm
  12. A college or university

When assessing the risk associated with an activity, an internal auditor should Correct Answer-Provide assurance on the management of the risk. optimal to provide a summary-level description of a complex new computer system Correct Answer-A system flowchart. Internal auditors who fail to maintain their proficiency through continuing education could be found to be in violation of Correct Answer-Both the International Standards for the Professional Practice of Internal Auditing and The IIA's Code of Ethics. __________ is a component of the internal control. It is a process that assesses the quality of the system's performance over time. It consists of ongoing activities built into normal operations to ensure that they continue to be performed effectively. Supervision and other ordinary management functions, consideration of communications with external parties, and the actions of internal and external auditors are examples. Correct Answer-Monitoring "Internal auditors shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing." Because the internal auditors are members of The Institute, The IIA's Code of Ethics is enforceable against them even though they are not CIAs. Correct Answer- competency principle states __________ develops and maintains a quality assurance and improvement program (Attr. Std. 1300) that includes (1) external assessments and (2) ongoing and periodic internal assessments. Ongoing monitoring is incorporated into the routine policies and practices used to manage the internal audit activity. Among the processes used in ongoing internal assessments is engagement planning and supervision (IG 1311). Correct Answer-The CAE

An internal auditor's __________ is not impaired when the auditor recommends standards of control for systems or reviews procedures before they are implemented. Correct Answer-objectivity Stakeholders are persons or entities who are affected by the activities of the entity. Among others, these include Correct Answer-shareholders, employees, suppliers, customers, neighbors of the entity's facilities, and government regulators. What is residual risk? Correct Answer-Risk that is not managed. Reasonable assurance should be obtained as to each prospective internal auditor's qualifications and proficiency. Which of the following is the least useful application of this principle? Checking an applicant's references. Determining previous job experience. Obtaining college transcripts. Determining that all applicants have an accounting degree. Correct Answer- Determining that all applicants have an accounting degree. __________ is not a concept applicable to providing assurance on risk management processes described in the ISO 31000 model. Correct Answer- Negative assurance A chief audit executive (CAE) learned that a staff internal auditor provided confidential information to a relative. Both the CAE and staff internal auditor are CIAs. Although the internal auditor did not benefit from the transaction, the relative used the information to make a significant profit. The most appropriate way for the CAE to deal with this problem is to Correct Answer-Inform The IIA's Board of Directors and take the personnel action required by organizational policy.

Thus, such use of information by the CAE might be illegal under insider trading rules. Correct Answer-confidentiality principle states The internal audit activity collectively must possess or obtain certain competencies. Internal audit staff should be competent in Correct Answer-The exercise of business acumen. According to COSO, a risk profile is a view of the relationship between Correct Answer-Risk and performance. Planning and executing an audit engagement without the appropriate background and skills is Correct Answer-a violation of this standard. __________ includes, among other things, the element of human resource policies and practices. Thus, hiring, orientation, training, evaluation, counseling, promotion, compensation, and remedial actions must be considered by management. Correct Answer-The control environment "Internal auditors shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review." Correct Answer- objectivity principle states __________ is the process of assessing the quality of the system's performance over time. It is designed to ensure that internal controls continue to operate effectively. Correct Answer-Monitoring An internal auditor's responsibilities for detecting fraud include Correct Answer- evaluating fraud indicators and deciding whether any additional action is necessary or whether an investigation should be recommended.

A formal code of ethics effectively Correct Answer-(1) communicates acceptable values to all members (2) provides a method of policing and disciplining members for violations (3) establishes objective standards against which individuals can measure their own performance (4) communicates the organization's value system to outsiders A chief audit executive for a large manufacturer is considering revising the internal audit activity's charter with respect to the minimum educational and experience qualifications required. The CAE wants to require all staff auditors to possess specialized training in accounting and a professional auditing certification such as the Certified Internal Auditor or the Chartered Accountant. One of the disadvantages of imposing this requirement is that the policy Correct Answer- Could limit the range of services that could be performed due to the internal audit activity's narrow expertise and backgrounds. An adequate system of internal controls is most likely to detect a fraud perpetrated by a Correct Answer-Single employee. An organization is in the process of establishing its new internal audit activity. The controller has no previous experience with internal auditors. Due to this lack of experience, the controller advised the applicants that the CAE will be reporting to the external auditors. However, the new chief audit executive will have free access to the controller to report anything important. The controller will then convey the CAE's concerns to the board of directors. The internal audit activity will Correct Answer-Not be independent because the CAE reports to the external auditors. Auditors must always be alert for the possibility of fraud. Assume the controls over each risk listed below are marginal. Which of the following possible frauds or misuses of organization assets should be considered the area of greatest risk? Correct Answer-Grants are made to organizations that might be associated with the president or are not for purposes dictated in the organization's charter.

Internal auditors must possess the knowledge, skills, and other competencies essential to the performance of their individual responsibilities. Consequently, all internal auditors should be competent with regard to Correct Answer-Operating within the organization's framework for governance, risk management, and control. Which of the following most likely constitutes a violation of The IIA's Code of Ethics? a. Auditor C is content as an internal auditor and has come to look at it as a regular 9-to-5 job. Auditor C has not engaged in continuing professional education or other activities to improve effectiveness during the last 3 years. However, Auditor C feels performance of quality work is the same as before. b. Auditor A has accepted an assignment to perform an engagement at the electronics manufacturing division. Auditor A has recently joined the internal audit activity. But Auditor A was senior auditor for the external audit of that division and has audited many electronics organizations during the past 2 years. c. Auditor B has been assigned to perform an engagement at the warehousing function 6 months from now. Auditor B has no expertise in that area but accepted the assignment anyway. Auditor B has signed up for continuing professional education courses in warehousing that will be completed before the assignment begins. d. Auditor D discovered an internal financial fraud during the year. The books were adjusted to properly reflect the loss associated with the fraud. Auditor D discussed the fraud with the external auditor when the external auditor reviewed working papers detailing the incident. Correct Answer-a. Auditor C is content as an internal auditor and has come to look at it as a regular 9-to-5 job. Auditor C has not engaged in continuing professional education or other activities to improve effectiveness during the last 3 years. However, Auditor C feels performance of quality work is the same as before. Appropriate internal control for a multinational corporation's branch office that has a monetary transfer unit requires that Correct Answer-The individual who initiates wire transfers not reconcile the bank statement.

Which of the following statements about governance is true? Correct Answer- Governance has a range of definitions depending on the circumstances. Which of the following actions is required of the CAE and internal auditors themselves in regard to the objectivity of internal auditors? a. Promote. b. Delegate. c. Enhance. d. Maintain. Correct Answer-d. Maintain. In an assurance engagement of treasury operations, an internal auditor is required to consider all of the following issues except a. The external auditors have indicated some difficulties in obtaining account confirmations. b. Treasury management has not instituted any risk management policies. c. The audit committee has requested assurance on the treasury department's compliance with a new policy on use of financial instruments. d. Due to the recent sale of a division, the amount of cash and marketable securities managed by the treasury department has increased by 350%. Correct Answer-a. The external auditors have indicated some difficulties in obtaining account confirmations. An internal auditor observes that a receivables clerk has physical access to and control of cash receipts. The auditor worked with the clerk several years before and has a high level of trust in the individual. Accordingly, the auditor notes in the engagement working papers that controls over receipts are adequate. Has the auditor exercised due professional care? Correct Answer-No, alertness to conditions most likely indicative of irregularities was not shown.

d. Product development team leader. Correct Answer-d. Product development team leader. Fact Pattern: When an internal auditor followed up on a significant increase in maintenance supplies during the past year, a purchasing agent explained to the internal auditor that the primary reason for the increase was painting services and supplies. The internal auditor found a blanket purchase order without the normal bid or quote documentation. The blanket purchase order had been signed by the general manager and named the general manager's father as the sole contractor for painting services on the organization's projects. The auditor also found a number of large invoices, authorized for payment by the general manager, that showed the general manager's father as the person who signed for the receipt of the material at the supplier. Which is not a symptom of fraud as described in this situation? Correct Answer- The use of blanket purchase orders. A CSR audit procedure requires the internal auditor to determine if the organization's code of conduct includes provisions on anti-corruption. This procedure is most likely testing which CSR element? Correct Answer-Ethics. With regard to the exercise of due professional care, an internal auditor should Correct Answer-Consider the relative materiality or significance of matters to which assurance procedures are applied. The chief audit executive has assigned an internal auditor to perform a year-end engagement to evaluate payroll records. The internal auditor has contacted the director of compensation and has been refused access to necessary documents. To avoid this problem, Correct Answer-Access to records relevant to performance of engagements should be specified in the internal audit activity's charter.

According to COSO, which of the following provides oversight of an entity's enterprise risk management (ERM)? a. The risk officer. b. Financial executives. c. Management. d. The board of directors. Correct Answer-d. The board of directors. The underlying premise of the COSO ERM framework is that every organization exists to Correct Answer-Provide value for its stakeholders. An organization's policies and procedures are part of its overall system of internal controls. The control function performed by policies and procedures is Correct Answer-Feedforward control. The best reason for establishing a code of conduct within an organization is that such codes Correct Answer-Express standards of individual behavior for members of the organization. In an assurance engagement, what is the internal auditor's responsibility for evaluating ethics-related activities? Correct Answer-Evaluate their design, implementation, and effectiveness. Which of the following control procedures provides the greatest assurance that all donations to a not-for-profit organization are immediately deposited in its account? a. Require that all donations be made by check. b. Perform periodic reviews of the organization's cash receipts by tracing deposits to the original posting in the cash receipts records.

c. Takes no vacations and has just accepted a promotion to vice president of finance. d. Takes no vacations and has refused promotion to vice president of finance. Correct Answer-d. Takes no vacations and has refused promotion to vice president of finance. Which of the following describes the chief audit executive's optimal reporting line to enhance the independence of the internal audit activity? a. Functional reporting to the audit committee. b. Functional and administrative reporting to the president of the organization. c. Administrative reporting to the chief financial officer. d. Administrative reporting to the board. Correct Answer-a. Functional reporting to the audit committee. Which of the following would not be an appropriate responsibility for an internal audit activity? a. Assessing management's performance against the achievement of the organization's mission. b. Undertaking research on factors impacting the organization's share price. c. Reviewing the implementation of organizational policies. d. Designing and implementing appropriate controls. Correct Answer-b. Undertaking research on factors impacting the organization's share price. A major reason for establishing an internal audit activity is to Correct Answer- Evaluate and improve the effectiveness of control processes. A formal document (charter) approved by the board that defines the internal audit activity's purpose, authority, and responsibility enhances its Correct Answer- Independence.

The elements of the ISO 31000 risk management process include all of the following except a. Risk treatment. b. Risk analysis. c. Risk appetite. d. Risk identification. Correct Answer-c. Risk appetite. A chief audit executive (CAE) suspects that several employees have used desktop computers for personal gain. In conducting an investigation, the primary reason that the CAE chose to engage a forensic information systems auditor rather than using the organization's information systems auditor is that a forensic information systems auditor would possess Correct Answer-Knowledge of what constitutes evidence acceptable in a court of law. An internal auditor has some suspicion of, but no information about, potential misstatement of financial statements. The internal auditor fails to exercise due professional care by Correct Answer-Not testing for possible misstatement because the engagement work program had already been approved by engagement management. The board is most likely to participate in approving Correct Answer-Appointment of the chief audit executive. Which of the following items is a violation by an internal auditor of The IIA's Code of Ethics? a. A control system that had been recommended by the internal audit staff during the previous engagement was found to be defective. The internal auditor reported the defective function as an engagement client failure.

b. Ability to organize and express thoughts well. c. Ability to fit well socially into a group. d. Grade point average on college accounting courses. Correct Answer-b. Ability to organize and express thoughts well. A flowchart of process activities and controls may provide Correct Answer- Information on where fraud could occur. An internal auditor assigned to audit a vendor's compliance with product quality standards is the brother of the vendor's controller. The auditor should Correct Answer-Notify the chief audit executive of the potential conflict of interest. Internal auditors regularly evaluate controls. Which of the following best describes the concept of control as recognized by internal auditors? a. Management takes action to enhance the likelihood that established goals and objectives will be achieved. b. Control represents specific procedures that accountants and internal auditors design to ensure the correctness of processing. c. Management regularly discharges personnel who do not perform up to expectations. d. Control procedures should be designed from the "bottom up" to ensure attention to detail. Correct Answer-a. Management takes action to enhance the likelihood that established goals and objectives will be achieved. During an engagement performed at a manufacturing division of a defense contractor, the internal auditor discovered that the organization apparently was inappropriately adding costs to a cost-plus governmental contract. The internal auditor discussed the matter with senior management, who suggested that the internal auditor seek an opinion from legal counsel. Upon review, legal counsel indicated that the practice was questionable but was not technically in violation of

the government contract. Based on legal counsel's decision, the internal auditor decided to omit any discussion of the practice in the final engagement communication sent to senior management and the board. However, the internal auditor did informally communicate legal counsel's decision to senior management. Did the internal auditor violate The IIA's Code of Ethics? Correct Answer-No. The internal auditor followed up the matter with appropriate personnel within the organization and reached a conclusion that no fraud was involved. The internal auditor is performing a CSR audit by stakeholder group. Which of the following represent a stakeholder group? I. Shareholders. II. Neighboring communities. III. Employees and their families. IV. The environment. Correct Answer-I, II, III, and IV. The organizational level to which the internal audit activity reports Correct Answer-Must be sufficient to permit the accomplishment of the activity's responsibilities. If an internal auditor is interviewing three individuals, one of whom is suspected of committing a fraud, which of the following is the least effective approach? a. Take the role of one seeking the truth. b. Listen carefully to what each interviewee has to say. c. Attempt to get the suspected individual to confess. d. Ask each individual to prepare a written statement explaining the individual's actions. Correct Answer-c. Attempt to get the suspected individual to confess. A chief audit executive has reviewed credentials, checked references, and interviewed a candidate for a staff position. The CAE concludes that the candidate has a thorough understanding of internal audit techniques, accounting, and finance.